chmod isn’t just about making files executable; it’s the gatekeeper of your filesystem, controlling who can read, write, and execute what.
Let’s see it in action. Imagine you have a script, myscript.sh, that you want to run.
# Initially, the script might not be executable
ls -l myscript.sh
-rw-r--r-- 1 user group 123 Jan 1 10:00 myscript.sh
# Trying to execute it fails
./myscript.sh
bash: ./myscript.sh: Permission denied
# Make it executable for the owner
chmod u+x myscript.sh
# Now it works
ls -l myscript.sh
-rwxr--r-- 1 user group 123 Jan 1 10:00 myscript.sh
./myscript.sh
# (script output)
The ls -l command shows permissions in a 10-character string. The first character is the file type (- for a regular file). The next nine characters are three sets of three permissions: owner, group, and others. Each set is rwx (read, write, execute), or a hyphen if the permission is absent.
chmod uses two main ways to set these permissions: symbolic and octal.
Symbolic Mode:
This is more human-readable. You specify who (u for user/owner, g for group, o for others, a for all) and what action (+ to add, - to remove, = to set exactly) and which permissions (r, w, x).
chmod u+x myscript.sh: Adds execute permission for the owner.chmod go-w report.txt: Removes write permission for group and others.chmod a=r data.csv: Sets permissions to read-only for everyone, overwriting existing permissions.chmod ug+rw,o-rwx config.ini: Gives owner and group read/write, and removes all permissions for others.
Octal Mode:
This is a shorthand using numbers. Each permission has a value: r=4, w=2, x=1. You add these values for each category (owner, group, others).
rwx= 4 + 2 + 1 = 7rw-= 4 + 2 + 0 = 6r-x= 4 + 0 + 1 = 5r--= 4 + 0 + 0 = 4
So, chmod 755 myscript.sh is equivalent to chmod u=rwx,go=rx myscript.sh. It gives the owner read, write, and execute, and group/others read and execute.
Common octal values:
777:rwxrwxrwx- Anyone can do anything (rarely a good idea).755:rwxr-xr-x- Owner can do everything, others can read/execute (common for scripts and directories).644:rw-r--r--- Owner can read/write, others can only read (common for data files).600:rw-------- Only the owner can read/write (good for private files).
The core problem chmod solves is managing access control on a multi-user system. Without it, any user could modify or delete any file, leading to chaos. It allows you to define granular access policies for files and directories, ensuring data integrity and security. Directories have a slightly different interpretation of x: it means you can cd into the directory.
Let’s look at a directory.
# Create a directory
mkdir myproject
# Set permissions so only the owner can access it
chmod 700 myproject
# Try to list contents as another user (simulated)
# su - otheruser
# ls -l myproject
# ls: cannot open directory myproject: Permission denied
The x permission on a directory is crucial. If you don’t have x on a directory, you can’t cd into it, nor can you ls its contents, even if you have read permission on the files within it. This is because the system needs x on the parent directory to traverse into it and access file metadata.
Consider this scenario: you have a file private_data.txt with permissions 600 (rw-------), meaning only you can read or write it. However, your ~/ (home directory) has permissions 755 (rwxr-xr-x). If someone else tries to access private_data.txt, they will fail because even though they have x on ~/, they don’t have x on private_data.txt itself (which is correct), but they also can’t even see private_data.txt if the directory containing it doesn’t grant them traversal (x) permission. The permissions are layered.
The setgid and setuid bits, often set using chmod with octal values like 2755 or 4755, add another layer of control. setuid on an executable means it runs with the permissions of the file’s owner, not the user executing it. This is how commands like passwd can modify the /etc/shadow file (owned by root) even when run by a regular user. setgid on a directory means new files/directories created within it will inherit the group of the parent directory, not the primary group of the user creating them.
When dealing with chmod, remember that directories require execute permission (x) to be entered or listed, and that permissions are checked at every level of the path.
The next hurdle you’ll face is understanding how chown and chgrp interact with chmod to manage ownership and group assignments, which are fundamental to the permission model.