{"id":139478,"date":"2022-04-01T12:51:32","date_gmt":"2022-04-01T16:51:32","guid":{"rendered":"http:\/\/www.bu.edu\/tech\/?page_id=139478"},"modified":"2022-04-01T12:52:56","modified_gmt":"2022-04-01T16:52:56","slug":"chmod","status":"publish","type":"page","link":"https:\/\/www.bu.edu\/tech\/support\/research\/system-usage\/using-file-system\/file-permissions\/chmod\/","title":{"rendered":"Change Mode (chmod) Command"},"content":{"rendered":"

The Linux command chmod<\/span><\/code> allows you to control exactly who is able to read, edit, or run your files. Chmod is <\/strong>an abbreviation for change mode<\/strong>; <\/strong>if you ever need to say it out loud, just pronounce it exactly as it looks: ch’-mod<\/em>.<\/p>\n

How does chmod work?<\/h3>\n

To use chmod, you need to know about access modes<\/em>. Each file on a Linux system has nine access modes (or settings) that determine exactly who can do what to the file. Chmod is the command that lets you change these settings.<\/p>\n

There are three classes of people:<\/strong><\/p>\n

\n
user (u)
\n<\/strong><\/dt>\n
the person who created the file<\/dd>\n
group (g)
\n<\/strong><\/dt>\n
people in a selected group<\/dd>\n
other (o)
\n<\/strong><\/dt>\n
everyone else on the system<\/dd>\n<\/dl>\n

For each class of people there are three classes of permissions:<\/strong><\/p>\n

\n
read (r)
\n<\/em><\/dt>\n
ability to see the contents of the file<\/dd>\n
write (w)
\n<\/em><\/dt>\n
ability to change the contents of the file<\/dd>\n
execute (x)
\n<\/em><\/dt>\n
ability to execute the contents of the file<\/dd>\n<\/dl>\n

Viewing file and directory permissions<\/strong><\/h3>\n

Use the Linux command, ‘ls -l<\/span><\/code>‘ (that is the letter l, not the number 1) to see a listing of files and their permissions.
\n<\/strong><\/p>\n

          % ls -l<\/strong>\r\n\r\n          total 161\r\n\r\n          -rw-r--r--  1 fred   49487 Jan 26 12:36 all\r\n\r\n          -rw-r--r--  1 fred    3235 Jan 26 16:46 cs320\r\n\r\n          -rw-------  1 fred      64 Jan 26 20:14 diary\r\n\r\n          %<\/pre>\n
How to interpret the permissions<\/strong>
\nHere is a sample directory listing, showing the permission fields and the people associated with each permission:<\/p>\n
          :<------------special flag to indicate type of file\r\n\r\n          :                  [d : directory, - : file]\r\n\r\n          : u<--------------three permissions for USER\r\n\r\n          :|||\r\n\r\n          :||| g<--------------three permissions for GROUP\r\n\r\n          :|||:::\r\n\r\n          :|||::: o<---------------three permissions for OTHER\r\n\r\n          :|||:::|||\r\n\r\n          drwxrwxrwx  2 fred         1024 Jan 26 12:26 stuff\r\n\r\n          -rw-------  2 fred         1024 Jan 26 12:26 more-stuff\r\n\r\n          -rwxr-xr-x  2 fred         1024 Jan 26 12:26 yet-more<\/pre>\n
A hyphen (-) indicates that the permission is disabled. An enabled permission is shown by the appropriate letter, ‘r’ ‘w’ or ‘x.’ In the example above, stuff<\/strong> is a directory (more on that below), the file more-stuff<\/strong> may be read<\/em> and changed<\/em> only by the owner (Fred), and the file yet-more<\/strong> may be read<\/em>, changed<\/em> and executed<\/em> by Fred, and read<\/em> and executed<\/em> by everyone else.<\/p>\n
Directory permissions<\/h4>\n
The permission fields for directories are interpreted a little differently than those for a file. The three fields (user<\/strong>, group<\/strong>, other<\/strong>) remain the same as those for a file but the three permissions mean:<\/p>\n
          r(ead):   can look for a file name in this directory\r\n\r\n          w(rite):  can create or delete files in this directory\r\n\r\n          x(ecute): can search into this directory<\/pre>\n
In other words, directory permissions protect files rather than the contents of files. For example, if someone only has execute<\/em> permission on a directory, he or she can<\/em> list or run a file in that directory but cannot<\/em> get a listing of all the files in that directory. For that they would have to know the exact names in advance.  <\/em><\/p>\n
It is necessary to have execute permission on a directory to change (chdir) to it.<\/em><\/p>\n
Controlling access with chmod<\/strong><\/h3>\n
In order to control the access users may have to your file or directory, use the ‘change mode’ program, chmod.<\/p>\n
The chmod command allows changing of permissions using the letters u, g, and o (user, group, and others) and r, w, and x (read, write, and execute). For example, to turn off others’ write permission you can issue the command:<\/p>\n
          chmod o-w filename<\/pre>\n
(you might translate “o-w” as “for others, take away write permission.”)<\/p>\n
To turn write permission back on you would say:<\/p>\n
          chmod o+w filename<\/pre>\n
(similarly, “for others, add write permission.”)<\/p>\n
You can group changes together with commas. For example, in order to make a file readable by the public but writable by your group, you might use the command:<\/p>\n
          chmod g+rw,o+r filename<\/pre>\n
To remove write permission from your group later on, you could issue the command:<\/p>\n
          chmod g-w filename<\/pre>\n
Another way to achieve the same result would be to use the command<\/p>\n
          chmod g=r filename<\/pre>\n
The = operator assigns the permission explicitly<\/em> so that all other settings for that category (owner, group, or others) will be reset. For example, g=r would remove all permission from the group except read<\/em>, and explicitly set read<\/em> if not set already.<\/p>\n
Some tips on permissions and privacy:<\/strong><\/p>\n