Command-line Basics: File Permissions


By design, the file system of most operating systems has a layer of security tied to the files and directories. This security allows multiple users to function on a system without being able to access each others files and helps keep you safe by making you explicitly set a file as being an executable. On Unix-like operating systems such as Linux and macOS, these settings are controlled by the chmod command.

Getting started

The chmod command, which is short for “change file mode bits” is standard issue on modern Unix-like operating systems as it’s part of the GNU coreutils package.

Since chmod can lock you out of your files, I’d recommend ensuring that you have super user privileges on your system, at least for some of the more advanced examples.

As long as you have superuser access via su or sudo, you should be able to undo any damage.

Let’s create a file that we’ll use in the following examples:

$ echo '#!/bin/env bash\necho " Rocks!"' > /tmp/

Restricting access

The chmod command works by allowing you set values for the user that owns the file, the group the file belongs to, and everybody. There are three permissions for each; read, write, and execute which are represented by the following numbers:

  • 4 - Read permission
  • 2 - Write permission
  • 1 - Execute permission

For directories, “execute” means “can enter the directory”.

These values can be also be combined by summing the aforementioned values:

  • 7 - Read, write, and execute permissions
  • 6 - Read and write permissions
  • 5 - Read and execute permissions
  • 3 - Write and execute permissions
  • 0 - No permissions

The default permission value for files is 644 (read and write for everybody) and 755 for directories (read, write, and can execute / enter the directory).

If we were to ls the script we created earlier, we can see the textual representation of this:

$ ls -l /tmp/
-rw-r--r-- 1 josh josh 43 Aug 15 18:29 /tmp/

This says that my user, josh, can read and write the file. Anybody in the group josh can also read the file. Everybody else? They can read the file, too.

If we wanted to make sure only our user could read and write the file, we can set 0 for the group and “other” bit:

$ chmod 600 /tmp/

$ ls -l /tmp/
-rw------- 1 josh josh 43 Aug 15 18:29 /tmp/

If we changed 600 to 660, everybody in the josh group could read and write the file and for 666, everybody could read and write the file.

Generally speaking, if you are the only user on your system, the first value in the octal is the one that truly matters to you.

Making files executable

The script we created earlier does contain executable code, but if we were to try to run it, we’d receive a permission denied error:

$ /tmp/
zsh: permission denied: /tmp/

We could use the aforementioned numeric system, and chmod the file to the proper bits to include the existing permissions as well as the executable value for our user. That means, we’d have to be mindful of what the existing permissions were and do some grade school math to come up with the new value.

Or, we could simply add to the existing permissions using the addition sign and the additional permissions we’d like to set:

$ chmod +100 /tmp/

$ ls -l /tmp/
-rwx------ 1 josh josh 43 Aug 15 18:29 /tmp/

The inverse also works to remove permissions:

$ chmod -100 /tmp/

$ ls -l /tmp/
-rw------- 1 josh josh 43 Aug 15 18:29 /tmp/

And if you’d prefer to not have to remember the numerical representations, we can use the textual representations as follows:

  • u - User
  • g - Group
  • o - Others
  • a - All of the above

  • r - Read permission
  • w - Write permission
  • x - Execute permission

Now we can add and remove permissions with a less cryptic permissions syntax:

# Gives the user executable permission
$ chmod u+x /tmp/

# Gives the group executable permission
$ chmod g+x /tmp/

# Takes away the user and group executable permission
$ chmod u-x,g-x /tmp/

# Gives everybody executable permission (pick one!)
$ chmod u+x,g+x,o+x /tmp/
$ chmod a+x /tmp/
$ chmod +x /tmp/

Now that we’re done toggling permission bits, and assuming you left the script with the executable permission, the script should execute just fine:

$ /tmp/ Rocks!


This article is really just the tip of the iceberg in regard to changing file permissions. There’s things like sticky bits and deletion flags and a whole world of advantage chmod usage waiting for you on the man page:

$ man chmod
  Tweet It

🕵 Search Results

🔎 Searching...