UNIX commands — Changing permissions

Overview

This article shows how to change file or directory permissions using SSH or FTP. For an overview of permissions, view the following article:

Changing permissions via SSH

If you're logged into your server via SSH, you can change permissions by running the chmod command. There are two ways to set permissions using chmod.

  • Numeric Mode
  • Named Mode

Numeric Mode is easier to understand as you just need to add up the values.

Numeric Mode

Using the numeric mode, you can assign numbers to each permission. For example:

4 = r (read)
2 = w (write)
1 = x (execute)

Then, you would add all three together for each owner to get the full value. The following table illustrates the different permissions each owner could possibly have.

7 read, write, and execute ("rwx") 4 + 2 + 1 = 7
6 read and write ("rw-") 4 + 2 = 6
5 read and execute ("r-x") 4 + 0 + 1 = 5
4 read only ("r--") 4 + 0 + 0 = 4
3 write and execute (rare) ("-wx") 0 + 2 + 1 = 3
2 write only (rare) ("-w-") 0 + 2 + 0 = 2
1 execute only (rare) ("--x") 0 + 0 + 1 = 1
0 no permissions ("---") 0 + 0 + 0 = 0

Remember, there are three sets of owners of a file or directory:

  • User
  • Group
  • Public

All three have their own permissions. Thus, all three must now be added together to get the full value.

Examples

Command Permissions
[server]$ chmod 600 file.txt

-rw-------

  • Only the User has read and write permissions.
[server]$ chmod 700 dir

drwx------

  • Only the Owner has read, write and execute permissions
[server]$ chmod 755 file.txt

-rwx-wx-wx

  • The User has read, write and execute permissions.
  • The Group only has write and execute permissions.
  • All others have write and execute permissions.
[server]$ chmod 644 file.txt

-rw-r--r--

  • The User has read and write permissions.
  • The Group has read permissions.
  • Others have read permissions.
[server]$ chmod 664 file.txt

-rw-rw-r--

  • The User has read and write permissions.
  • The Group has read and write permissions.
  • Others have only read permissions.

While the above commands regarding chmod are useful, it can be understandable if a user doesn’t want to have to log in via SSH just to change permissions on a file. Fortunately, many FTP clients such as FileZilla have the ability to change permissions directly within the client.

Named Mode

There are two sets of permissions to assign when using 'Named Mode', which are 'who' and 'what' permissions. For example:

who permissions

u change the user bits
g change the group bits
o change the other bits
a change the bits for everybody

what permissions

r grant read access
w grant write access
x grant execute access
s set the sticky bit

Using ("+") and ("-") with the information above, you’d combine permissions from the 'who' and 'what' groups to assign the exact permissions you desire.

Examples

The format to use chmod in the following commands is:

[server]$ chmod "groups"+"access" file.example

Allows everybody to read file.txt. In the following example, 'a' is the bit for 'everybody' and the 'r' (read) permission is added:

[server]$ chmod a+r file.txt

Strips everybody of all permissions, except for the owner who retains any former permissions. In the following example, 'g' is group bit, 'o' is the 'other users' bit and the ("-") sign is removing all permissions (rwx):

[server]$ chmod go-rwx file.txt

The file named script.cgi is now executable by the user and group. In the following example, 'u' is the user bit, 'g' is the 'group' bit, and the 'x' permission is added to both:

[server]$ chmod ug+x script.cgi

All files created in the directory somedir are owned by the group that owns somedir. In the following example, 'g' is the group bit and the 's' flag is added to it:

[server]$ chmod g+s somedir

Special permissions

Special permissions can be added which allow you the special ability to automatically change users or group, or to specify a directory as a "temporary" directory.

The 's' flag

An 's' can be added to the owner or group 'read' permission. This indicates the setuid/setgid permission.

  • If set on the group read permission, it sets the setgid bit. This means that any user who changes into that directory suddenly performs all actions as if the owners group was their default group. This can be helpful if you want all files in that directory to be created/owned by that owner group.
  • If set on the owners read permission, it sets the setuid bit. This is not usually a good idea, so don't do it unless you really know what you're doing.

The 't' flag

The t flag is basically the same thing as the "s" flag for a user or group, but is used when applied to all others. Here, the meaning is a little different. It means that anyone can create a file in the directory, but only the owner is allowed to remove the file, regardless of permissions set. This is the "temporary" directory permission and should also be avoided unless you really know what you're doing.

Changing permissions in an FTP client

If you right click on a file in an FTP client, you can view it's permissions. For example:

As discussed above, this format uses the Numeric Mode to set permissions. You just need to add up the values to change them.

This example uses Filezilla. You can either click the checkboxes, or type in the Numeric value of the permissions you need to change.

See also

Did this article answer your questions?

Article last updated PST.