Ubuntu chmod Command: A Comprehensive Guide to Modifying File Permissions

I. Basics of File Permissions: What Are Permissions?¶

In Ubuntu (a Linux system), every file and directory has a set of permission rules that control who can do what with it. Simply put, permissions act like “keys” that determine which operations (read, write, execute) different users (owner, group, others) can perform on files/directories.

• Three Core Roles:
• Owner (User, u for short): The user who created the file; they have default highest permissions.
• Group (g for short): The user group the file belongs to; members of the group share these permissions.

• Others (o for short): Any other user on the system besides the owner and group.

• Three Permission Types:

• Read (r): Can view file content (for directories, “list directory contents”).
• Write (w): Can modify file content or directory structure (e.g., create/delete files).
• Execute (x): File is runnable (for directories, “enter the directory”).

For example: Think of a file as a “room.”
- The owner (u) is the “homeowner”—can unlock (r), renovate (w), and turn on the lights (x).
- The group (g) is “roommate”—can turn on the lights (r) and tidy up (w) slightly.
- Others (o) are “visitors”—can only peek through the door (r), not enter.

II. The chmod Command: Tool for Modifying Permissions¶

chmod (short for “change mode”) modifies file/directory permissions. It has two common syntaxes: symbolic notation and numeric notation. Beginners are recommended to start with symbolic notation for its flexibility and clarity.

2.1 Symbolic Notation: Using “Role + Operation + Permission”¶

Syntax: chmod [user_role][operation][permission] target_file/directory
- User Role: u (owner), g (group), o (others), a (all users).
- Operation: + (add permission), - (remove permission), = (set permission, overriding existing ones).
- Permission: r (read), w (write), x (execute).

Common Examples:
1. Add execute permission to the owner of test.txt

   chmod u+x test.txt

Explanation: u+x = Owner (u) + Execute permission (x). After execution, the owner can run the file (e.g., a script).

2. Remove write permission from group members of directory docs

   chmod g-w docs

Explanation: g-w = Group (g) − Write permission (w). Group users can no longer modify files inside docs.

3. Set read-only permission for all users

   chmod a=r filename

Explanation: a=r = All users (a) = Read-only (r). Everyone can only read, not modify or execute.

4. Add execute permission to owner and group of myfile.sh

   chmod u+x,g+x myfile.sh

Explanation: Add execute permission to both owner (u) and group (g). Separate multiple targets with commas.

2.2 Numeric Notation: Using “Three-Digit Numbers” for Direct Permission Setting¶

Syntax: chmod [u_permission][g_permission][o_permission] target_file/directory
- Three-Digit Meaning:
- First digit (u): Sum of permissions for the owner (0-7).
- Second digit (g): Sum of permissions for the group (0-7).
- Third digit (o): Sum of permissions for others (0-7).
- Permission-to-Number Mapping: r=4, w=2, x=1 (cumulative). For example:
- rwx = 4+2+1 = 7
- r-x = 4+0+1 = 5
- rw- = 4+2+0 = 6
- –x = 0+0+1 = 1
- — = 0+0+0 = 0

Common Examples:
1. Set “owner: read/write/execute, group/others: read-only” for script.sh

   chmod 754 script.sh

Explanation:
- First digit 7 (4+2+1) = rwx (owner has full access).
- Second digit 5 (4+1) = r-x (group has read+execute).
- Third digit 4 (4) = r– (others have read-only).

2. Set “owner: full access, group/others: no access” for directory data

   chmod 700 data

Explanation:
- First digit 7 = rwx (owner can read, write, execute).
- Second digit 0 = — (group has no access).
- Third digit 0 = — (others have no access).

3. Set “all users: read-only” for file config

   chmod 444 config

Explanation: All three digits are 4 (r), so everyone can only read, not modify or execute.

III. Special Notes on Modifying Directory Permissions¶

Directory permissions differ from files—pay special attention:
- Directory “Execute (x)” Permission: Enables entering the directory (e.g., cd mydir requires mydir to have x permission).
- Directory “Write (w)” Permission: Enables creating/deleting files inside the directory (e.g., touch myfile requires the directory to have w permission).

Example:
To allow a user to enter and modify files in directory mydir, add:

chmod +wx mydir  # Owner+Group+Others? Recommended minimal permission: chmod 755 mydir

Explanation:
- +w: Allows creating/deleting files inside the directory.
- +x: Allows entering the directory (cd mydir).
- +r: Allows listing directory contents (ls mydir).

IV. Precautions and Common Issues¶

1. Principle of Least Privilege: Assign only necessary permissions to necessary users. Avoid 777 (full access for all users, high risk).

   # Safe example: Script file is modifiable only by owner, readable/executable by group/others
   chmod 755 script.sh  # 7 (rwx), 5 (r-x), 5 (r-x)

2. Operation Failure Due to Insufficient Directory Permissions:
   If you get “Permission denied,” it may be due to missing x (can’t enter) or r (can’t view contents) permissions. Fix with:

   chmod +rx mydir  # Add read+execute to the directory

3. Distinguish “Execute” for Files vs. Directories:
   - File x: Run the file (e.g., ./a.sh).
   - Directory x: Enter the directory (e.g., cd mydir).

V. Summary¶

chmod is a core tool for Linux permission management. Use symbolic notation (flexible adjustments) and numeric notation (quick batch settings) to modify file/directory permissions easily. Remember: “Permissions should be just enough” to prioritize system security.

Now, try modifying permissions for a test file in the terminal:

# Create a test file
touch test.txt
# Add write permission for owner, read for group/others
chmod u+w,g+r,o+r test.txt
# View permissions (ll command)
ll test.txt

You’ll see output like -rw-r--r--, meaning the owner has read/write access, while group/others have only read access. Perfect!