Home > File & Directory Management > chmod

chmod: Change File and Directory Permissions

The chmod command is used to change the access permissions (read, write, execute) of files and directories. The `-R` (recursive) option is particularly useful for batch permission changes across a specified directory and all its subfiles and subdirectories, making it very effective for large-scale permission configuration tasks.

Overview

chmod sets the read (r), write (w), and execute (x) permissions for user, group, and others on file system objects. The `-R` option recursively applies these permission changes to all sub-items in the specified path, enabling efficient management of permissions for complex directory structures.

Key Features

  • Change file and directory access permissions
  • Supports octal (numeric) and symbolic modes
  • Recursive permission changes (`-R` option)
  • Core tool for security and system administration

Key Options

The chmod command controls how permissions are changed through various options. The `-R` option is essential for applying changes to sub-items.

Recursive Option

Permission Modes (Arguments)

Other Options

Generated command:

Try combining the commands.

Description:

`chmod` Executes the command.

Combine the above options to virtually execute commands with AI.

Usage Examples

chmod -R is primarily used for efficiently managing permissions across an entire directory structure.

Apply 755 Permissions to Directory and Subfiles

chmod -R 755 /var/www/html

Used for web server document roots, granting all permissions to the owner and only read and execute permissions to the group and others.

Add Write Permission for Owner to Directory and Subfiles

chmod -R u+w /home/user/data

Adds write permission for the owner while preserving existing permissions.

Recursively Grant Execute Permission to Directories and Read Permission to Files

chmod -R a+rX /srv/app/public

Uppercase 'X' grants execute permission to directories and only to files that already have execute permission. This is useful for web content where directory traversal should be allowed, but unnecessary file execution should be prevented.

Remove Group and Other Write Permissions for All Subfiles and Directories

chmod -R go-w /path/to/sensitive_data

Enhances security by removing write permissions for group and others in directories containing sensitive data.

Tips & Precautions

Using chmod -R requires special care as it can affect system security and stability.

Precautions

  • **Use with Caution**: The `-R` option applies changes broadly. Incorrect permission settings can lead to security vulnerabilities or service disruptions. It is always recommended to back up or test in a staging environment before making changes.
  • **Leverage 'X' Permission**: Using uppercase 'X' (e.g., `chmod -R a+rX /path`) grants execute permission to directories and only to files that already have execute permission. This is useful for web server content where directory traversal should be allowed, but unnecessary file execution should be prevented.
  • **Combine with `find`**: For more granular control, such as changing permissions only for files with specific extensions, it is safer and more effective to combine `find` with the `exec` option. Example: `find /path -type f -name '*.sh' -exec chmod 700 {} \;`
  • **Principle of Least Privilege**: Grant only the minimum necessary permissions. For instance, granting full permissions like `777` is a significant security risk.

Permission Mode Summary

The meaning and octal value of each permission.

  • Read (r): Read file contents, list directory contents (Octal value: 4)
  • Write (w): Modify file contents, create/delete files in a directory (Octal value: 2)
  • Execute (x): Execute a file, enter a directory (Octal value: 1)

Same category commands

basename

basename: Extract Filename from Path

basename-u

basename-u: Extracting Filenames (basename command)

basename-w

basename-w: Extract Filename from Path (Virtual)

cd

cd Command Guide: Basics of Directory Navigation

chattr

chattr: Change File Attributes