RHCE Study Guide

This tutorial explains how to set and manage file permission and attributes with chmod command in Linux from both symbolic and octal methods.

Permission levels and types

Each file and directory has three permission levels (user, group and other) and three types of permission (read, write and execute) in each level. These levels and types define who can do what with a particular object (file or directory). Permission levels and types are always mapped in following sequence.

User (Read, Write, Execute), Group (Read, Write, Execute) and Other (Read, Write, Execute)

At shell prompt, symbols are used for permission levels and types instead of their full name. Following table explains relationship between permission levels and types with associated symbols.

linux permission level and type

If a hyphen sign is used in any type field then that level does not have that type of permission.

To view, what permission type is set in each permission level; the ls –l command is used.

ls -l command explained

Object User permission group permission other permission
test-dir read, write and execute read and execute read and execute
test-file read and write read read

To learn more about how to read linux file permission, see the first part of this tutorial.

This tutorial is the second part of our article “Learn how to manage file permission in Linux step by step with examples”. You can read other parts of this article here.

Linux File Permission Explained in Easy Language

This tutorial is the first part of this article. It explains how to read the Linux file permission step by step with examples.

How to change default umask permission in Linux

This tutorial is the third part of this article. It explains how to change the default umask permission temporary and permanently.

How to set Immutable Sticky bit in Linux

This tutorial is the last part of this article. It explains how to set immutable or sticky bit in Linux including how to set append attribute.

Chmod command explained

The chmod command is used to modify the permission types for files and directories. It works identically for both files and directories. It means same command is used to update the permission types for both files and directories.

Chmod command accepts arguments in two notations; symbolic and octal. In symbolic notation arguments are supplied in symbolic form while in octal notation arguments are supplied in octal form.

Chmod command symbolic notation

In symbolic notation following syntax is used.

#chmod [permission level] [+/-] [permission type] object

In above command: -

chmod: - This is the main command.

[permission level]: - The permission level (user, group or other) which we want to update.

[+/-] :- The plus (+)sign is used to add the permission while the minus (-)sign is used to remove the permission.

[permission type]: - The permission type (read, write or execute ) which we want to update.

object: - The object which permission type we want to update.

Chmod command practical example

Create a test file named test-file and note down its default permission. Now run following commands to see how chmod command changes permission type in supplied level (as first argument).

Command Description
chmod u+x test-file Add execute permission for user on test-file
chmod g+wx test-file Add write and execute permission for group on test-file
chmod o+wx test-file Add write and execute permission for other on test-file
chmod o-rwx test-file Remove read, write and execute permission for other on test-file
chmod g-rwx test-file Remove read, write and execute permission for group on test-file
chmod o-rwx test-file Remove read, write and execute permission for user on test-file

To verify the effect, use ls –l command after of each command.

Following figure illustrates above commands.

chmod command

To specify the multiple combinations of permission levels and types, use comma (,) to separate each combination from other. For example, following command uses two combinations; first adds write permission for group while second removes execute permission for other.

 #chmod w+g,x-o test-file

Let’s take one more example. Add read, write and execute permission for user, read and write permission for group and execute permission for other.

chmod command linux example

If permission level is omitted, permission type will be changed for all three levels. For example, in following command read permission will be added for all three levels; user, group and other.

#chmod +r test-file

Above command should not be used to update the permission types on all levels. If we want to update the same permission types on all three levels then we should use letter a (symbol of all) to represent all permission levels.

Following command shows the correct way to use above command.

#chmod a+r test-file

Let’s test both ways to update all permissions.

Linux chmod command example

As we can see in above output, when we omitted permission level, it did not work as excepted. It skipped write permission for group and other in both cases; add and remove.

But when we used letter a (which stands for user, group and other collectively) in permission level field, it worked as excepted. It updated all permission types correctly for all permission levels.

When we omit permission level, chmod command updates permission types on all levels excluding umask bits which have value except zero.

Before we understand this concept in more detail, let’s understand how chmod command works in octal notation.

Chmod command octal notation

In octal notation we use numbers instead of symbols for permission types. This notation assigns a unique number to each permission type.

Permission Type Symbolic Value Octal Value Permission on file Permission on directory
Read r 4 Can read the file Can list the directory
write w 2 Can write in file Can create new file or directory in directory.
Execute x 1 Can execute the file Can navigate through the directory
No permission - 0 Cannot do anything Cannot do anything

Unlike symbolic notation where three fields are available in each level, in octal notation there is only one field available in each level.

To update multiple permission types, we have to sum all octal values.

Symbolic notation Octal notation Permission Type
r 4 Read permission
w 2 Write permission
x 1 Execute permission
rw 6 (4+2) Read and write permission
rwx 7 (4+2+1) Read, write and execute permission
r-x 5 (4+0+1) Read and execute permission
r-- 4 (4+0+0) Read permission
-wx 3 (0+2+1) Write and execute permission
--- 0 (0+0+0) No permission

Let’s take some examples to understand octal notation in detail.

chmod command octal notation

Unlike symbolic notation, octal notation does not have any symbol or value for permission levels. For permission level, it depends on the standard sequence; user, group and other. If we omit the any permission level, it will update permission levels in reverse order while assuming 0 in omitted filed.

Command which you type Command which shell runs Description
chmod 0 test-file chmod 000 test-file remove all permissions from all levels
chmod 7 test-file chmod 007 test-file remove all permissions from user and group and add read, write and execute (4+2+1 = 7) permission for others
chmod 57 test-file chmod 057 test-file remove all permission form user and add read and execute permission for group and read, write and execute permission for other
chmod 457 test-file chmod 457 test-file add read permission for user, read and write permission for group and read, write and execute permission for other

chmod-octal-notation-example

In symbolic notation we skipped following topic.

If we omit permission levels, permission types will be updated for all levels excluding umask bits which have value except zero.

Let’s understand this topic in detail now.

When we create a file or directory first time, shell automatically assigns default permission to it based on umask permission. The umask permission is a reference permission that is used to calculate the default permission.

Next part of this tutorial explains umask permission in detail with examples. This part only explains how (on) umask bits affect the chmod command if we omit the permission level in symbolic notation.

To view umask permission, following command is used.

umask command

In umask permission first bit has no meaning. After excluding it next three bits represent permission types for user, group and other respectively. We only need to look for a value (other than zero) in second, third and fourth field.

Let’s take an example to understand this more clearly.

Suppose user root updates the permission types of file named new-file with symbolic notation without specifying permission levels, now understand how this will be processed.

Default umask file permission for root user is 0022.

Umask bit 0 0 2 2
permission level - user group other

In above permission, only group and other have value other than zero. Both group and other have value 2 which represent write permission in octal notation. So if root user omits permission levels, permission type will be updated for all levels excluding write permission for group and other.

Following figure explains this example as shell prompt.

chmod command example

If we just want to know the final permissions or permission which will be excluded if we skip the permission level in symbolic notation, we can use –S option with umask command.

umask -s command

Key points
  • Each file and directory in Linux has three permission levels; user, group and other. Each permission level has three types of permission; read, write and execute.
  • Permission levels and permission types are always mapped in same sequence; user (read, write and execute), group (read, write and execute) and other (read, write and execute).
  • Chmod command is used to change the permission types for any object.
  • Chmod command supports two types of notations; symbolic and octal.
  • In symbolic notation symbols are used for permission levels (u for user, g for group and o for other) and permission types (r for read, w for write and x for execute).
  • In octal notation numbers are used for permission types (4 for read, 2 for write and 1 for execute). Octal notation does not use any symbol or number for permission levels. For permission levels it depends on standard sequence (user, group and other).
  • If we omit permission level in symbolic notation, permission type will be updated on all levels except the umask bits which have value other than zero.
  • To update same permission type in all levels, symbol a (stands for all) is used in symbolic notation.
  • If we skip permission level in octal notation, shell will automatically append value zero in missing permission level field before processing it.

That’s all for this part. In next part of this article, we will understand umask permission in detail with example.