In Unix, how do I change the permissions for a file?
You can change file permissions with the
In Unix, file permissions, which establish who may have
different types of access to a file, are specified by both access
classes and access types. Access classes are groups of users, and
each may be assigned specific access types. The access classes are
"user", "group", "other", and "all". These refer, respectively, to
the user who owns the file, a specific group
of users, the other remaining users who are not in the group, and all
three sets of users. Access types (read, write, and execute)
determine what may be done with the file by each access class.
There are two basic ways of using
chmod to change file
The first and probably easiest way is the relative (or symbolic)
method, which lets you specify access classes and types with single
letter abbreviations. A
chmod command with this form of
syntax consists of at least three parts from the following lists:
|Access Class||Operator||Access Type|
|u (user)||+ (add access)||r (read)|
|g (group)||- (remove access)||w (write)|
|o (other)||= (set exact access)||x (execute)|
|a (all: u, g, and o)|
For example, to add permission for everyone to read a file in the
current directory named
myfile, at the Unix prompt, you
chmod a+r myfile
a stands for "all", the
+ for "add", and the
r for "read".
myfileis located and its parent directories; that is, you must set the directory permissions separately.
If you omit the access class, it's assumed to be all, so you could also enter the previous example as:
chmod +r myfile
You can also specify multiple classes and types with a single command.
For example, to remove read and write permission for group and other
users (leaving only yourself with read and write permission) on a file
myfile, you would enter:
chmod go-rw myfile
You can also specify that different permissions be added and removed
in the same command. For example, to remove write permission and add
execute for all users on
myfile, you would enter:
chmod a-w+x myfile
In each of these examples, the access types that aren't specified are
unchanged. The previous command, for example, doesn't change any
existing settings specifying whether users besides yourself may have
r) access to
could also use the exact form to explicitly state that group and other
users' access is set only to read with the
chmod go=r myfile
chmod command also operates on directories. For
example, to remove write permission for other users on a subdirectory
mydir, you would enter:
chmod o-w mydir
To do the same for the current directory, you would enter:
Be careful when setting the permissions of directories, particularly
your home directory; you don't want to lock yourself out by removing
your own access. Also, you must have execute permission on a directory
to switch (
cd) to it.
The other way to use the
chmod command is the absolute
form. In this case, you specify a set of three numbers that together
determine all the access classes and types. Rather than being able to
change only particular attributes, you must specify the entire state
of the file's permissions.
The three numbers are specified in the order: user (or owner), group,
other. Each number is the sum of values that specify read (4), write
(2), and execute (1) access, with 0 (zero) meaning no access. For
example, if you wanted to give yourself read, write, and execute
myfile; give users in your group read and
execute permissions; and give others only execute permission, the
appropriate number would be calculated as (4+2+1)(4+0+1)(0+0+1) for
the three digits 751. You would then enter the command as:
chmod 751 myfile
As another example, to give only yourself read, write, and execute permission on the current directory, you would calculate the digits as (4+2+1)(0+0+0)(0+0+0) for the sequence 700, and enter the command:
If it seems clearer to you, you can also think of the three digit sequence as the sum of attributes you select from the following table:
|400||Read by owner|
|200||Write by owner|
|100||Execute by owner|
|040||Read by group|
|020||Write by group|
|010||Execute by group|
|004||Read by others|
|002||Write by others|
|001||Execute by others|
To create an access mode, sum all the accesses you wish to permit. For example, to give read privileges to all, and write and execute privileges to the owner only for a file, you would sum: 400+200+100+040+004 = 744. Then, at the Unix prompt, you would enter:
chmod 744 myfile.ext
Some other frequently used examples are:
anyone can do anything (read, write, or execute)
you can do anything; others can only read and execute
you can do anything; others can only execute
you can read and write; others can only read
For more information about
chmod, consult the manual
page. At the Unix prompt, enter:
At Indiana University, for personal or departmental Linux or Unix systems support, see At IU, how do I get support for Linux or Unix?
This is document abdb in the Knowledge Base.
Last modified on 2015-05-04.
- Fill out this form to submit your issue to the UITS Support Center.
- Please note that you must be affiliated with Indiana University to receive support.
- All fields are required.