Change permissions for a file in Unix

You can change file permissions with the chmod command. In Unix, file permissions, which establish who may have different types of access to a file, are specified by both access classes and access types. Access classes are groups of users, and each may be assigned specific access types. The access classes are "user", "group", "other", and "all". These refer, respectively, to the user who owns the file, a specific group of users, the other remaining users who are not in the group, and all three sets of users. Access types (read, write, and execute) determine what may be done with the file by each access class.

There are two basic ways of using chmod to change file permissions:

  • Symbolic method:

    The first and probably easiest way is the relative (or symbolic) method, which lets you specify access classes and types with single letter abbreviations. A chmod command with this form of syntax consists of at least three parts from the following lists:

    Access Class Operator Access Type
    u (user) + (add access) r (read)
    g (group) - (remove access) w (write)
    o (other) = (set exact access) x (execute)
    a (all: u, g, and o)

    For example, to add permission for everyone to read a file in the current directory named myfile, at the Unix prompt, enter:

    chmod a+r myfile

    The a stands for "all", the + for "add", and the r for "read".

    This assumes that everyone already has access to the directory where myfile is located and its parent directories; that is, you must set the directory permissions separately.

    If you omit the access class, it's assumed to be all, so you could also enter the previous example as:

     chmod +r myfile

    You can also specify multiple classes and types with a single command. For example, to remove read and write permission for group and other users (leaving only yourself with read and write permission) on a file named myfile, you would enter:

     chmod go-rw myfile

    You can also specify that different permissions be added and removed in the same command. For example, to remove write permission and add execute for all users on myfile, you would enter:

     chmod a-w+x myfile

    In each of these examples, the access types that aren't specified are unchanged. The previous command, for example, doesn't change any existing settings specifying whether users besides yourself may have read (r) access to myfile. You could also use the exact form to explicitly state that group and other users' access is set only to read with the = operator:

    chmod go=r myfile

    The chmod command also operates on directories. For example, to remove write permission for other users on a subdirectory named mydir, you would enter:

    chmod o-w mydir

    To do the same for the current directory, you would enter:

    chmod o-w 

    Be careful when setting the permissions of directories, particularly your home directory; you don't want to lock yourself out by removing your own access. Also, you must have execute permission on a directory to switch (cd) to it.

  • Absolute form

    The other way to use the chmod command is the absolute form. In this case, you specify a set of three numbers that together determine all the access classes and types. Rather than being able to change only particular attributes, you must specify the entire state of the file's permissions.

    The three numbers are specified in the order: user (or owner), group, other. Each number is the sum of values that specify read (4), write (2), and execute (1) access, with 0 (zero) meaning no access. For example, if you wanted to give yourself read, write, and execute permissions on myfile; give users in your group read and execute permissions; and give others only execute permission, the appropriate number would be calculated as (4+2+1)(4+0+1)(0+0+1) for the three digits 751. You would then enter the command as:

    chmod 751 myfile

    As another example, to give only yourself read, write, and execute permission on the current directory, you would calculate the digits as (4+2+1)(0+0+0)(0+0+0) for the sequence 700, and enter the command:

    chmod 700 

    If it seems clearer to you, you can also think of the three digit sequence as the sum of attributes you select from the following table:

    400 Read by owner
    200 Write by owner
    100 Execute by owner
    040 Read by group
    020 Write by group
    010 Execute by group
    004 Read by others
    002 Write by others
    001 Execute by others

    To create an access mode, sum all the accesses you wish to permit. For example, to give read privileges to all, and write and execute privileges to the owner only for a file, you would sum: 400+200+100+040+004 = 744. Then, at the Unix prompt, you would enter:

     chmod 744 myfile.ext

    Some other frequently used examples are:

    anyone can do anything (read, write, or execute)
    you can do anything; others can only read and execute
    you can do anything; others can only execute
    you can read and write; others can only read


For more about chmod, consult the manual page. At the Unix prompt, enter:

 man chmod

At Indiana University, for personal or departmental Linux or Unix systems support, see Get help for Linux or Unix at IU.

This is document abdb in the Knowledge Base.
Last modified on 2019-01-10 09:50:15.

Contact us

For help or to comment, email the UITS Support Center.