chmod Command in Linux — File Permissions with Examples

The chmod command changes file and directory permissions in Linux — controlling who can read, write, or execute a file. Every system administrator relies on it daily to secure access, restrict sensitive files, and make scripts executable.

What You’ll Learn

By the end of this tutorial, you’ll be able to set permissions using symbolic and octal modes, apply changes recursively, use setuid/setgid/sticky bit, and troubleshoot permission errors with confidence.

Why chmod Matters

File permissions are Linux’s primary security mechanism. A single misconfigured permission — like a world-writable SSH key — can compromise an entire server. DodaZIP uses strict permission policies for its compression archives, and Durga Antivirus Pro relies on correct executable permissions for its scanning binaries.

Learning Path

    flowchart LR
  A[Linux Basics] --> B[Essential Commands]
  B --> C[chmod Command<br/>You are here]
  C --> D[File Permissions Advanced]
  C --> E[User Management]
  style C fill:#f90,color:#fff
  

Syntax Overview

chmod [options] mode file(s)

The mode can be specified in two ways:

• Symbolic mode: u+x, g-w, o=r, a+rx
• Octal mode: 755, 644, 700

Options Table

Permission Reference

r (4) — read       w (2) — write      x (1) — execute

Each permission set has three positions: owner, group, others.

Examples

Example 1: Octal Mode — 755 (Common for Directories)

$ chmod 755 /home/user/scripts
$ ls -ld /home/user/scripts
drwxr-xr-x 2 user user 4096 Jun 20 10:00 scripts

Owner gets rwx (7), group gets r-x (5), others get r-x (5).

Example 2: Octal Mode — 644 (Common for Files)

$ chmod 644 README.md
$ ls -l README.md
-rw-r--r-- 1 user user 1024 Jun 20 10:00 README.md

Owner can read+write, group and others can only read.

Example 3: Symbolic Mode — Add Execute for Owner

$ chmod u+x script.sh
$ ls -l script.sh
-rwxr--r-- 1 user user 512 Jun 20 10:00 script.sh

Example 4: Symbolic Mode — Remove Write for Group

$ chmod g-w report.txt
$ ls -l report.txt
-rw-r--r-- 1 user user 2048 Jun 20 10:00 report.txt

Example 5: Setuid Bit (u+s)

$ chmod u+s /usr/bin/special-app
$ ls -l /usr/bin/special-app
-rwsr-xr-x 1 root root 14392 Jun 20 10:00 special-app

The s in the owner execute position means the program runs with the owner’s privileges (root).

Example 6: Setgid Bit (g+s)

$ chmod g+s /shared/project
$ ls -ld /shared/project
drwxrwsr-x 2 root devteam 4096 Jun 20 10:00 project

New files created in this directory inherit the group (devteam), not the creator’s primary group.

Example 7: Sticky Bit (+t)

$ chmod +t /tmp/shared-write
$ ls -ld /tmp/shared-write
drwxrwxrwt 2 root root 4096 Jun 20 10:00 shared-write

The t in the others execute position means only file owners (or root) can delete their own files — critical for /tmp.

Example 8: Recursive with -R

$ chmod -R 755 /var/www/html
$ ls -ld /var/www/html
drwxr-xr-x 5 root root 4096 Jun 20 10:00 /var/www/html
$ ls -l /var/www/html/index.html
-rwxr-xr-x 1 root root 2048 Jun 20 10:00 index.html

All files and subdirectories get 755 permissions.

Example 9: Reference File (–reference)

$ chmod --reference=template.txt target.txt
$ ls -l template.txt target.txt
-rwx------ 1 user user 512 Jun 20 10:00 template.txt
-rwx------ 1 user user 512 Jun 20 10:00 target.txt

Copies permissions from template.txt — useful for batch standardization.

Example 10: Verbose Mode

$ chmod -v 600 secret.key
mode of 'secret.key' changed from 0644 (rw-r--r--) to 0600 (rw-------)

Common Use Cases

Common Errors

• Permission denied: The file is owned by a different user or doesn’t have the right group/others bits set.
• Operation not permitted: You need sudo or ownership to change permissions.
• chmod: changing permissions of ‘file’: Read-only file system: The filesystem is mounted read-only (check mount | grep ro).
• setuid ignored on scripts: Linux ignores setuid on interpreted scripts (shell, Python) for security reasons — use a compiled wrapper instead.
• sticky bit missing on /tmp: If /tmp lacks the sticky bit, any user can delete other users’ temp files — a security risk.

Practice Exercises

1. Basic octal: Create a file and set it to 600. Verify with ls -l.
2. Symbolic: Give execute permission to owner and group, remove write from others.
3. Recursive: Create a nested directory and apply 755 to everything inside.
4. Setgid: Create a shared directory where new files inherit the group.
5. Sticky bit: Create a shared temp directory where only owners can delete files.

Challenge

Write a script that scans a directory, finds files with world-writable permissions (o+w), and removes the write bit — printing each changed file’s name. This is the same pattern Durga Antivirus Pro uses to harden file permissions during system scans.

#!/bin/bash
# Harden world-writable files — security best practice
dir="${1:-.}"
find "$dir" -type f -perm -o+w -exec chmod -v o-w {} \;

Real-World Task

You deploy a web application under /var/www/myapp. Set the directory permissions so:

• Owner (root) has full access (rwx)
• Group (www-data) can read and enter (r-x)
• Others have no access (—)
• All new files inherit the group

Solution: chmod -R 750 /var/www/myapp && chmod g+s /var/www/myapp

What is chmod?

chmod (change mode) is a Linux command that modifies the permission bits of files and directories using either symbolic (u/g/o/a + r/w/x) or octal (numeric) notation. It controls read, write, and execute access for the file owner, group, and others.

Related Tutorials

• Linux Administration Basics — foundational skills
• Essential Linux Commands — command-line fundamentals
• File Permissions Advanced — deep dive into ACLs and SELinux
• User Management — creating users and groups for permission control