Intermediate

Bash

July 10, 2025

luc

Chmod Command Linux: Complete File Permissions Tutorial

Categories: Command Line System Admin

Tags: #chmod #find

Reading Progress 0%

Description

How to Use Linux Chmod Command for File Permissions?

Quick Answer: Use chmod 755 filename to set read/write/execute for owner and read/execute for group/others, or chmod u+x filename to add execute permission for owner. Chmod controls file and directory access permissions in Linux.

Frequently Asked Questions

Q: What does chmod 755 mean in Linux? A: chmod 755 sets permissions to rwxr-xr-x: full access for owner (read/write/execute), read/execute only for group and others. It’s the standard permission for executable files.

Q: How do I make a file executable in Linux? A: Use chmod +x filename to add execute permission for all users, or chmod u+x filename to add execute permission only for the file owner.

Q: What’s the difference between chmod 644 and 755? A: chmod 644 (rw-r–r–) gives read/write to owner, read-only to others – used for data files. chmod 755 (rwxr-xr-x) adds execute permission – used for scripts and programs.

Q: How do I remove all permissions from a file? A: Use chmod 000 filename to remove all permissions, or chmod -rwx filename to remove read, write, and execute permissions for all users.

Q: What does chmod -R do? A: The -R flag applies chmod recursively to directories and all their contents. Example: chmod -R 755 /var/www sets permissions for the directory and all files/subdirectories inside.

Essential Steps to Use Chmod Command

Check current permissions: Use ls -l filename to see current permission settings before making changes
Choose permission method: Use octal numbers (755) for speed or symbolic notation (u+x) for precision
Set basic file permissions: Use chmod 644 for data files and chmod 755 for executable files
Test permissions: Verify changes work by attempting the intended file operations
Apply to directories: Use chmod -R 755 directory/ to set permissions recursively for web directories
Secure sensitive files: Use chmod 600 for private keys and confidential files (owner access only)

Most Common Chmod Commands

Command	Permission	Use Case
`chmod 755 script.sh`	rwxr-xr-x	Executable files, scripts
`chmod 644 document.txt`	rw-r–r–	Data files, documents
`chmod 600 private.key`	rw——-	Private keys, sensitive files
`chmod +x filename`	Add execute	Make any file executable
`chmod -R 755 /var/www`	Recursive	Set directory permissions

Understanding Linux File Permissions

Permission Structure

Linux file permissions use a 3-digit octal system or symbolic notation:

# View current permissions
ls -l filename
# Output: -rw-r--r-- 1 user group 1024 Jan 1 12:00 filename
#         ^^^^^^^^^
#         Permission bits: owner|group|others

Octal Permission Numbers

# Each digit represents: owner, group, others
# Each position adds: 4(read) + 2(write) + 1(execute)

# Common combinations:
7 = 4+2+1 = rwx (read, write, execute)
6 = 4+2+0 = rw- (read, write)
5 = 4+0+1 = r-x (read, execute)
4 = 4+0+0 = r-- (read only)
0 = 0+0+0 = --- (no permissions)

Step-by-Step Permission Setting

1. Basic File Permissions

# Standard data file permissions
chmod 644 document.txt

# Standard executable permissions
chmod 755 script.sh

# Private file permissions
chmod 600 ~/.ssh/id_rsa

2. Symbolic Permission Changes

# Add execute permission for owner
chmod u+x filename

# Remove write permission for group and others
chmod go-w filename

# Set exact permissions using symbolic notation
chmod u=rwx,g=rx,o=r filename

3. Directory Permissions

# Standard directory permissions
chmod 755 /home/user/public

# Recursive permission setting
chmod -R 644 /var/www/html/*.html
chmod -R 755 /var/www/html/scripts/

Advanced Chmod Techniques

Conditional Permission Setting

# Set different permissions based on file type
find /var/www -type f -exec chmod 644 {} \;  # Files
find /var/www -type d -exec chmod 755 {} \;  # Directories

# Make all .sh files executable
chmod +x *.sh

Special Permission Bits

# SUID - Run as file owner
chmod 4755 /usr/bin/program

# SGID - Run as group owner
chmod 2755 /usr/bin/program

# Sticky bit - Prevent deletion by others
chmod 1777 /tmp/shared-directory

Bulk Permission Management

# Web server permissions
chmod 644 *.html *.css *.js
chmod 755 *.cgi *.sh *.php

# Secure configuration files
chmod 600 /etc/ssl/private/*
chmod 644 /etc/ssl/certs/*

Permission Reference Tables

Octal Permission Chart

Octal	Binary	Symbolic	Description
7	111	rwx	Read, write, execute
6	110	rw-	Read, write
5	101	r-x	Read, execute
4	100	r–	Read only
3	011	-wx	Write, execute
2	010	-w-	Write only
1	001	–x	Execute only
0	000	—	No permissions

Common Permission Combinations

Permission	Octal	Use Case
rwxr-xr-x	755	Executable files, directories
rw-r–r–	644	Data files, documents
rw——-	600	Private files, keys
rwxrwxrwx	777	Temporary/debugging (avoid)
r–r–r–	444	Read-only files

Step-by-Step Security Implementation

1. Web Server Security

# Secure web directory structure
chmod 755 /var/www/html                    # Directory accessible
chmod 644 /var/www/html/*.html             # Files readable
chmod 600 /var/www/html/config.php         # Config files private
chmod 755 /var/www/html/cgi-bin/*.cgi      # Scripts executable

2. SSH Key Security

# Secure SSH configuration
chmod 700 ~/.ssh                           # SSH directory private
chmod 600 ~/.ssh/id_rsa                    # Private key owner-only
chmod 644 ~/.ssh/id_rsa.pub               # Public key readable
chmod 600 ~/.ssh/authorized_keys           # Authorized keys secure

3. System File Security

# Secure system configurations
chmod 644 /etc/passwd                      # User database readable
chmod 600 /etc/shadow                      # Password hashes private
chmod 755 /etc/init.d/*                    # Init scripts executable
chmod 600 /etc/ssl/private/*               # SSL keys private

Symbolic Notation Reference

User Classes

u = User (owner)
g = Group
o = Others
a = All (user + group + others)

Operations

+ = Add permission
- = Remove permission
= = Set exact permission

Permissions

r = Read (4)
w = Write (2)
x = Execute (1)

Symbolic Examples

# Add execute for owner
chmod u+x script.sh

# Remove write for group and others
chmod go-w document.txt

# Set read-only for all
chmod a=r readonly.txt

# Multiple operations
chmod u+rwx,g+rx,o+r filename

Common Use Cases and Solutions

Making Scripts Executable

# Single script
chmod +x script.sh

# All scripts in directory
chmod +x *.sh

# Recursive for script directories
find /usr/local/bin -name "*.sh" -exec chmod +x {} \;

Securing Configuration Files

# Database configuration
chmod 600 /etc/mysql/my.cnf

# Web server configuration
chmod 644 /etc/apache2/apache2.conf

# Application secrets
chmod 600 /var/www/app/.env

Directory Permission Management

# Public directory (like web root)
chmod 755 /var/www/html

# User home directories
chmod 755 /home/username

# Shared directories with sticky bit
chmod 1777 /tmp/shared

Troubleshooting Permission Issues

Check Current Permissions

# Detailed file information
ls -l filename

# Octal permission display
stat -c "%a %n" filename

# Directory contents with permissions
ls -la /path/to/directory

Fix Common Permission Problems

# Fix "Permission denied" for scripts
chmod +x script.sh

# Fix web server 403 errors
chmod 755 /var/www/html
chmod 644 /var/www/html/index.html

# Fix SSH key permissions
chmod 600 ~/.ssh/id_rsa

Restore Default Permissions

# Reset home directory permissions
chmod 755 $HOME
chmod 644 $HOME/.*

# Reset web directory permissions
find /var/www/html -type d -exec chmod 755 {} \;
find /var/www/html -type f -exec chmod 644 {} \;

Security Best Practices

Essential Security Rules:

Never use 777 permissions except for temporary debugging
Apply principle of least privilege – minimum permissions needed
Use 600 for private keys and sensitive configuration files
Set 755 for directories that need to be browsable
Regularly audit permissions with find commands

Permission Auditing:

# Find files with dangerous permissions
find /var/www -type f -perm 777

# Find SUID/SGID files
find /usr -type f \( -perm -4000 -o -perm -2000 \)

# Find world-writable files
find /home -type f -perm -002

Related Linux Permission Commands

chown – Change file ownership (user and group)
chgrp – Change group ownership only
umask – Set default permissions for new files
ls -l – Display detailed file permissions
stat – Show detailed file information including permissions
getfacl/setfacl – Manage Access Control Lists (ACLs)
sudo – Execute commands with elevated privileges

Mastering the chmod command provides the foundation for Linux security, enabling precise control over file access while maintaining system integrity and preventing unauthorized access to sensitive data.

Detailed Explanation

🔍 Complete Command Analysis General Structure: find [PATH] [CONDITION1] [ACTION1] -o [CONDITION2] [ACTION2] Detailed Breakdown: 1. find /var/www Base command for recursive search /var/www = starting directory (typical location for websites) Recursively scans all files and directories within 2. -type f First condition: finds only files (not directories) f = regular files Excludes directories, symbolic links, device files, etc. 3. -exec chmod 644 {} \; First action: executes chmod 644 on each found file {} = placeholder that gets replaced with the current filename \; = terminates the exec command (backslash escapes the semicolon) 644 = rw-r--r-- (owner: read/write, others: read only) 4. -o Logical OR operator Means "OR" - if the first condition isn't true, try the second Connects the two conditional operations 5. -type d Second condition: finds only directories d = directory This time searches only for folders, not files 6. -exec chmod 755 {} \; Second action: executes chmod 755 on each found directory 755 = rwxr-xr-x (owner: full access, others: read/execute) 🔄 Step-by-Step Process 1. find starts from /var/www 2. For each element found: - IF it's a file (-type f) → execute chmod 644 - OR (-o) - IF it's a directory (-type d) → execute chmod 755 3. Continue recursively for all sub-elements 💡 Practical Example Suppose we have this structure: /var/www/ ├── index.html (file) ├── style.css (file) ├── images/ (directory) │ ├── logo.png (file) │ └── banner.jpg (file) ├── scripts/ (directory) │ └── main.js (file) └── uploads/ (directory) └── document.pdf (file) Command result: # Files receive 644 (rw-r--r--) chmod 644 /var/www/index.html chmod 644 /var/www/style.css chmod 644 /var/www/images/logo.png chmod 644 /var/www/images/banner.jpg chmod 644 /var/www/scripts/main.js chmod 644 /var/www/uploads/document.pdf # Directories receive 755 (rwxr-xr-x) chmod 755 /var/www/images chmod 755 /var/www/scripts chmod 755 /var/www/uploads 🎯 Why These Permissions? 644 for Files: Owner: can read and modify Group/Others: can only read Safe for web files (HTML, CSS, images) Not executable for security 755 for Directories: Owner: complete access (read/write/execute) Group/Others: can read and enter the directory Execute permission required to access directories Standard for public web directories 🔧 Variants and Improvements With exclusions: find /var/www -name "*.tmp" -prune -o -type f -exec chmod 644 {} \; -o -type d -exec chmod 755 {} \; With verification before execution: find /var/www -type f -exec chmod -c 644 {} \; -o -type d -exec chmod -c 755 {} \; # -c shows only files where permissions are actually changed With current permissions backup: # First save current permissions find /var/www -printf "%M %p\n" > permissions_backup.txt # Then apply new permissions find /var/www -type f -exec chmod 644 {} \; -o -type d -exec chmod 755 {} \; Version with xargs (more efficient for many files): find /var/www -type f -print0 | xargs -0 chmod 644 find /var/www -type d -print0 | xargs -0 chmod 755 ⚠️ Security Considerations ✅ Advantages: Standardizes permissions in one go Safe for web applications Efficient for large directory structures Prevents access problems ⚠️ Cautions: Test first on non-critical directories Always backup original permissions Exclude special files (e.g., .htaccess might need 600) Don't use on critical system directories 📝 Alternatives for Specific Cases For WordPress sites: # WordPress has specific needs find /var/www/wordpress -type f -exec chmod 644 {} \; find /var/www/wordpress -type d -exec chmod 755 {} \; chmod 600 /var/www/wordpress/wp-config.php # More restrictive config file For applications with executable scripts: # First set base permissions find /var/www -type f -exec chmod 644 {} \; -o -type d -exec chmod 755 {} \; # Then make necessary scripts executable find /var/www -name "*.sh" -exec chmod 755 {} \; find /var/www -name "*.cgi" -exec chmod 755 {} \; With ownership control: # Ensure web server owns the files chown -R www-data:www-data /var/www find /var/www -type f -exec chmod 644 {} \; -o -type d -exec chmod 755 {} \; 🚀 Automated Script #!/bin/bash # Script to standardize web permissions WEB_DIR="/var/www" BACKUP_FILE="permissions_$(date +%Y%m%d_%H%M%S).txt" echo "Backing up current permissions..." find "$WEB_DIR" -printf "%M %p\n" > "$BACKUP_FILE" echo "Applying new permissions..." find "$WEB_DIR" -type f -exec chmod 644 {} \; -o -type d -exec chmod 755 {} \; echo "Setting special permissions for config files..." find "$WEB_DIR" -name "wp-config.php" -exec chmod 600 {} \; find "$WEB_DIR" -name ".htaccess" -exec chmod 644 {} \; echo "Complete! Backup saved as: $BACKUP_FILE" 🔄 Real-World Use Cases Web Server Deployment: # Standard web deployment permissions find /var/www/html -type f -exec chmod 644 {} \; -o -type d -exec chmod 755 {} \; After File Upload/Transfer: # Fix permissions after uploading via FTP find /var/www/uploads -type f -exec chmod 644 {} \; -o -type d -exec chmod 755 {} \; Security Hardening: # Secure web application find /var/www -type f -exec chmod 644 {} \; -o -type d -exec chmod 755 {} \; find /var/www -name "*.conf" -exec chmod 600 {} \; find /var/www -name "*.ini" -exec chmod 600 {} \; 🎯 Performance Considerations For Large Directory Structures: # More efficient for thousands of files find /var/www -type f -print0 | xargs -0 -P 4 chmod 644 find /var/www -type d -print0 | xargs -0 -P 4 chmod 755 # -P 4 runs up to 4 processes in parallel With Progress Monitoring: # Show progress for large operations find /var/www -type f -exec chmod 644 {} \; -print | wc -l 🔒 Security Best Practices Before Running: Backup permissions: getfacl -R /var/www > permissions.acl Test on copy: Copy directory structure to test first Check special files: Identify files that need different permissions Verify ownership: Ensure correct user/group ownership After Running: Test application: Verify website/application works correctly Check logs: Monitor for permission-related errors Audit results: Use ls -la to verify permission changes Document changes: Record what was modified for future reference This command is a perfect example of how to combine the power of find with permission management for efficient batch operations! 🎯 🚀 Advanced Techniques Conditional Permission Setting: # Different permissions based on file extension find /var/www $ -name "*.php" -exec chmod 644 {} \; $ -o $ -name "*.sh" -exec chmod 755 {} \; $ Time-Based Permission Changes: # Only change files modified in last 7 days find /var/www -type f -mtime -7 -exec chmod 644 {} \; -o -type d -mtime -7 -exec chmod 755 {} \; Size-Based Filtering: # Skip large files (maybe log files that shouldn't be web accessible) find /var/www -type f -size -100M -exec chmod 644 {} \; -o -type d -exec chmod 755 {} \; This demonstrates the flexibility and power of combining Unix tools for system administration tasks! 💪