Home > Linux > A Complete Guide To chmod: recursive, force, and More

A Complete Guide To chmod: recursive, force, and More

ServerMania offers a variety of Hybrid, Cloud, and Dedicated Linux servers which all make use of the chmod command. It’s a frequently used command, so it’s important that any system admin knows how to use it.

In this article, we’re going to cover; what is chmod, how is it used, and what things to avoid.

Our server experts are always available to chat about your server needs. Book a free consultation today!

What Is chmod?

The purpose of chmod – which stands for Change Mode – is to change access permissions for files and directories. It’s also able to modify special mode flags, such as sticky bit mode, SUID, and SGID. It’s been present in Linux and other Unix-like operating systems since the 70s, in AT&T’s Unix Version One, but in the time it’s been in use, a number of access_control_lists have been added to increase the flexibility of the command.

How Is chmod Used?

(Advice in this section is courtesy of Computer Hope).

The proper syntax for chmod, depending on how you want to use it, is as follows:

chmod [OPTION]… MODE[,MODE]… FILE…
chmod [OPTION]… OCTAL-MODE FILE…
chmod [OPTION]… –reference=RFILE FILE..

Options

In all cases, you start by defining which options you want to implement. The most common options include verbose (-v or –verbose; shows the items you’re processing), recursive (-R or –recursive; includes objects stored in subdirectories) and force (which ignores errors and continues applying chmod). In the event that a symbolic link is included, chmod includes the file or files specified in the link.

Additional chmod options include…

  • -c or –changes: Describes the action for each file whose permissions change.  
  • -f, –silent, or –quiet: Instructs chmod not to print out error messages.
  • –preserve-root: An option that can only be applied with –recursive; this prevents any attempts to recursively change the root directory.
  • –no-preserve-root: Ignores any preceding –preserve-root options. Again, only relevant when using –recursive.
  • -reference=ref_file: Changes the mode of each file so that it’s the the same as the reference file specified.

Modes

(The majority of the information in this section is provided courtesy of freebsd)

Absolute Modes

There are eight different file permission modes in Linux: read, write, and execute; read and write, read and execute, read only, write and execute, write only, execute, and none. With chmod, these modes are defined in an octal format, using 0 through 7. There are four digits in the command; the first digit is optional and used to define special flags while the second to fourth are used to set permissions for the file’s owner, the user group, and other users outside that group.

These octal values represent absolute modes, which are put together from the sum of one or more of the following:

4000: (setuid): Sets executable files to run with the effective uid of the file owner. Directories with this bit will force all files/subdirectories created in them to be owned by the directory owner.

2000: (setgid): This will run executable files with the effective group id of the file owner.

1000: (sticky bit): Used to indicate special treatment for directories. Read more about it here.

0400: Allows read exclusively by the file owner.

0200: Allows write exclusively by the file owner.

0100: Allows execution exclusively by the file owner.

0040: Allows read exclusively by group members.

0020: Allows write exclusively by group members

0010: Allows execution exclusively by group members

0004: Allows other users to read

0002: Allows other users to write

0001: Allows other users to execute

Symbolic Modes

Modes can also be defined symbolically, with the following syntax:

mode ::= clause [, clause …]
clause ::= [who …] [action …] action
action ::= op [perm …]

who     ::= a | u | g | o
op ::= + | – | =
perm    ::= r | s | t | w | x | X | u | g | o

Who specifies the user, group, and other parts of Mode. Perm represents portions of mode as follows:

  • r: Read
  • s: Setuid and Setgid
  • t: Sticky
  • w: Write
  • x: Execute/search
  • X: Execute/search if the file is a directory or execute/search is set in the original mode Only used in conjunction with the op symbol +
  • u: User permission bits in the original file
  • g: Group permission bits in the original file
  • o: Other permission bits in the original file.

Further, op represents the operation performed, taking into account the following:

  • “+” Only works if ‘perm’ has been specified. If no value has been specified for who, each bit specified in perm is set. If both who and perm are specified, the mode bit represented by them is set.
  • “-“ Has the opposite effect of ‘+;’ clearing values instead of setting them.
  • “=” Clears the who value. If no who value is specified; clears owner, group, and mode. Following that, if who still is unspecified, sets perm values.

Finally, clause represents operations to be performed on the mode bits, in the order specified.

What chmod Operations Should You Generally Avoid?

There’s really only one chmod operation that you should generally avoid, as using it can cause some pretty significant security issues on your server. This is chmod 777.  There’s a very good reason you shouldn’t use this one – it gives full permissions to anyone who accesses your server.

That represents a pretty significant security risk. Instead, it may be better to simply use chmod 775, or have whatever script you’re creating run as the owner of the files with the SUID flag.

In addition, where directories are concerned; avoid using 664 for your permissions. You need to execute permissions on a directory in order to access it; removing that permission will break whatever you apply it to.

A Few Additional chmod Tips

We’ll wrap up with a bit of extra advice related to chmod:

    • Remember that you need read permissions in order to list directories and subdirectories.
    • You can set all files in a folder or directory to writeable with chmod -R 775 [directory]
    • Files and directories can have permissions applied independently through the find command. For example:
  • find . -type f -exec chmod 640 {} \; for files and find . -type d -exec chmod 750 {} \;
  • Generally, “site chmod” through ftp has only basic functionality – it’s not the full Linux command, so what you can do with it is extremely limited.
Jay Caissie

Jay Caissie

Jay Caissie is Systems Analyst at ServerMania.