Bash Modify (chmod)

Key Permission Concepts

chmod +r file.txt

chmod +w file.txt

chmod +x script.sh

chmod 755 file.txt

🔹 Understanding Permission Structure

Linux file permissions control access through a three‑tier system: owner, group, and others. Each tier can have read (r), write (w), and execute (x) permissions. The ls -l command displays these as a 10‑character string (e.g., -rwxr-xr--). The first character indicates file type, followed by three triplets for owner, group, and others. Understanding this structure is fundamental for system security, multi‑user environments, and configuring services like web servers or databases that rely on precise file access controls.

# View file permissions
ls -l file.txt

# Permission format explanation
# -rwxr-xr--
# - = file type
# rwx = owner permissions (read, write, execute)
# r-x = group permissions (read, execute)
# r-- = others permissions (read only)

🔹 Symbolic Mode - Add Permissions

Adding permissions with symbolic notation is an intuitive method that modifies existing rights without affecting others. Use the plus (+) symbol with a combination of u (user/owner), g (group), o (others), or a (all), followed by r, w, or x. For example, chmod g+w file.txt grants write permission to the file’s group. This approach is ideal for incremental adjustments, such as allowing team members to edit a shared document or making a script executable for its owner while keeping other permissions intact.

# Add execute permission for owner
chmod u+x script.sh

# Add write permission for group
chmod g+w document.txt

# Add read permission for others
chmod o+r file.txt

# Add execute for everyone
chmod a+x program.sh

🔹 Symbolic Mode - Remove Permissions

Removing permissions selectively with symbolic notation is a safe way to restrict access without a full reset. Use the minus (-) symbol with the same u/g/o/a designators and permission letters. For instance, chmod o-rx script.sh revokes read and execute access from others, enhancing security. This method is particularly valuable when you need to tighten security on sensitive files, revoke temporary access, or comply with least‑privilege principles in production environments, all while preserving existing permissions for other user categories.

# Remove write permission from group
chmod g-w file.txt

# Remove execute from others
chmod o-x script.sh

# Remove all permissions from others
chmod o-rwx private.txt

# Remove write from everyone
chmod a-w readonly.txt

🔹 Numeric Mode - Octal Permissions

Octal (numeric) mode sets absolute permissions efficiently using a three‑digit code representing owner, group, and others. Each digit is the sum of read (4), write (2), and execute (1). For example, 755 means rwxr-xr-x—full control for the owner, read‑execute for group and others. This method is definitive and widely used in scripts, configuration management tools (like Ansible), and system setup because it explicitly defines the entire permission set in one command, leaving no ambiguity about the final state.

# Full permissions for owner, read+execute for others
chmod 755 script.sh

# Read+write for owner, read-only for others
chmod 644 document.txt

# Full permissions for owner only
chmod 700 private.sh

# Read+write for owner and group
chmod 664 shared.txt

🔹 Common Permission Patterns

Standard permission patterns balance security and functionality for typical file and directory use cases. 755 (rwxr-xr-x) is standard for executable scripts and directories, allowing owner control and others to read/execute. 644 (rw-r--r--) is common for regular files like documents and images. 600 (rw-------) locks a file to the owner only, ideal for private keys or configs. 777 (rwxrwxrwx) grants full access to everyone but should be used sparingly due to significant security risks.

# Executable script (rwxr-xr-x)
chmod 755 script.sh

# Regular file (rw-r--r--)
chmod 644 document.txt

# Private file (rw-------)
chmod 600 secret.txt

# Public directory (rwxrwxrwx) - use carefully!
chmod 777 public_folder/

# Secure directory (rwx------)
chmod 700 private_folder/

🔹 Recursive Permission Changes

Applying permission changes recursively ensures consistency across entire directory trees with a single command. The -R option with chmod modifies the specified directory and all files and subdirectories within it. This is essential when setting up web server document roots (/var/www/html), shared project folders, or fixing widespread permission errors after a system migration. However, use it cautiously—applying broad changes can inadvertently expose sensitive files or break application functionality if permissions are set incorrectly.

# Change permissions recursively
chmod -R 755 project/

# Make all scripts executable
chmod -R u+x scripts/

# Remove write from others recursively
chmod -R o-w documents/

# Set directory permissions recursively
chmod -R 750 /var/www/html/

🔹 Special Permissions

Special permissions—setuid, setgid, and sticky bit—extend standard Linux access control for advanced scenarios. Setuid (4) causes a program to run with its owner’s privileges, often used for system utilities like passwd. Setgid (2) on directories ensures new files inherit the directory’s group, facilitating collaboration. The sticky bit (1) on shared directories (like /tmp) prevents users from deleting others’ files. These are set as a fourth octal digit (e.g., 4755) and must be applied judiciously due to potential security implications.

# Set setuid bit (runs as owner)
chmod 4755 program

# Set setgid bit (inherits group)
chmod 2755 directory/

# Set sticky bit (protect from deletion)
chmod 1777 /tmp/shared/

# Symbolic notation for sticky bit
chmod +t shared_folder/