CHMOD (change mode) is a Unix/Linux command and permission model that controls access to filesystem objects (files and directories). Key points:
- Purpose: Sets read ®, write (w), and execute (x) permissions for three classes — owner, group, and others.
- Permission types:
- r (read): Allows viewing file contents or listing directory contents.
- w (write): Allows modifying a file or adding/removing files in a directory.
- x (execute): Allows running a file as a program or entering/searching a directory.
- Representation:
- Symbolic: e.g., u+r (add read to owner), g-w (remove write from group), o+x (add execute to others).
- Octal: three digits (owner/group/others), each digit is the sum of 4 (read) + 2 (write) + 1 (execute). Examples:
- 755 = owner rwx (7), group r-x (5), others r-x (5)
- 644 = owner rw- (6), group r– (4), others r– (4)
- Special bits:
- Setuid (4xxx): Executes a program with the file owner’s privileges.
- Setgid (2xxx): New files inherit the group; directories run with group privileges.
- Sticky bit (1xxx): On directories, restricts deletion so only file owner can delete their files (common on /tmp).
- Common usage:
- chmod 644 file.txt
- chmod u+x script.sh
- chmod 755 /usr/local/bin/tool
- Security notes:
- Avoid 777 (everyone read/write/execute) on production files—risk of unauthorized modification.
- Use setuid/setgid carefully; they can introduce privilege escalation if misused.
- When to use:
- Configuring web server file access, scripts, shared directories, or when deploying code to servers.
If you want, I can provide examples, a quick rule-of-thumb table, or a small CHMOD calculator (octal ↔ symbolic) you can rebrand.
Leave a Reply