SSH: Managing file permissions using CHMOD

by Megan McDermott, 17 November 2010 - 9:00am

When installing scripts on your website you will often be asked to change the permissions, or CHMOD (change mode). The instructions for doing this often include cryptic sets of numbers, such as chmod 775 There are actually two ways of setting permissions using chmod, using numbers or words. Use whichever method works best for you. Keep in mind that other people will often write instructions using numbers, so you need to understand what they mean. On the other hand, a long listing of a folder will show permissions using letters (r, w, e).

There are two dimensions to file permissions: users and permission levels (or modes). There are 3 user groups (owner, group, and other) and 3 permission levels (read, write, execute).

User groups

owner

the individual user account who owns the file. A user account could belong to a person or a generic system account.

group

the user group an individual is assigned to. Groups are used to organize users with different sets of permissions.

other

anyone else (anyone outside of the system, such as people accessing the file from a web browser)

Permissions

read

view the file or list a directory's contents

write

write to the file or directory

execute

execute a file or recurse a directory (access other files in the directory)

Chmod commands using numeric (octal) mode

The chmod command looks like this:

chmod [permission number] file/folder

For example:

chmod 664 file.html

The three-digit code is made up of permission levels for each of the three user groups (user, group, and other). At the same time, each permission level is assigned a number: read is 4, write is 2, and execute is 1. These numbers are added together for each user group to get the 3-digit permission number.

The first character in the list display indicates the type of file – a d for directory or - for a regular file.

Caution! You almost never need to give others execute permissions on a file or write permissions on a folder. This can compromise the security of your sever, since you're allowing anyone to execute files or add new files. This is why file permissions are usually 664 or 644 and folder permissions are usually 755 or 775.

Sample commands

chmod 664 file.html

set the permissions on file.html to 664

chmod 775 folder

set the permisions on folder to 775

chmod 664 file1.html file2.html

set the permissions on file1.html and file2.html to 664

chmod 664 *.php

set the permissions on all php files to 664

Chmod commands using symbolic mode

With this technique, instead of setting permissions for all three user groups using a numeric code, you set permissions for each group individually using text abbreviations. These commands are formatted like this:

chmod [user][operator][permissions] file/folder

For example:

chmod u+r file.html

This command has three parameters: the users, the operator, and the permission. The user groups and permissions are the same as above and are represented by single letter abbreviations:

u

user (owner)

g

group

o

other

a

all

Similarly, the permissions are also repesented by single letter abbreviations:

r

read

w

write

x

execute

The user group and the permissions are then combined using an operator:

+

add

-

remove

=

set equal to

The final command looks something like this:

This command adds read permissions for the file owner.

Sample commands

chmod o+r file.html

adds the read permission for other

chmod o-r file.html

removes the read permission for other

chmod go+rw file.html

add the read and write permissions for group and other on file.html

chmod u=rwx folder

sets permissions for user to read, write, and execute

chmod u=rw, go=r file.html

sets permissions for user to read and write, and group and other to read only for file.html

Discussion

To discuss this article or ask questions, please visit The Webmaster Forums discussion on SSH: Managing file permissions using CHMOD.