Configuring Unix/Linux File and Directory Access Rights

Using 'chmod' to alter or modify file and directory permissions

Close-up of business man typing on laptop
Alfie/RooM/Getty Images
by Tony Bradley, CISSP-ISSAP
Updated July 10, 2018

Unix and Linux operating systems assign access rights to files and directories using one of three types of access (read, write and execute) assigned to each of three groups (owner, group and other users).

If you list details of a file's attributes using the ls command with the -l switch (for example ls -l filename), it would return information that would look something like -rwe-rw-r-- which equates to read, write and execute privileges for the owner, read and write privileges for the group and only read access for all other users.

Each of the types of access rights has an associated numeric value listed below:

  • Read = 4
  • Write = 2
  • Execute = 1

The values for the access rights for each of the groups is added together to obtain a value between 0 and 7 which can be used to assign or modify permissions using the chmod (change mode) command.

In the example above, the access rights for the file in question could be assigned by entering chmod 764 filename. The number 764 is derived from:

  • rwe = 4 (read) + 2 (write) + 1 (execute) = 7
  • rw = 4 (read) + 2 (write) = 6
  • r = 4 (read) = 4

You can use the chmod command to assign access rights to files and directories. Keep in mind that Unix and Linux commands and object names are case sensitive. You must use "chmod" and not CHMod or any other combination of upper and lower case letters.

How to use the chmod command:

  • Full access for everybody: chmod 777 filename
  • Full access for owner and group privileges but other users can only read and execute: chmod 775 filename
  • Full access for owner, but restricting group and other user privileges to only read and execute for files in the directory: chmod 755 dirname
  • Full access for the owner with no access rights or privileges for anyone else: chmod 700 filename
  • No access to files in directory for group or other users and owner restricted to read and execute privileges to prevent the accidental deletion or modification of files in the directory: chmod 500 dirname
  • Allowing the owner and group read and write access to a file, allowing others in the group to edit or delete the file as well as the owner, but with no access for other users: chmod 660 filename