Configuring Unix/Linux File and Directory Access Rights

Using 'chmod' to alter or modify file and directory permissions

by
Tony Bradley, CISSP-ISSAP
Writer
Tony Bradley is a former Lifewire writer and tech journalist who specializes in network and internet security. He is a respected information security expert and prolific author.
our editorial process
Tony Bradley, CISSP-ISSAP
Updated on September 11, 2020

Unix and Linux operating systems assign access rights to files and directories using one of three types of access (read, write and execute) assigned to each of three groups (owner, group and other users).

Groups and Access Types

If you list details of a file's attributes using the ls command with the -l switch (for example ls -l filename), the command returns information that would look something like -rwe-rw-r-- which equates to read, write and execute privileges for the owner, read and write privileges for the group and only read access for all other users.

Each of the types of access rights has an associated numeric value listed below:

  • Read = 4
  • Write = 2
  • Execute = 1

The values for the access rights for each of the groups is added together to obtain a value between 0 and 7 which can be used to assign or modify permissions using the chmod (change mode) command.

In the example above, the access rights for the file in question could be assigned by entering chmod 764 filename. The number 764 is derived from:

  • owner: rwe = 4 (read) + 2 (write) + 1 (execute) = 7
  • group: rw = 4 (read) + 2 (write) = 6
  • others: r = 4 (read) = 4

Use the chmod command to assign access rights to files and directories.

How to Use the 'chmod' Command:

ls and chmod

Grant specific access using the following general procedures:

  • Full access for everybody: chmod 777 filename
  • Full access for owner and group privileges but other users can only read and execute: chmod 775 filename
  • Full access for owner, but restricting group and other user privileges to only read and execute for files in the directory: chmod 755 dirname
  • Full access for the owner with no access rights or privileges for anyone else: chmod 700 filename
  • No access to files in directory for group or other users and owner restricted to read and execute privileges to prevent the accidental deletion or modification of files in the directory: chmod 500 dirname
  • Allowing the owner and group read and write access to a file, allowing others in the group to edit or delete the file as well as the owner, but with no access for other users: chmod 660 filename