program to change access permissions of a file or folder
chmod is a shell command for changing access permissions and special mode flags of files (including special files such as directories). The name is short for change mode where mode refers to โ€ฆ Wikipedia
Factsheet
chmod
Original author AT&T Bell Laboratories
Developers Various open-source and commercial developers
Factsheet
chmod
Original author AT&T Bell Laboratories
Developers Various open-source and commercial developers
๐ŸŒ
Wikipedia
en.wikipedia.org โ€บ wiki โ€บ Chmod
chmod - Wikipedia
2 weeks ago - chmod is a shell command for changing access permissions and special mode flags of files (including special files such as directories). The name is short for change mode where mode refers to the permissions and flags collectively. The command originated in AT&T Unix version 1 and was exclusive ...
๐ŸŒ
GeeksforGeeks
geeksforgeeks.org โ€บ linux-unix โ€บ chmod-command-linux
chmod Command in Linux - GeeksforGeeks
May 12, 2026 - The chmod (change mode) command in Linux/UNIX is used to modify file and directory permissions. It controls who can read, write, or execute a file by setting access rights for the owner, group, and others.
Discussions

chmod Cheatsheet
You can also use u, g, o if the numbers are too complicated for you to remember. Examples: chmod u+rwx,g+rwx,o-rwx chmod u=rwx,g=rwx. More on reddit.com
๐ŸŒ r/linux
234
2552
March 7, 2019
file - What is the normal chmod? - Stack Overflow
On my web server, my file permissions are all over the place and I want to 'reset' everything back to how it originally was. I don't want any users to be able to come in and delete things off my web More on stackoverflow.com
๐ŸŒ stackoverflow.com
Permission denied wanneer ik `chmod` op een ZFS ...
๐ŸŒ r/Proxmox
February 9, 2022
Wazuh upgrade Issues
Hi u/l1nux0 , Regarding 1: The list section in ossec.conf loads a CDB reference for use Wazuh rules. You need to confirm the lists added to the ossec.conf file are actually present on your Wazuh manager you can verify with the command `ls /var/ossec/etc/lists/` Regarding 2: I guess it was just temporary, can you retry ? More on reddit.com
๐ŸŒ r/Wazuh
7
2
October 24, 2025
๐ŸŒ
Linux Man Pages
man7.org โ€บ linux โ€บ man-pages โ€บ man2 โ€บ chmod.2.html
chmod(2) - Linux manual page
If path is relative, then it is interpreted relative to the directory referred to by the file descriptor dirfd (rather than relative to the current working directory of the calling process, as is done by chmod() for a relative pathname). If path is relative and dirfd is the special value AT_FDCWD, then path is interpreted relative to the current working directory of the calling process (like chmod()).
๐ŸŒ
Reddit
reddit.com โ€บ r/linux โ€บ chmod cheatsheet
r/linux on Reddit: chmod Cheatsheet
March 7, 2019 - I'm old, the new fangled letters plus minus comma stuff didn't exist when I started out. I do use them sometimes though. But when chmod -R 4544 folder_name is the same as chmod -R a+rwx,u-w,g-wx,o-wx,ug+s+t,g-s,-t folder_name what would you rather type, and yes I do realise its an unrealistic example.
๐ŸŒ
Computer Hope
computerhope.com โ€บ unix โ€บ uchmod.htm
Linux Chmod Command
June 1, 2025 - On Unix-like operating systems, ... file permissions or modes, as in "mode of access." The command name chmod stands for "change mode." It restricts the way a file can be accessed....
๐ŸŒ
PHP
php.net โ€บ manual โ€บ en โ€บ function.chmod.php
PHP: chmod - Manual
<?php // Read and write for owner, nothing for everybody else chmod("/somedir/somefile", 0600); // Read and write for owner, read for everybody else chmod("/somedir/somefile", 0644); // Everything for owner, read and execute for others chmod("/somedir/somefile", 0755); // Everything for owner, read and execute for owner's group chmod("/somedir/somefile", 0750); ?>
Find elsewhere
๐ŸŒ
Linux Man Pages
man7.org โ€บ linux โ€บ man-pages โ€บ man1 โ€บ chmod.1.html
chmod(1) - Linux manual page
May 30, 2026 - The second digit selects permissions for the user who owns the file: read (4), write (2), and execute (1); the third selects permissions for other users in the file's group, with the same values; and the fourth for other users not in the file's group, with the same values. chmod doesn't change the permissions of symbolic links; the chmod system call cannot change their permissions on most systems, and most systems ignore permissions of symbolic links.
๐ŸŒ
The Open Group
pubs.opengroup.org โ€บ onlinepubs โ€บ 009696899 โ€บ utilities โ€บ chmod.html
chmod
It is implementation-defined whether and how the chmod utility affects any alternate or additional file access control mechanism (see the Base Definitions volume of IEEE Std 1003.1-2001, Section 4.4, File Access Permissions) being used for the specified file.
๐ŸŒ
Linux Man Pages
linux.die.net โ€บ man โ€บ 1 โ€บ chmod
chmod(1): change file mode bits - Linux man page
chmod never changes the permissions of symbolic links; the chmod system call cannot change their permissions. This is not a problem since the permissions of symbolic links are never used. However, for each symbolic link listed on the command line, chmod changes the permissions of the pointed-to file.
๐ŸŒ
IBM
ibm.com โ€บ docs โ€บ en โ€บ zos โ€บ 3.1.0
chmod - Change the mode of a file or directory - IBM Documentation
January 29, 2025 - Recursively change file mode bits. For each path name operand that names a directory, chmod will change the file mode bits of the directory and all files in the file hierarchy under it.
๐ŸŒ
SS64
ss64.com โ€บ bash โ€บ chmod.html
CHMOD Command: Change File Permissions in Linux
Change File Permissions in Linux/Unix. Make scripts executable, change permissions recursively, 755 vs 644 octal math, Syntax and Examples.
๐ŸŒ
Red Hat
redhat.com โ€บ en โ€บ blog โ€บ introduction-chmod
Linux permissions: An introduction to chmod
November 20, 2025 - This setting makes sense for obvious reasons: The owner should have higher control over the fileโ€™s contents in order to both read and write to it. Others might want to read the contents but not modify them. Of course, you can change this setting with the chmod command, which is the focus of this article.
๐ŸŒ
IBM
ibm.com โ€บ docs โ€บ en โ€บ zos โ€บ 3.1.0
chmod
Get assistance for the IBM products, services and software you own ยท Provides fixes and updates for your system's software, hardware, and operating system
Top answer
1 of 4
4

I believe this breaks down into a few closely interrelated questions, which are answerable with a reasonable degree of objectivity.

Why does Ubuntu allow different kinds of permissions to be adjusted for different users and groups of users? Is this high degree of configurability really necessary?

Almost all currently used operating systems, including Windows, have this functionality. Actually, on Windows the system is more complex, because Windows uses access control lists for almost everything while Ubuntu uses the simpler system of Unix-style ownership and permissions most of the time (but also supports access control lists).

A few reasons this is necessary:

  1. If you want your computer to be accessed by users other than yourself, you need the ability to decide that some files are totally off-limits to certain users, and that others are readable but unmodifiable by certain users.

    Remember, this includes people who you might want to access your computer over a network. Such as yourself. Many people want to be able to share files between computers at home, or with their friends, but not with just anybody who happens to be using the same public wireless network. Thus users represent more people than you might actually have physically using your keyboard.

  2. The operating system you're using--Ubuntu--is the same OS as Ubuntu Server. They have different packages installed by default, and different installers. You can transform a server system into a desktop system and vice versa. A full system of ownership and permissions is necessary for most servers, even if it may not be necessary for some desktops. The desktops work fine with it; the servers would not work without it.

  3. User accounts can represent real people who access your computer, but they represent a whole lot more than that, too. A user account represents a collection of abilities. Special user accounts exist for performing particular tasks with constrained abilities.

    The purpose of this is twofold. First, the developer of the software, or the user, could make a mistake resulting in the software attempting to perform some action that can be known beforehand could only cause harm.

    Second, a malicious party might deliberately fool the software performing the specialized task into doing something bad, like destroying data or allowing the malicious person to control it.

    In both of these cases, harm is often reduced if the task is performed by a non-privileged user that doesn't represent any particular human user of the computer, but exists just to perform that particular task.

    If you only have a few human user accounts set up on your Ubuntu system, then most of the user accounts listed by running cat /etc/passwd are this kind of "user." (Don't worry, running cat /etc/passwd does not actually show you people's passwords; the file is called that mainly for historical reasons.)

What's the point of Ubuntu limiting my user account's access to anything, if I'm an administrator and can perform any action as root with sudo?

The same reason there are guard rails on the sides of some roads, manhole (personhole?) covers, a cover over the needle at the end of a syringe, safeties on firearms, etc. And not for the same reason that people put locks on their doors. Not to keep you from doing something deliberately that you do want to do, but to keep you from doing something accidentally that you do not want to do.

When you want/need to perform an administrative task, it is important that you be able to do it easily. Your control over your own machine must be respected, plus a system that's unnecessarily hard to use is not very good. If Ubuntu prevents you from easily performing administrative actions, that is a bug. Fortunately, this is not usually the case (though I fear we're moving in that direction). One of the reasons Ubuntu uses sudo is that it generally facilitates easily running commands/programs as root, without reducing your ability to perform ordinary, non-administrative actions concurrently.

When you're not trying to modify your system in some deep way that could be dangerous, it is similarly important that the system be designed in such a way as not to fool you into doing it.

Similarly, you probably have the right to give your life savings to some random guy. You also have the right to play tennis. Your autonomy is important; it is because of that and not in spite of it that a "give away all my money" button on your tennis racket would be a bad design.

For more information about why even administrators should use "limited user accounts" (plus the ability to perform any particular action without limitation, on demand), see:

  • How to NOT become a root user? Are administrators root?

I understand what user permissions are--they are permissions for the file's owner. What are group permissions for?

The owner of a file--which is usually the user who created it, or the owner of a special folder that's set up so files created it in belong to that user--can choose a group of users to "group-own" the file.

This group of users can then be given special abilities (or potentially, have special abilities taken away, though that's not generally recommended or effective) compared to everyone else.

By everyone else I mean all the other user accounts on your system, other than the file's owner and group-owner. This includes the ones that don't correspond to any human being. For example, you might want all the people who use your computer to be able to configure printers (lpadmin group) and use the CD/DVD/BluRay drive (cdrom group), but there's probably no need to allow the crash-reporting "user" (whoopsie) or the clock-syncing "user" (ntp) to have these abilities.

You can use groups to manually implement access control if you like, but on desktop systems, often most groups are automatically configured and managed. The groups command will list all the groups you're a member of.

What are "other" permissions for?

They apply to everyone else--to user accounts that neither own the file nor are members of the group-owner.

Are group and owner file permissions just for servers?

No, they are used to manage distinctions between different kinds of user accounts on your machine, including non-human "user" accounts. This applies even if there is only one human user account on your system.

For example, membership in the adm group (which does not make a user an administrator) confers the ability to read the contents of most systemwide log files. This is a relatively harmless ability for just about any human user of most desktop systems, but could potentially lead to problems if it were conferred to part of the system that perform only a highly specialized task (that is, it performs only that task unless something like a partially successful cyber-attack is perpetrated).

Are group and user file permissions more important on servers than desktops?

Sort of.

On servers you are more likely to have to be aware of them and manage them manually, because you are more likely to deliberately provide and deny access to a variety of resources for a variety of human users.

But they are necessary for the system to work correctly even for a single human user. The system would have to be designed quite differently to work well in a single-user mode for everyday computing, without a system of file ownership and permissions.

By way of comparison, consider I/O scheduling. Many server environments have many more processes accessing many more files than many desktop systems. Therefore, input-output scheduling (managing how limited throughput can be managed to complete file access transactions with reasonable efficiency) is especially important on (some) servers, compared to (most) desktops. Server administrators are more likely to study I/O scheduling and to make changes to the way it works on their computers, than most desktop users. But I/O scheduling is necessary for either a server or desktop system work.

As the owner of a file, I can change all its permissions and as well as its group-owner. I can do this without sudo or a similar mechanism! So what's the point of permissions?

The owner of a file can do this without being root (i.e., without sudo), but other non-root users cannot. This includes the non-human "users" that are part of the system (see above).

Furthermore, many files on the computer are not "owned" by your user account. Those files do require that you authenticate in some way, to modify their permissions. You do have to use sudo (or a similar mechanism) to change permissions on system files owned by root.

Finally, there is some value associated with having permissions that apply only to you, even if you can change them without using sudo or any similar mechanism.

What are user permissions for? Why would I want to change what I can do with a file, when I can just change it back?

For the same general reason you may want to make a file read-only (even though you can override it yourself), you may want to make a file that you cannot read or execute (run).

The more common situation is that you may not want a file you own to be executable by you. When you download something, you probably don't want it to be marked executable because it could be malware. You probably want the opportunity to consider if you want to run it, before marking it executable. Furthermore, if you downloaded a file whose name ends in .pdf but is actually a malicious program, you definitely don't want execute permissions to be set on it by default.

There is another reason that's less related to security. Any file marked executable is treated as something that can be run--a program or script. Most files are neither, and you would not want to be given the opportunity to run them.

For example, if a text file is marked executable (for example, you own it and it has the execute permission turned on for its user-owner) and you double-click on it in Nautilus (the file browser), it will run. But most text documents are not scripts, and you don't want to try to run them when you double-click on them; instead, you probably want to open them in an editor.

It's less common to want to create a file that you cannot yourself read (without changing its permissions back). One situation where you may want to do this is if you had several files and wanted to avoid opening one of them for a while, for example if it is huge and takes several minutes to open. I've been in this situation, where I had to keep waiting for an application to finish opening a file so I could close it because I'd selected the wrong file (again).

A related possible scenario is if you are automatically performing some action on many files (a "batch" job) that reads from the files, but you want it to skip some. Provided that the action will "degrade gracefully," continuing to do what it can after an error, the easiest way to accomplish it might be to mark the few files you want to skip reading as unreadable.

A very different situation is: maybe you want to deny read permission to yourself on some file because the file serves some purpose other than containing data. Files can be used to signify some condition. As a made-up example: some search application that indexes files might first check to see if a file called noindex is present in your home folder, and stop if it finds. That file doesn't have to be read; arguably, marking it unreadable helps clarify its purpose.

Wanting to keep yourself (or some task you're performing as you) from reading files you own is not a particularly common situation, though. And in practice, most "signal" files (that exist because their existence itself means something) are readable by their owners. Really, as far as I am aware, there are three primary reasons for the user-owner of a file not to be able to read it, and even to be able to write to it without reading it:

  1. Group and other have read, write, and execute bits, and they can take on any combination of values. There is no compelling reason to break with this model--thereby making the system more complicated--for the user who owns the file.

  2. Many resources that we don't usually think of as being file-like are represented by entries in the filesystem. For some resources, it makes sense to write to them, but does not make any sense to read from them. For these resources, the read bit is sometimes turned off for everyone, even the owner, and even if the owner is root. (Not always, though; for reasons that are both beyond the scope of this answer and at the edge of my own knowledge, some write-only devices' filesystem entries still have their read bits enabled for some users.)

  3. The ability for a file to deny read access even to its owner is sometimes used to represent files on a write-only filesystem. (Not always, though; it depends on the details of the filesystem and how it is mounted.) Write-only filesystems are uncommon but they do exist and have practical uses.

2 of 4
2

Normally the one who creating the file is the owner. Then who are the "group" and the "other". Is this used more for server like systems where there are many user?

In Linux, a file (or directory) can be accessed by three different "entities".

  • The user (owner) of the file.
  • A group, which (just like the name suggests) is a group of users.
  • All the other people; so basically everyone else (i.e. not the owner, and not in the group).

Each of these entities can either have read, write, and/or execution permissions on a file. See the flexibility and simplicity of Linux? Three entities, each with three different permissions. This provides a more flexible way of granting permissions to files/folders. Is this used more for server like systems where there are many user? Well, yeah okay, you can think of it that way. Your Ubuntu uses groups and others in many situations though, without you worrying about it, but I digress.


Even if this is used for security issues, without "$sudo" it can be easily change to whatever wanted.

If I understand correctly, I'm guessing that you used chmod on files in your home folder, and so you did it without the need of sudo. Let's take an example:

-rwxr-xr-x 2 alaa test 4096 Jun  5 10:02 fileName

If you want to understand what this whole line of output means, see this.

alaa is the user (owner), and test is the group of the file.

Now, the command you're talking about, chmod, is used to change the permissions of a file. So, let's say that I want to give write permissions to the group test, I would do the command:

chmod g+w fileName

Meaning: for the group entity (g), add (+) the write (w) permission to the file fileName.

I, the user alaa, can do this command without needing sudo, because I'm the owner of it. If I were not the owner, I would not have been able to do this, and I would need sudo to do it.


Can you also suggest any further reading?

I suggest you, not to read about the command chmod, but to read more about the Linux/Unix File Permissions. You can visit these short pages for starters:

  • How Linux file permissions work
  • Linux file permissions - 1.0
  • Understanding Linux File Permissions
Top answer
1 of 6
46

Here's a summary that I have gathered:
Usage: chmod <number> <filename>

  • chmod all files to 644
  • chmod all .htaccess files to 644
  • chmod all robots.txt files to 644
  • chmod all directories to 711
  • chmod all directories with directory listing (.htaccess Options +Indexes) to 755
  • chmod all directories that users can upload files to, to 755 (ex: /uploads/).

Explanations:

  • 644 means:
    • 6: the owner of the file/directory can read and write, but not execute. Since files are not executable, you don't need to have "x" rights here (6 means r+w. 7 means r+w+x).
    • 44: The group that the file/directory belongs to (see the group by using ls -l) and everyone else (the public) are able to read the file, but not execute or write to it (permission number 4).
  • 711 means:
    • 7: the owner of the file/directory can read, write, and execute. This is needed for directories! Without "execute" when you try to list the directory you'll get permission denied.
    • 11: The group that the file/directory belongs to and the public have execute rights only. This is suitable for directories where you don't want other people browsing through the contents but do want to give them access to selected files further down the directory.
  • 755 means:
    • 7: the owner of the file/directory can read, write, and execute.
    • 55: The group that the file/directory belongs to and the public have read and execute permissions but not write. This allows users to be able to view what files are in a directory, and be able to read those files, but not alter them.

There's also an interactive online calculator you can use to figure out what permissions to use: https://chmod-calculator.com/

2 of 6
32

They should be as restrictive as possible, but no more.

Usually 0644 is a good choice, which gives the owner read and write rights, but everybody else only read. 0755 for directories. But, it can depend on your specific system settings.

๐ŸŒ
Upenn
cets.engineering.upenn.edu โ€บ answers โ€บ chmod.html
How do I use chmod to change permissions?
The chmod (short for change mode) command is used to manage file system access permissions on Unix and Unix-like systems.
Top answer
1 of 9
45

Greg mentions attrib - but attrib isn't anywhere close to chmod - attrib can set Read-only/Hidden attributes of a single file - it doesn't provide fine-grained controls like icacls does.

icacls sets/resets the access control lists, so you can grant/deny rights for individual SIDs & groups. It is fairly complicated though.

Here's an example I have saved in my github gist; it resets the ownership and access control list for all files in a folder and is particularly useful to fix those annoying "You need permissions from .. to perform this action" especially when moving files over from a previous install:

icacls * /reset /t /c /q 

Here, we have that

  • /reset replaces the existing one with the default list.
  • /t acts recursively on all files, folders & subfolders
  • /q doesn't display any success messages
  • /c continues with remaining files even in an error occurs.

You can also do things like backup the existing ACLs & apply them across all. Have a look at ss64 which explains the different options & switches very well.

2 of 9
18

There (sadly) can't be an exact equivalent, since Linux und DOS/Windows use attributes for different purposes, and (as Chathuranga said before) the security model is different:

  • In Windows file systems, there are "hidden" (H) and "system" (S) attributes which don't have an equivalent in Linux; there, files are hidden by prepending the name with a dot (.).
  • There is no equivalent to the Windows "archive" (A) attribute, either.
  • There is no equivalent to the "executable" (x) Linux attributes in the DOS/Windows file attributes.
  • There is an equivalent to the Windows "directory" (D) attribute (but it can't be changed anyway).
  • In Linux file systems, every entry is owned by exactly one user and exactly one group, and read/write/execution can be allowed for each of them, and for others. ACLs (like used by Windows) are even more flexible, but more complicated as well, and the commandline syntax is a PITA (in my humble opinion, of course)

The DOS file attribute R (read-only) is the one which might be considered to have an equivalent: this attribute set is roughly like the w attribute for all being missing; but the permission to change this attribute is subject to ACLs.

It might be cool to have a chmod/chown equivalent on Windows, perhaps written in some scripting language, which in turn calls attrib and cacls (or successors), but I don't have one.

๐ŸŒ
Chmod Calculator
chmod-calculator.com
Chmod Calculator
An awesome Chmod Calculator to convert Linux file permissions between different formats.
๐ŸŒ
HPC Wiki
hpc-wiki.info โ€บ hpc โ€บ Chmod
Chmod - HPC Wiki
September 3, 2019 - Chmod is the system call used to change the access permissions for files and directories. It is also capable of changing additional permissions or special modes.