SSH: Managing file permissions using CHMOD

When installing scripts on your website you will often be asked to change the permissions, or CHMOD (change mode). The instructions for doing this often include cryptic sets of numbers, such as chmod 775 There are actually two ways of setting permissions using chmod, using numbers or words. Use whichever method works best for you. Keep in mind that other people will often write instructions using numbers, so you need to understand what they mean. On the other hand, a long listing of a folder will show permissions using letters (r, w, e).

There are two dimensions to file permissions: users and permission levels (or modes). There are 3 user groups (owner, group, and other) and 3 permission levels (read, write, execute).

User groups

owner
the individual user account who owns the file. A user account could belong to a person or a generic system account.
group
the user group an individual is assigned to. Groups are used to organize users with different sets of permissions.
other
anyone else (anyone outside of the system, such as people accessing the file from a web browser)

Permissions

read
view the file or list a directory's contents
write
write to the file or directory
execute
execute a file or recurse a directory (access other files in the directory)

Chmod commands using numeric (octal) mode

The chmod command looks like this:

chmod [permission number] file/folder

For example:

chmod 664 file.html

The three-digit code is made up of permission levels for each of the three user groups (user, group, and other). At the same time, each permission level is assigned a number: read is 4, write is 2, and execute is 1. These numbers are added together for each user group to get the 3-digit permission number.

In a chmod command, the permission numbers are added together to obtain a 3-digit code

 
Permission code Displays in list as Translation
664 -rw-rw-r-- owner and group have read & write, group has read only
644 -rw-r--r-- owner has read and write, group and other have read only
775 drwxrwxrw- owner and group have read, write, and execute permissions; group has read and execute
777 drwxrwxrwx all 3 user groups have full permissions

The first character in the list display indicates the type of file – a d for directory or - for a regular file.

Caution! You almost never need to give others execute permissions on a file or write permissions on a folder. This can compromise the security of your sever, since you're allowing anyone to execute files or add new files. This is why file permissions are usually 664 or 644 and folder permissions are usually 755 or 775.

Sample commands

chmod 664 file.html
set the permissions on file.html to 664
chmod 775 folder
set the permisions on folder to 775
chmod 664 file1.html file2.html
set the permissions on file1.html and file2.html to 664
chmod 664 *.php
set the permissions on all php files to 664

Chmod commands using symbolic mode

With this technique, instead of setting permissions for all three user groups using a numeric code, you set permissions for each group individually using text abbreviations. These commands are formatted like this:

chmod [user][operator][permissions] file/folder

For example:

chmod u+r file.html

This command has three parameters: the users, the operator, and the permission. The user groups and permissions are the same as above and are represented by single letter abbreviations:

u
user (owner)
g
group
o
other
a
all

Similarly, the permissions are also repesented by single letter abbreviations:

r
read
w
write
x
execute

The user group and the permissions are then combined using an operator:

+
add
-
remove
=
set equal to

The final command looks something like this:

chmod u+r file.html

This command adds read permissions for the file owner.

Sample commands

chmod o+r file.html
adds the read permission for other
chmod o-r file.html
removes the read permission for other
chmod go+rw file.html
add the read and write permissions for group and other on file.html
chmod u=rwx folder
sets permissions for user to read, write, and execute
chmod u=rw, go=r file.html
sets permissions for user to read and write, and group and other to read only for file.html

Discussion

To discuss this article or ask questions, please visit The Webmaster Forums discussion on SSH: Managing file permissions using CHMOD.

Megan McDermott's picture

About the Author

Megan is co-founder and editor of A Padded Cell and administrator at The Webmaster Forums. She has been designing websites since 1997, with expertise in design, information architecture, usability, HTML/CSS, Drupal theming, and more. She is available for short-term or ongoing freelance work in any of those areas. Read her web design blog at MeganMcDermott.com or check out her portfolio.