
In Linux systems, file permission management is a core skill that every user must master. As the cornerstone of system security, properly setting file permissions not only ensures data security but also guarantees necessary access rights. This article will provide an in-depth analysis of the usage of the <span>chmod</span> command, using practical examples to quickly grasp permission setting techniques.
1. Introduction to the chmod Command
<span>chmod</span> (short for change mode) is a key command in Linux systems used to modify file or directory access permissions. Before we start operating, we need to clarify the three basic dimensions of Linux permissions:
- Owner – The creator/owner of the file
- Group – The user group associated with the file
- Others – All other accounts in the system
Each identity can be assigned three types of permissions:
- Read (r) – View file content
- Write (w) – Modify or delete the file
- Execute (x) – Run executable files/enter directories
Permission settings support two modes:
- Numeric mode (e.g.,
<span>755</span>) - Symbolic mode (e.g.,
<span>u=rwx</span>)
2. Syntax Structure of the chmod Command
Basic command format:
chmod [options] permission_mode file/directory
Common option descriptions
<span>-v</span>: Display detailed operation process<span>-c</span>: Only show items that have changed<span>-R</span>: Recursively process directories and subdirectories<span>--reference=reference_file</span>: Copy permission settings from the reference file
3. Numeric Encoding of Permissions
When Linux permissions are represented numerically, they follow specific rules:
- Read (r) = 4
- Write (w) = 2
- Execute (x) = 1
Permissions can be combined by simple addition, for example, 7 = 4 + 2 + 1 (read, write, execute), 5 = 4 + 1 (read, execute)
4. Practical Application Scenarios
4.1 High-Risk Fully Open Permissions (777 Mode)
chmod 777 temporary_shared_file # All users have full control (rwxrwxrwx)
- Effect: All users can read, write, and execute
- Severe Warning: Should be absolutely avoided unless for temporary testing purposes
4.2 Standard Executable File Permissions (755 Mode)
chmod 755 filename # Owner has full control, other users can only read and execute (rwxr-xr-x)
- Effect:
- Owner: read, write, execute (
<span>rwx</span>) - Other users: read, execute only (
<span>r-x</span>) - Typical Application: Scripts that need to be shared
4.3 Setting Private File Permissions (700 Mode)
chmod 700 important_file.txt # Only the owner has full permissions (rwx------)
- Effect: Only the owner has full permissions (read, write, execute), other users have no access
- Applicable Scenarios: Personal privacy files, sensitive data
4.4 Document Sharing Scheme (644 Mode)
chmod 644 filename
- Owner can read and write, other users can only read (rw-r–r–)
- Commonly found in web files and other static resources
4.5 Strict Confidentiality Settings (600 Mode)
chmod 600 account_password.txt
- Effect: Only the owner can read and write, other users are completely invisible
- Classic Case: SSH key file (
<span>~/.ssh/id_rsa</span>)
4.6 Batch Permission Modification (Recursive Processing)
chmod -R 755 /project_directory/
- Scope of Effect: Target directory and all its sub-contents
The examples listed above are all in numeric mode. In addition to numeric mode, <span>chmod</span> also supports a more intuitive symbolic representation:
chmod [user_type][operator][permissions] filename
User Types:<span>u</span>= owner, <span>g</span>= group, <span>o</span>= others, <span>a</span>= all users
Operators:<span>+</span> add, <span>-</span> remove, <span>=</span> set exactly
Next, let’s continue with examples:
4.7 Add Execute Permission for Everyone (<span>chmod +x</span> or <span>chmod a+x</span>)
chmod +x downloaded_program
chmod a+x downloaded_program
4.8 Only Owner Can Execute (<span>chmod u+x</span>)
chmod u+x program_file # Only the owner can execute
4.9 Permission Fine-Tuning Operations
chmod o-rwx sensitive_data # Prohibit other users from accessing
chmod g+w team_document # Allow group members to edit
4.10 Permission Copy Function
chmod --reference=template_file new_file
This is mainly used to quickly achieve permission synchronization.
5. Comparison of Numeric Mode and Symbolic Mode
| Comparison Dimension | Numeric Mode | Symbolic Mode |
|---|---|---|
| Permission Representation | Three-digit octal number (e.g., 755) | Letter combination (e.g., u=rwx) |
| Calculation Rule | 4 (read) + 2 (write) + 1 (execute) = 7 | No calculation needed, directly specified |
| Modification Granularity | Must set all permissions at once | Can modify specific identity permissions individually |
| Typical Example | <span>chmod 644 file</span> (owner rw, others read only) |
<span>chmod u=rwx,g=rx,o= file</span> (precise control of permissions for each identity) |
| Applicable Scenario | Quickly set standard permission combinations | Need to finely adjust specific permissions |
| Recursive Modification | <span>chmod -R 755 directory</span> |
<span>chmod -R u+w directory</span> |
6. Important Security Reminders
- Use 777 permissions with caution: Equivalent to handing the house key to strangers
- Be cautious with recursive modifications: May lead to abnormal permissions for critical system files
- Do not tamper with system files: Incorrect permission settings may cause service crashes
7. Practical Recommendations
Good permission habits are the first line of defense for Linux system security:
- Daily files should be set to 644 (files) or 755 (directories)
- Sensitive data should prioritize using 600 mode
- Files that need to be shared can adopt 750 mode
