How to change file and folder permissions in Linux

In Linux, file and directory permissions decide who can read data, change it, or access a path at all. Setting them correctly protects configuration files, shared project trees, uploads, backups, and service data from accidental or unwanted access.

The chmod command changes the mode bits for the owner, the group, and everyone else by using symbolic expressions such as g+w and o-r or octal values such as 640 and 750. The same bits apply to both files and directories, but the execute bit means different things: on a regular file it allows the file to run, while on a directory it acts as search permission that allows entering the directory and resolving names inside it.

That difference matters most during recursive permission changes. A mode that is correct for a regular file can break a directory if it removes execute permission, so check the current tree before changing it and use X when one recursive command should keep directories traversable without making every plain file executable. Add sudo only when the current account does not own the target path.

OctalBinaryPermission
0000none
1001execute or search
2010write
3011write, execute or search
4100read
5101read, execute or search
6110read, write
7111read, write, execute or search

Related: How to change ownership of files and directories in Linux
Related: How to add a user to a group in Linux
Related: How to remove a user from groups in Linux

Steps to change file and folder permissions in Linux:

  1. Check the current mode on the target directory and one of its files before changing anything. 
    $ stat -c "%A %a %n" /srv/perm-demo /srv/perm-demo/alpha.txt
drwxr-xr-x 755 /srv/perm-demo
-rw-r--r-- 644 /srv/perm-demo/alpha.txt

    The first field is the symbolic mode, the second is the octal value, and the last is the path that was checked.

  2. Add or remove one permission bit with symbolic mode when the rest of the mode should stay intact. 
    $ chmod g+w /srv/perm-demo/alpha.txt
$ chmod o-r /srv/perm-demo/alpha.txt
$ stat -c "%A %a %n" /srv/perm-demo/alpha.txt
-rw-rw---- 660 /srv/perm-demo/alpha.txt

    Use + to add access, - to remove it, and = to replace the selected user class completely.

  3. Set an exact mode on a regular file when the full result should be explicit. 
    $ chmod 640 /srv/perm-demo/alpha.txt
$ stat -c "%A %a %n" /srv/perm-demo/alpha.txt
-rw-r----- 640 /srv/perm-demo/alpha.txt

    Mode 640 keeps read-write access for the owner, read-only access for the group, and no access for others.

  4. Set a directory mode separately so the directory stays traversable. 
    $ chmod 750 /srv/perm-demo
$ stat -c "%A %a %n" /srv/perm-demo
drwxr-x--- 750 /srv/perm-demo

    On directories, the x bit is search permission. Without it, users cannot enter the directory or resolve file names inside it even if the read bit is still present.

  5. Apply one recursive command when directories should stay traversable and plain files should not all become executable. 
    $ chmod -R u=rwX,g=rX,o= /srv/perm-demo

    The uppercase X adds execute or search permission only to directories and to files that already had execute permission.

  6. Verify the whole tree after the recursive change. 
    $ find /srv/perm-demo -maxdepth 2 -printf "%M %p\n" | sort
-rw-r----- /srv/perm-demo/alpha.txt
-rwxr-x--- /srv/perm-demo/run.sh
drwxr-x--- /srv/perm-demo
drwxr-x--- /srv/perm-demo/subdir

    Review the target path carefully before using -R. GNU chmod ignores symlinks found during recursive traversal, but a symlink passed directly on the command line normally affects the file it points to.