Every file in the Linux / macOS Operating Systems (and UNIX systems in general) has 3 permissions: Read, write, execute.

Go into a folder, and run the ls -al command.

The weird strings you see on each file line, like drwxr-xr-x, define the permissions of the file or folder.

Let’s dissect it.

The first letter indicates the type of file:

  • - means it’s a normal file
  • d means it’s a directory
  • l means it’s a link

Then you have 3 sets of values:

  • The first set represents the permissions of the owner of the file
  • The second set represents the permissions of the members of the group the file is associated to
  • The third set represents the permissions of the everyone else

Those sets are composed by 3 values. rwx means that specific persona has read, write and execution access. Anything that is removed is swapped with a -, which lets you form various combinations of values and relative permissions: rw-, r--, r-x, and so on.

You can change the permissions given to a file using the chmod command.

chmod can be used in 2 ways. The first is using symbolic arguments, the second is using numeric arguments. Let’s start with symbols first, which is more intuitive.

You type chmod followed by a space, and a letter:

  • a stands for all
  • u stands for user
  • g stands for group
  • o stands for others

Then you type either + or - to add a permission, or to remove it. Then you enter one or more permissions symbols (r, w, x).

All followed by the file or folder name.

Here are some examples:

chmod a+r filename #everyone can now read
chmod a+rw filename #everyone can now read and write
chmod o-rwx filename #others (not the owner, not in the same group of the file) cannot read, write or execute the file

You can apply the same permissions to multiple personas by adding multiple letters before the +/-:

chmod og-r filename #other and group can't read any more

In case you are editing a folder, you can apply the permissions to every file contained in that folder using the -r (recursive) flag.

Numeric arguments are faster but I find them hard to remember when you are not using them day to day. You use a digit that represents the permissions of the persona. This number value can be a maximum of 7, and it’s calculated in this way:

  • 1 if has execution permission
  • 2 if has write permission
  • 4 if has read permission

This gives us 4 combinations:

  • 0 no permissions
  • 1 can execute
  • 2 can write
  • 3 can write, execute
  • 4 can read
  • 5 can read, execute
  • 6 can read, write
  • 7 can read, write and execute

We use them in pairs of 3, to set the permissions of all the 3 groups altogether:

chmod 777 filename
chmod 755 filename
chmod 644 filename

The chmod command works on Linux, macOS, WSL, and anywhere you have a UNIX environment