chmod

To set standard permissions for a web page:
chmod 644 index.html

To make files in a directory executable:
chmod 755 cgi-bin

Replace the italicized names with the names of the files you want to affect.

chmod {options} mode file(s)

{options} is optional; the only common option is -R to make the command recursive (descend into specified directory and its subdirectories and apply permissions change to all files found)

mode is either a numeric or symbolic permission mode.

A numeric permission mode consists of up to four octal digits, which are interpreted as twelve individual bits; any missing digits are treated as leading zeroes. (Most commonly, the first digit is omitted.)

The first digit contains the setuid bit (4000), setgid bit (2000), and the sticky bit (1000). The other three digits correspond to user (i.e., owner of the file), group (the group that owns the file), and other (everybody else) permissions; each one contains a read bit (4), write bit (2), and execute bit (1).

A symbolic permission mode consists of three substrings concatenated. The first substring controls who to set permissions for: u, g, or o for user, group, or other, respectively, or some combination of these, or a for all, or nothing for an implicit all which ignores bits set in the user's umask.

The second substring is the operation to perform: + to add permissions, - to remove them, or = to set the specified permissions and remove all others for the specified who.

The third substring tells what permissions to set; there are several possibilities, which may be concatenated, though not all combinations make sense:

• r, w, x correspond to the read, write, and execute bits respectively
• s is the setuid/setgid bit for user and group, and meaningless for other
• t is the sticky bit for other and meaningless for user and group
• X means apply execute permission only for directories and files for which some user already has execute permission
• u, g, o correspond to the permissions user, group, and others currently have

To change file permissions on a whole directory tree, use the -R (recursive) option to chmod. For example, to prevent anyone else from accessing anything in your home directory:
chmod -R go-rwx ~
(the "go-rwx" means to subtract read, write and execute permissions for group and others).

Cool, eh?

I did this on my very first *nix machine (Acorn Archimedes R140 running BSD4.3). Before I had any backups or install media.

(And no, /sbin/chmod didn't exist... and init was /bin/init, IIRC...)

Don't try this at home.

4 = read
2 = write
1 = execute

To get a specific permission, simply add them up.
Read and Execute = (4+1) = 5
Execute and Write = (1+2) = 3

You need at least 3 of these numbers, one for what the Owner, Group and Other can do to this file, in that order.

So when you see a "chmod 751 runme", you know that the owner of the file can read, write and execute (4+2+1). The group that owns this file can read and execute (4+1), and everyone else can only execute this file (1).

The average UNIX user doesn't need to know this, but you will feel better knowing exactly what's going on and still be able to impress all of your friends with your guruness.

Did anyone mention that a directory must have the x flag for a user to search (ls) it? Or what about the -R flag, which recursively gives subdirectories the same permissions?

#include <sys/types.h>
#include <sys/stat.h>

int chmod( const char *path, mode_t mode );
int fchmod( int fd, mode_t mode );

S_ISUID		setuid
S_ISGID		setgid
S_ISVTX		sticky bit
S_IRUSR		owner read
S_IWUSR		owner write
S_IXUSR		owner execute/search
S_IRGRP		group read
S_IWGRP		group write
S_IXGRP		group execute/search
S_IROTH		other read
S_IWOTH		other write
S_IXOTH		other execute/search