chmod is a generally straighforward command so this article will instead focus on the more obscure aspects of chmod.
Execute Only on Directories
In order to read directories, execute permissions must be granted. As a result, administrators will often end up granting execute to both directories and files when execute is necessary only for files.
A typical situation, change an existing folder, for example, /home/ckent/daily-planet-articles/ which contains a number of existing directories and files owned by ckent. ckent, now wants to grant read access of this article to other members of his team belonging to the group wgdailyplanet but not to anybody else. Here is the desired settings,
Type | Owner | Group | Other |
---|---|---|---|
Directories | rwx | rx | |
Files | rwx | r |
Notice that the group wgdailyplanet must be have execute permission to directories. Otherwise, members of wgdailplanet will not be able to transverse (cd into) the directories.
Often this is used by administrators,
cd /home/ckent/ sudo chown ckent:wgdailyplanet ./daily-planet-articles/ sudo chmod -R u+rwx,g+rx,o-rwx ./daily-planet-articles/
This will work, but the resulting effect will look like this,
Type | Owner | Group | Other |
---|---|---|---|
Directory | rwx | rx | |
File | rwx | rx |
The proper way to provide execute only to directories,
sudo chmod -R u+rwX,g+rX,o-rwx ./daily-planet-articles/
The key command switch is the capital X which will set execute/search when one or more of the criteria are met,
- The file is a directory (everything in *nix is a file, even a directory)
- Execute permission already set somewhere in Owner, Group or Other.