How to change the file permissions with chmod and chown

Tip: Save and restore your file permissions, owners and groups with Allrights.tgz

With the shell command "chmod" you can basically select three things:
-For whom the rights shall be changed (user, group, others)
-Which rights (read, write, execute)
-For what (file, folder, etc.)

The rights of symbolic links (soft links) are never used by Linux and thus ignored by chmod. If chmod is applied to a symbolic link the permissions of the target will be changed.

Changing permissions

Add/remove permissions (other rights remain unchanged)

Adds the right writeable to the file test.txt for others

chmod o+w test.txt

Adds all rights for this file for the user, the group and others (chmod a+rwx text.txt is the same)

chmod ugo+rwx test.txt

Removes the right to read for the user of the folder

chmod u-r folder1/

Removes the right to read these files for the group

chmod g-r test1.txt test2.txt

Set permissions (other rights will be removed)

Sets the right to readable for the user

chmod u=r test.txt

Sets the right to read- and writeable for the user and the group

chmod ug=rw test.txt

Sets the right for the user, group and others for all .pl-files to readable and executable

chmod a=rx *.pl

You can also use digits to set the rights:
read(4), write(2), execute(1).
Just combine the digits to get the desired result. The following commands do the same as above:

Sets the rights to readable for the user

chmod 400 test.txt

Sets the rights to read- and writeable for the user and the group

chmod 660 test.txt

Sets the rights of all perlscripts to readable and executable for the user, group and others

chmod 555 *.pl

Changing SUID/SGID

!!! SUID and SGID only work with executable binaries, not with scripts !!!
If you test it with Perl scripts, bash scripts, PHP scripts or Java classes for example, don't be surprised that nothing happens. You can set SUID and SGID but your script will still run with the UID and GID of the calling process. The reason is that for each script you execute the corresponding interpreter is called. This interpreter is the actual binary that is executed. You can see it by using the command "ps -ax". An executed perl script looks like this:
/usr/bin/perl ./perltest.pl

SUID
Sets the UID for test. If the file is executed it will now run with the rights of the user of the file and not with the rights of the one who runs it !

chmod u+s test

SGID
Sets the GID for test. If executed the file now runs with the rights of the group of the file and not with the rights of the group who runs it !

chmod g+s test

If SGID is set on a directory, all new created files inside this folder won't get the main group id of the creator. Instead, they will be created with the group id of the folder. E.g. the SGID is set for the testfolder "folder1" and it has the group id for "www". Now, if the root user creates a file inside folder1 the group id for this file will not be "root" but "www". SUID and SGID can be set at the same time.

Changing sticky bit
This applies only to directories.

Selects the sticky bit for the folder testfolder

chmod +t testfolder/

Deselects the sticky bit for the folder testfolder

chmod -t testfolder/

Normally, if a folder can be written by others, all files inside can be deleted or modified by others, no matter who the owner of the file is. If the sticky bit is set, files inside this directory can only be deleted or modified by the owner of the file.

The SUID, SGID and Sticky bit can also be set with numbers: SUID(4), SGID(2), sticky bit(1). A fourth digit has to be added in front of the 3 permission digits.

Sets the SUID bit(e.g. chmod 4711 test)

chmod 4xxx test

Sets the SGID bit

chmod 2xxx test

Selects the sticky bit

chmod 1xxx testfolder/

Deselects the sticky bit

chmod 0xxx testfolder/

Selects SGID and sticky bit

chmod 3xxx test/

What do capital letters mean when I use the "ls -l" command ?
There are capital letters for t (sticky bit) or s (SUID or SGID) if the right for execution is not set at this postion (user, group, others). That's because the SUID/SGID and the right for execution have the same position. A capital letter indicates that the underlying executable bit is not set. And this is also a warning signal. Such a configuration is at least strange. SUID, SGID and sticky bit make no sense without the right for execution.
Here's an example:
In the first part the executable bit of the user is not set and the result is a capital S. In the second part the executable bit of the user is set and the result is a normal s.

ls -l
d-----x--x ...
chmod u+s folder1/
ls -l
d--S--x--x ...

ls -l
d--x--x--x ...
chmod u+s folder1/
ls -l
d--s--x--x ...

What does readable, writeable and "executable" for directories exactly mean ?
-To be able to read a directory means that a process can get a list of the content which is inside it
(if it is allowed to enter)
-To be able to write to a directory means that a process can create and delete things inside it
(if it is allowed to enter)
-To be able to "execute" a directory means that a process is allowed to enter it, nothing else

Without the right "executable" the process cannot enter a directory. That means, the right readable or writeable alone doesn't help at all. The same happens if "executable" is the only right the process has. Then it cannot get a list of the content and it cannot create or delete things inside the directory.

All this applies only to non-root uids, root always has all rights even if a directory is set to 0000.

Changing owner/group
Changes the user of the file to ftp

chown ftp text.txt

Changes the group of the file to www

chown :www text.txt

Changes the user of the file to ftp and the group to www

chown ftp:www test.txt

More tips
For chmod and chown you can use the -R option. With -R it is possible to change files and directories recursively.
This will change the permissions of the testfolder and all files and subdirectories inside.

chmod -R 755 /testfolder

This will set owner/group of the testfolder including all files and subdirectories inside to ftp/www.

chown -R ftp:www /testfolder

Where to go from here?
The following keywords may help you further:
umask, access control lists (acl), sudo, su, chattr, lsattr