change file or directory mode access permission

The mode of a new file is set based on the umask

chmod [Options]symbolic-mode file
chmod [Options] mmm file

--reference=reffile use reffile's mode

-R, --recursive
-f, --silent, --quiet suppress most error messages
-v, --verbose show files processed
-c, --changes show files changed

Symbolic-Mode options:
[ugoa [+-=][rwx Xst]
 ugoa specifies which users' access to the file will be changed:

  • user who owns it
  • group members
  • other users i.e. not the user who owns it and not users in the file's group
  • all ( i.e. ugo)
  Default: all user's flags (which are not inhibited by umask).

  • + adds to the existing modes
  • - removes modes
  • = sets modes
  • Read
  • Write
  • Xecute or special

rwxXst select the modes for the specified users:

read , write, execute
eXecute only if the file is a directory or already has execute permission for some user
set user or group ID on execution
t Save program text on swap device ( perhaps a performance enhancer )

For a directory mode means: read:list files, write:add, execute:access


Numeric mode:

(1-4 digits)
first digit special attributes

usually not used

SetGID 2000
second digit owner
read 400
write  200
execute  100
third digit group
read 040
write  020
execute  010
fourth digit other
users NOT in the file's group
read 004
write  002
execute  001

The mode is calculated by adding the values.
User (owner) (rwx) = 400+200+100= 700 ; Group(rx) = 40+10 = 50; Other (x) = 1 results in: mode = 751
Setting mode to 777 should be avoided as this permits anyone to modify the file.

mode calculator
owner  group  other

For symbolic links: the mode is not changed since they are not used. The mode of the target file is changed except during recursive directory traversals.

This page documents the GNU version of chmod.

see also:
ls -l lists current permissions for -- u (owner) rwx -- g (group) rwx -- O (Other) rwx --
chgrp - Change group ownership
chown - Change file owner and group
umask - sets "allowed" filter
Windows equivalent commands:
ATTRIB - Change file attributes
CACLS - Change AccessControlList settings
XCACLS - Change file permissions

and for us Mac ers

Fat file system only supports readonly, hidden, sys and archive. see ATTRIB.exe ATTRIB [ +| attribute ] [pathname] [/S [/D]] [/L] Display or change file attributes.

     +    : Turn an attribute ON
     -    : Clear an attribute OFF
pathname Drive and/or filename e.g. C:\*.txt
/S Search the pathname including all subfolders.
/D Process folders as well
/L Work on the attributes of the symbolic link versus the target of the Symbolic link.
RRead-only (1)
AArchive (32)
S System (4)
HHidden (2)
extended attributes
BSMB Blob Attribute (Windows 10)
CCompressed (128:read-only)
INot content-indexed
NNormal (0: cannot be used for file selection)
P Pinned Attribute (Windows 10) This refers to the "Always available on this device" setting for OneDrive files.
U Unpinned Attribute (Windows 10)
T Temporary
X No scrub file attribute (Windows 8+)
VIntegrity attribute (Windows 8+)

The numeric values can be used when changing attributes with VBS/WSH If no attribute is specified attrib will return the current attribute settings. Used with just the /S option ATTRIB will quickly search for a particular filename. In older versions of Windows, Explorer would display 'p' to indicate a 'sparse' file.

Hidden and System attributes take priority. If a file has both the Hidden and System attributes set, you can clear both attributes only with a single ATTRIB command.

For example, to clear the Hidden and System attributes for the RECORD.TXT file, type: ATTRIB -S -H RECORD.TXT

If a file has the System or Hidden attribute set, you must clear that attribute before you can change any other attributes with ATTRIB. Wildcards You can use wildcards (? and *) with the pathname parameter to display or change the attributes for a group of files.

Directory Attributes You can display or change some attributes for a directory/folder.

The Read-only attribute (R) does not apply to a folder. This is because a unlike a file, a folder object does not contain any content that can be edited. The Name of a folder can be changed but that is a rename operation not an edit of the contents.

The Read-only attribute of a folder can be set or cleared in Windows Explorer as a fast method of setting/clearing the Read-only attribute of all files within the folder. It does not actually set the attribute on the folder itself.

To use ATTRIB with a directory, you must explicitly specify the directory name; you cannot use wildcards to work with directories. So the following command would affect only files, not directories: ATTRIB +H C:*.*

To hide the directory C:\SECRET: ATTRIB +H C:\SECRET

Detect whether a path points to a file or a directory by reading the Extended Attribute for 'Directory' (as listed below).

The System attribute is used by Windows to determine that a folder is a special folder, such as My Documents, Favorites, Fonts, etc.

Archive attribute The Archive attribute (A) is used to mark files that have changed since they were previously backed up. The (A) flag is automatically updated by Windows as the file is saved. If the (A) flag is present - the file is new or has been changed since the last backup. The MSBACKUP, RESTORE, and XCOPY commands use these Archive attributes, as do most 3rd party backup solutions.

Temporary attribute DFSR will not replicate files if they have the Temporary attribute set. The temporary attribute can be removed by using PowerShell to subtract 0x100: PS C:\> Get-childitem D:\Data -recurse | ForEach-Object -process {if (($_.attributes -band 0x100) -eq 0x100) {$_.attributes = ($_.attributes -band 0xFEFF)}}

Extended Attributes are only available on NTFS volumes. File attributes can be read with FSUTIL usn readdata filename.ext Constants - the following attribute values are returned by the GetFileAttributes function:

Attribute   Constant    Dec Hex
(R) Read-only file. Applications can read the file, but cannot write to it or delete it. This attribute is not honored on directories.  FILE_ATTRIBUTE_READONLY
1   0x1
(H) Hidden. The file or directory is hidden. It is not included in an ordinary directory listing.   FILE_ATTRIBUTE_HIDDEN
2   0x2
(S) System. A file or directory that the operating system uses a part of, or uses exclusively.  FILE_ATTRIBUTE_SYSTEM
4   0x4
Directory. The handle that identifies a directory.  FILE_ATTRIBUTE_DIRECTORY
16  0x10
(A) Archive. A file or directory that is an archive file or directory. Applications typically use this attribute to mark files for backup or removal .    FILE_ATTRIBUTE_ARCHIVE
32  0x20
Device. This value is reserved for system use.  FILE_ATTRIBUTE_DEVICE   64  0x40
Normal. A file that does not have other attributes set. This pseudo attribute is considered to be set if all other attributes (including the extended attributes) are reset. FILE_ATTRIBUTE_NORMAL   128 0x80
(T) Temporary. A file that is being used for temporary storage. The OS will prefer cache memory for files marked as temporary.  FILE_ATTRIBUTE_TEMPORARY  256 0x100
Sparse file. A file that is a sparse file. A sparse file has an attribute that causes the I/O subsystem to allocate only meaningful (nonzero) data. Nonzero data is allocated on disk, and non-meaningful data (large strings of data composed of zeros) is not.    FILE_ATTRIBUTE_SPARSE_FILE
512 0x200
Reparse point. A file or directory that has an associated reparse point, or a file that is a symbolic link. FILE_ATTRIBUTE_REPARSE_POINT
1024    0x400
(C) Compressed file or directory that is compressed. For a file, all of the data in the file is compressed. For a directory, compression is the default for newly created files and subdirectories. FILE_ATTRIBUTE_COMPRESSED
2048    0x800
(O) Offline. The data of a file is not available immediately. This attribute indicates that the file data is physically moved to offline storage. This attribute is used by Remote Storage, which is the hierarchical storage management software. Applications should not arbitrarily change this attribute.  FILE_ATTRIBUTE_OFFLINE
4096    0x1000
(I) Not Indexed. The file or directory is not to be indexed by the content indexing service.    FILE_ATTRIBUTE_NOT_CONTENT_INDEXED
8192    0x2000
(E) Encrypted file or directory. For a file, all data streams in the file are encrypted. For a directory, encryption is the default for newly created files and subdirectories. FILE_ATTRIBUTE_ENCRYPTED    16,384  0x4000
Integrity. The directory or user data stream is configured with 'integrity' (only supported on ReFS volumes) which gives ReFS the ability to reliably detect file corruption.. It is not included in an ordinary directory listing.   FILE_ATTRIBUTE_INTEGRITY_STREAM 32,768  0x8000
Virtual. This value is reserved for system use. FILE_ATTRIBUTE_VIRTUAL  65,536  0x10000
(X) No Scrub. The user data stream not to be read by the background data integrity scanner (AKA scrubber) for proactive error correction. When set on a directory it only provides inheritance. This flag is only supported on Storage Spaces and ReFS volumes. It is not included in an ordinary directory listing.  FILE_ATTRIBUTE_NO_SCRUB_DATA    131,072 0x20000
(U) UnPinned.   FILE_ATTRIBUTE_UNPINNED 1,048,576   0x00100000
(P) Pinned. This refers to the "Always available on this device" setting for OneDrive files.    FILE_ATTRIBUTE_PINNED   524,288 0x00080000
(M) Recall on Data Access. When this attribute is set, it means that the file or directory is not fully present locally. For a file that means that not all of its data is on local storage (e.g. it may be sparse with some data still in remote storage). For a directory it means that some of the directory contents are being virtualized from another location. Reading the file / enumerating the directory will be more expensive than normal, e.g. it will cause at least some of the file/directory content to be fetched from a remote store. Only kernel-mode callers can set this bit.   FILE_ATTRIBUTE_RECALL_ON_DATA_ACCESS    4,194,304   0x00400000
For example, a file attribute of 0x120 indicates the Temporary + Archive attributes are set (0x100 + 0x20 = 0x120.)

Related commands:

CACLS - Change file permissions.
An alternative way to display extended attributes is using FOR parameter attributes
FSUTIL - File and Volume utilities.
Show superhidden file extensions.
Q326549 - Read-only & System attributes for folders.
PowerShell equivalent:(Get-Item 'example.txt').Attributes / Get-ItemProperty / Set-ItemProperty - Example script
Equivalent bash command (Linux): chmod - Change access permissions.