Changing 777 folder and file permissions to 755 and 644

By Brian Tomasik

First published: . Last nontrivial update: .

Summary

On Unix-based operating systems like Mac and Linux, you sometimes encounter a large directory in which all files and subdirectories have permissions of 777 , meaning that anyone can read, write, and execute them. One way to change all directories to the more usual value of 755 and all files to the more usual value of 644 is the following command:

chmod -Rv a-x,u=rwX,go=rX yourfoldername/

Omit the v if you don't want verbosity.

Note: I'm a novice on this topic, and while the above command seemed to work for me, it may have flaws I'm not yet aware of.

Contents

Introduction

If you move your files to a new computer using an external drive, you may find that when you pull the files off the external drive and onto the destination computer, they all have permissions 777 . For example, this happened to me when I used an exFAT-formatted external hard drive. Super User ("chmod'ing ...") explains:

exFAT, as an extension of FAT, is not capable of storing discretionary access control metadata. This is why all the files on an exFAT volume appear to be 777 permissions. It's basically saying "this volume is wide-open because we can't not make it wide-open due to the file system format".

For reasons of security, I assume you should change the permissions of your files to something more restrictive once you have the files on your destination computer. The typical default values people use are 755 for directories and 644 for files.

I've found that one way to avoid the 777 problem is to zip up the files on the sending computer. When the zipped file is extracted on the receiving computer, it seems like the resulting files get your default permissions? However, you might not want to do this if you're transferring a lot of large files, since zipping them would take a while. If you just transfer the bare, non-zipped files, you may need to fix the permissions on the receiving computer.

The command

There are a few different methods for changing the permissions in the desired way for an entire directory. For example, Super User ("How to recursively ...") lists several. I preferred the answer by user "mpolden" on that thread; see also the comments on the answer. This method avoids the need to use find , xargs , etc.

As mpolden explains, you need to do -x first to remove execute permission and then later use X to turn execute permission back on for directories. The reason you need to remove execute permission first is that X leaves execute permission on for files that already have it, which all files do if the permissions are 777 .

The -x thing will remove execute permissions from any scripts you may have in your files. However, I personally don't mind this because I prefer to just run my shell scripts like

bash myscript.sh

rather than

./myscript.sh

The former method is more explicit and doesn't require making the script executable.

I made mpolden's answer a bit more concise by consolidating ugo into simply a (for "all users") and by using go=rX rather than needing to do go+rX and then go-w . The latter simplification is suggested by user "Pierre de LESPINAY" elsewhere in Super User ("How to recursively ...").

The result of these changes is the command at the very top of this piece. I added a "verbose" option because it helps you make sure your changes were correct. If the verbose output will be very long because you're affecting a large number of files, you can send the output to a file (let's call it output.txt ) and then examine the output.txt file afterward. You can measure the number of directories + files whose permissions changed as follows:

cat output.txt | grep changed | wc -l

And items whose permissions stayed the same:

cat output.txt | grep retained | wc -l