What is the difference between `chmod go-rwx` and `chmod 700`

Question

My goal is to prevent modify/read permission of other users except the owner. On ubuntu forums as solutions both approach is given.

sudo useradd -d /home/newuser -m newuser
chmod 700 /home/newuser # or # chmod go-rwx /home/newuser

[Q] Is there any difference between chmod go-rwx and chmod 700 or both accomplish the same thing? If there is a difference which one is recommended?

Answer 1

go-rwx removes read, write, execute permissions from the group and other users. It will not change permissions for the user that owns the file.

Therefore e.g. a file with 644 (rw-r--r--) permissions will have 600 (rw------) after the command.

chmod 700 on the other hand will always change the permissions to 700 (rwx------), no matter the previous permissions.

So it depends on what you want to accomplish.

Notes:

• Especially when using -R to change entire directories, this makes go-rwx more useful, as the executable flag is usually only wanted on folders (so they can be entered) and program files that need to be executed. Using 700 would add the executable flag to all files that don't have it yet, which is usually not what you'd want to do.
• What the general effect of chmod 700 would actually look like in the other notation is chmod u+rwx,go-rwx or chmod u=rwx,go= (grants all permissions to user that owns file, removes all permissions of group and other)
• Not all versions of chmod support the ugo±rwx syntax scheme.

Answer 2

There could be a difference:
chmod 700 lets the owner read , write and execute, and gives no permissions for Group and Other.

chmod go-rwx removes read/write/execute permissions from group and others, but preserves whatever permissions the owner had.

So, for example, if the owner didn't have execute permission on the file, to begin with, and only had read and write, the result could be different. With chmod 700, the owner would also get execute permission, which he would not with chmod go-rwx.