chmod Command Explained: Unix File Permissions Made Simple
A clear, practical guide to Unix file permissions and the chmod command. Understand numeric and symbolic notation, common permission patterns, and security best practices.
What Are File Permissions?
Every file and directory in Unix/Linux has three sets of permissions that control who can read, write, and execute it:
- Owner (u) — The user who owns the file
- Group (g) — Users in the file's group
- Others (o) — Everyone else
Each set has three permission types:
| Permission | Symbol | Numeric | Meaning for Files | Meaning for Directories |
|---|---|---|---|---|
| Read | r | 4 | View file contents | List directory contents |
| Write | w | 2 | Modify file | Create/delete files in directory |
| Execute | x | 1 | Run as program | Enter (cd into) directory |
Reading Permission Strings
When you run ls -la, you see permissions like:
-rwxr-xr-x 1 alice staff 4096 Jan 15 10:30 script.sh
drwxr-xr-x 5 alice staff 160 Jan 15 10:30 src/
Breaking down -rwxr-xr-x:
- rwx r-x r-x
│ │ │ │
│ │ │ └── Others: read + execute
│ │ └── Group: read + execute
│ └── Owner: read + write + execute
└── File type (- = file, d = directory, l = symlink)
Numeric (Octal) Notation
Each permission has a numeric value. Add them up for each set:
r = 4
w = 2
x = 1
rwx = 4 + 2 + 1 = 7
r-x = 4 + 0 + 1 = 5
r-- = 4 + 0 + 0 = 4
--- = 0 + 0 + 0 = 0
So rwxr-xr-x = 755
Common Permission Numbers
| Number | Permissions | Use Case |
|---|---|---|
755 | rwxr-xr-x | Executable scripts, directories |
644 | rw-r--r-- | Regular files (HTML, CSS, images) |
600 | rw------- | Private files (SSH keys, .env) |
700 | rwx------ | Private directories, scripts |
777 | rwxrwxrwx | Full access (avoid in production!) |
444 | r--r--r-- | Read-only files |
750 | rwxr-x--- | Group-accessible executables |
640 | rw-r----- | Group-readable files |
The chmod Command
Numeric Mode
chmod 755 script.sh
chmod 644 index.html
chmod 600 .env
chmod -R 755 public/ # Recursive
Symbolic Mode
chmod u+x script.sh # Add execute for owner
chmod g+w file.txt # Add write for group
chmod o-r secret.txt # Remove read for others
chmod a+r public.html # Add read for all
chmod u=rwx,g=rx,o=rx script.sh # Set exact permissions
Symbolic Operators
| Operator | Meaning |
|---|---|
+ | Add permission |
- | Remove permission |
= | Set exact permission |
Symbolic Targets
| Target | Meaning |
|---|---|
u | Owner (user) |
g | Group |
o | Others |
a | All (owner + group + others) |
Security Best Practices
-
Never use 777 — It gives everyone full access. If something "only works with 777", the real problem is elsewhere.
-
SSH keys must be 600 — SSH refuses to use keys with loose permissions:
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
chmod 700 ~/.ssh/
-
Web server files: 644, directories: 755 — The web server user needs read access, not write.
-
Environment files: 600 —
.envfiles contain secrets and should only be readable by the owner. -
Use groups for shared access — Instead of making files world-readable, add users to a group.
Calculate permissions visually with our Chmod Calculator — toggle permissions and get the numeric and symbolic notation instantly.
Related Tools & Articles
- Chmod Calculator — Visual permission calculator
- Linux Commands Cheat Sheet — Essential Linux commands
- Docker Commands Cheat Sheet — Docker reference
- Git Commands Cheat Sheet — Git reference