What Is chmod?

chmod (change mode) is a Linux/Unix command that sets file and directory permissions. Every file has three permission groups — owner, group, and others — each with read, write, and execute flags. Understanding chmod is essential for server administration, deployment scripts, and security hardening.

Permission Basics: Read, Write, Execute

Each permission has a numeric value:

  • Read (r) = 4 — view file contents or list directory
  • Write (w) = 2 — modify file or create/delete files in directory
  • Execute (x) = 1 — run file as program or enter directory

Permissions are combined by adding values. For example, read + write + execute = 4 + 2 + 1 = 7. Read + execute = 4 + 1 = 5. Read only = 4.

Numeric (Octal) Mode

The most common chmod syntax uses three digits: chmod [owner][group][others] filename. Each digit is a sum of r (4), w (2), x (1).

chmod 755 script.sh # Owner: rwx, Group: r-x, Others: r-x
chmod 644 config.txt # Owner: rw-, Group: r--, Others: r--
chmod 700 secret.key # Owner: rwx, Group: ---, Others: ---
chmod 600.env # Owner: rw-, Group: ---, Others: ---
chmod 777 temp/ # Everyone: rwx (AVOID in production)

Symbolic Mode

Symbolic mode uses letters instead of numbers: u (user/owner), g (group), o (others), a (all). Operators: + (add), - (remove), = (set exactly).

chmod u+x script.sh # Add execute for owner
chmod g-w config.txt # Remove write from group
chmod o=r public.html # Set others to read-only
chmod a+r README.md # Add read for everyone
chmod u=rwx,g=rx,o=rx. # Same as chmod 755

Common Permission Patterns

Here are the most frequently used chmod values in real-world scenarios:

ChmodSymbolicUse Case
755rwxr-xr-xDirectories, executable scripts
644rw-r--r--Regular files, HTML, CSS, images
700rwx------Private scripts, SSH keys directory
600rw-------.env files, private keys
444r--r--r--Read-only config files
777rwxrwxrwxTemporary debugging only

Recursive Permissions with -R

Use chmod -R to apply permissions to a directory and all its contents. Be careful — you usually want different permissions for files (644) vs directories (755):

# Set all files to 644 and directories to 755
find /var/www -type f -exec chmod 644 {} \;
find /var/www -type d -exec chmod 755 {} \; # Or recursively set everything (less precise)
chmod -R 755 /var/www/html/

Special Permissions: SUID, SGID, Sticky Bit

Beyond the basic rwx, Linux supports three special permission bits:

  • SUID (4)chmod 4755 file — File runs as the owner, not the user executing it. Used by /usr/bin/passwd.
  • SGID (2)chmod 2755 dir — New files in the directory inherit the group. Common for shared project folders.
  • Sticky Bit (1)chmod 1777 /tmp — Only file owners can delete their files. Used on /tmp.

Security Best Practices

  • Never chmod 777 in production — it exposes files to all users on the system
  • Use 600 for .env files, SSH private keys, and database credentials
  • Web server files should be 644; directories 755
  • Use chown alongside chmod to set proper file ownership
  • Audit permissions regularly with find / -perm -777 -type f

Try calculating permissions interactively with our Chmod Calculator — paste any permission string and get instant numeric and symbolic equivalents.