What Is chmod?
chmod (change mode) is a Linux/Unix command that sets file and directory permissions. Every file has three permission groups — owner, group, and others — each with read, write, and execute flags. Understanding chmod is essential for server administration, deployment scripts, and security hardening.
Permission Basics: Read, Write, Execute
Each permission has a numeric value:
- Read (r) = 4 — view file contents or list directory
- Write (w) = 2 — modify file or create/delete files in directory
- Execute (x) = 1 — run file as program or enter directory
Permissions are combined by adding values. For example, read + write + execute = 4 + 2 + 1 = 7. Read + execute = 4 + 1 = 5. Read only = 4.
Numeric (Octal) Mode
The most common chmod syntax uses three digits: chmod [owner][group][others] filename. Each digit is a sum of r (4), w (2), x (1).
chmod 755 script.sh # Owner: rwx, Group: r-x, Others: r-x
chmod 644 config.txt # Owner: rw-, Group: r--, Others: r--
chmod 700 secret.key # Owner: rwx, Group: ---, Others: ---
chmod 600.env # Owner: rw-, Group: ---, Others: ---
chmod 777 temp/ # Everyone: rwx (AVOID in production)Symbolic Mode
Symbolic mode uses letters instead of numbers: u (user/owner), g (group), o (others), a (all). Operators: + (add), - (remove), = (set exactly).
chmod u+x script.sh # Add execute for owner
chmod g-w config.txt # Remove write from group
chmod o=r public.html # Set others to read-only
chmod a+r README.md # Add read for everyone
chmod u=rwx,g=rx,o=rx. # Same as chmod 755Common Permission Patterns
Here are the most frequently used chmod values in real-world scenarios:
| Chmod | Symbolic | Use Case |
|---|---|---|
755 | rwxr-xr-x | Directories, executable scripts |
644 | rw-r--r-- | Regular files, HTML, CSS, images |
700 | rwx------ | Private scripts, SSH keys directory |
600 | rw------- | .env files, private keys |
444 | r--r--r-- | Read-only config files |
777 | rwxrwxrwx | Temporary debugging only |
Recursive Permissions with -R
Use chmod -R to apply permissions to a directory and all its contents. Be careful — you usually want different permissions for files (644) vs directories (755):
# Set all files to 644 and directories to 755
find /var/www -type f -exec chmod 644 {} \;
find /var/www -type d -exec chmod 755 {} \; # Or recursively set everything (less precise)
chmod -R 755 /var/www/html/Special Permissions: SUID, SGID, Sticky Bit
Beyond the basic rwx, Linux supports three special permission bits:
- SUID (4) —
chmod 4755 file— File runs as the owner, not the user executing it. Used by/usr/bin/passwd. - SGID (2) —
chmod 2755 dir— New files in the directory inherit the group. Common for shared project folders. - Sticky Bit (1) —
chmod 1777 /tmp— Only file owners can delete their files. Used on/tmp.
Security Best Practices
- Never chmod 777 in production — it exposes files to all users on the system
- Use
600for.envfiles, SSH private keys, and database credentials - Web server files should be
644; directories755 - Use
chownalongside chmod to set proper file ownership - Audit permissions regularly with
find / -perm -777 -type f
Try calculating permissions interactively with our Chmod Calculator — paste any permission string and get instant numeric and symbolic equivalents.