Understanding Chmod and Unix File Permissions
Every file and directory on a Unix or Linux system has a set of permissions that control who can read, write, or execute it. The chmod command (short for "change mode") is how you modify these permissions. Understanding file permissions is essential for server administration, deployment scripts, and keeping your system secure.
The Three Permission Groups
Unix permissions are divided into three groups:
- Owner (u). The user who created the file. Usually has the most permissions.
- Group (g). Users who belong to the file's group. Useful for team collaboration.
- Others (o). Everyone else on the system.
The Three Permission Types
| Permission | Symbol | Value | For Files | For Directories |
|---|---|---|---|---|
| Read | r | 4 | View file contents | List directory contents |
| Write | w | 2 | Modify file contents | Create/delete files in dir |
| Execute | x | 1 | Run as program | Enter directory (cd) |
Reading Permission Strings
When you run ls -l, you see a 10-character string like -rwxr-xr-x:
- rwx r-x r-x
| owner group others
The first character indicates the type: - for regular file, d for directory, l for symbolic link. The remaining 9 characters are three groups of rwx.
Octal (Numeric) Notation
Instead of symbols, permissions can be expressed as a three-digit octal number. Each digit is the sum of its permission values (read=4, write=2, execute=1):
| Octal | Symbolic | Meaning |
|---|---|---|
| 7 | rwx | Read + Write + Execute (4+2+1) |
| 6 | rw- | Read + Write (4+2) |
| 5 | r-x | Read + Execute (4+1) |
| 4 | r-- | Read only (4) |
| 0 | --- | No permissions |
Common Permission Values
| Value | Use Case |
|---|---|
| 755 | Directories, executable scripts. Owner can do everything, others can read and execute. |
| 644 | Regular files (HTML, CSS, images). Owner can read/write, others can only read. |
| 700 | Private files/directories. Only the owner has access. |
| 600 | SSH keys, config files with secrets. Owner read/write only. |
| 777 | Everyone can do everything. Avoid in production, it is a security risk. |
Using chmod
The chmod command can use either octal or symbolic notation:
chmod 755 script.sh # octal notation
chmod u+x script.sh # add execute for owner
chmod go-w config.yml # remove write from group and others
chmod -R 755 ./public # recursive, apply to all files in directory
Common Mistakes
- Using 777 in production. This gives everyone full access. Use 755 for directories and 644 for files instead.
- Forgetting execute on directories. Without execute permission on a directory, users cannot
cdinto it, even if they have read permission. - Recursive chmod on wrong directory. Running
chmod -Ron/will break your system. Always double-check the path. - SSH key permissions. SSH requires
chmod 600on private keys. If permissions are too open, SSH will refuse to use the key.
Calculate permissions
Use the interactive chmod calculator to toggle permissions and get the octal value and chmod command instantly.
Open Chmod Calculator