chmod Cheat Sheet: Unix File Permissions Quick Reference

Permission Basics: The Three Bits

Every file and directory in Unix and Linux systems has three fundamental permission types. Each permission is represented by a single bit, and each bit has a corresponding numeric value that you add together to form an octal digit:

• Read (r) = 4 -- Allows viewing the contents of a file or listing the entries in a directory.
• Write (w) = 2 -- Allows modifying a file's contents, or creating, deleting, and renaming entries within a directory.
• Execute (x) = 1 -- Allows running a file as a program or script, or entering a directory (using cd).

These three values combine additively. For example, read + write = 4 + 2 = 6. Read + execute = 4 + 1 = 5. All three = 4 + 2 + 1 = 7. No permissions at all = 0.

The Three Permission Groups

Unix applies these three permission types to three distinct groups of users, forming a 3-digit (or 4-digit) octal number:

• Owner (u) -- The user who owns the file. This is the first digit in the numeric notation. Typically the user who created the file.
• Group (g) -- Users who belong to the file's assigned group. This is the second digit. Groups enable shared access among team members without granting access to everyone.
• Others (o) -- Everyone else on the system who is not the owner and not in the group. This is the third digit.

When you see a permission like 755, the 7 applies to the owner, 5 applies to the group, and 5 applies to others. Try it yourself with our chmod calculator.

Common Permissions Table

Below are the permission values you will encounter most often in real-world Linux administration. Bookmark this table as a quick reference:

Symbolic Notation Explained

The symbolic (or "string") notation represents each permission as a character in a 9-character string. The string is divided into three triads of three characters each:

A letter means the permission is granted; a dash (-) means it is denied. So r-x means read is on, write is off, execute is on.

chmod Command Syntax

The chmod command changes file permissions. It accepts permissions in either numeric or symbolic format:

# Numeric syntax
chmod 755 myfile.sh
chmod 644 document.txt
chmod 600 ~/.ssh/id_rsa

# Symbolic syntax
chmod u+x script.sh        # Add execute for owner
chmod g-w config.yml        # Remove write for group
chmod o=r readme.txt        # Set others to read only
chmod a+r public.html       # Add read for all (a = all)
chmod u=rwx,g=rx,o=rx dir/  # Set exact permissions

Numeric vs Symbolic: When to Use Each

Numeric notation is best when you want to set an absolute, complete permission value. It replaces all existing permissions in one command. System administrators typically use numeric notation because it is concise and unambiguous.

Symbolic notation is best when you want to modify specific permissions without affecting others. The +, -, and = operators add, remove, or set permissions respectively. It is more readable and safer for incremental changes.

Special Permissions

Beyond the standard rwx bits, Unix supports three special permission bits that occupy a fourth octal digit prepended to the standard three:

• Setuid (4xxx) -- When set on an executable, the program runs with the privileges of the file owner instead of the user who launched it. The classic example is /usr/bin/passwd which needs root privileges to update /etc/shadow. In symbolic notation, an s replaces x in the owner triad. Example: 4755 = rwsr-xr-x.
• Setgid (2xxx) -- On an executable, the program runs with the group of the file. On a directory, new files created inside inherit the directory's group (instead of the creating user's primary group). Appears as s in the group triad. Example: 2755 = rwxr-sr-x.
• Sticky bit (1xxx) -- On a directory, prevents users from deleting or renaming files they do not own, even if they have write permission on the directory. The canonical example is /tmp. Appears as t in the others triad. Example: 1777 = rwxrwxrwt.

When the special bit is set but the underlying execute bit is not, uppercase letters are used: S instead of s, and T instead of t. This indicates a potentially misconfigured permission.

Recursive Permissions with chmod -R

The -R flag applies permissions recursively to all files and subdirectories:

chmod -R 755 /var/www/html/

Warning: Be cautious with recursive chmod. Applying 755 recursively makes every file executable, which is usually not desirable. Files and directories typically need different permissions. A safer approach uses find to target each type separately:

# Set directories to 755
find /var/www/html -type d -exec chmod 755 {} \;

# Set files to 644
find /var/www/html -type f -exec chmod 644 {} \;

This pattern is the standard approach for web server document roots, ensuring directories are traversable and files are readable but not executable.

Try It Yourself

Understanding permission notation becomes second nature with practice. Use our interactive chmod calculator to experiment with toggling permissions, and see how the numeric, symbolic, and grid representations update in real time.