| Who | Read (4) | Write (2) | Execute (1) |
|---|---|---|---|
| Owner | |||
| Group | |||
| Others |
Advanced — special bits (setuid / setgid / sticky)
chmod 755 file
chmod -R 755 folder
chmod u=rwx,g=rx,o=rx file
What each permission does
| Permission | File | Directory |
|---|---|---|
| r Read | View contents | List files |
| w Write | Modify file | Create / delete files |
| x Execute | Run as program | Enter directory |
How chmod numbers work
Every file has three permission classes — owner, group, and others — and each class can have three permissions, each with a value:
- Read = 4 — view the file's contents (or list a directory)
- Write = 2 — modify the file (or add/remove files in a directory)
- Execute = 1 — run the file as a program (or enter a directory)
Add the values for each class to get one digit (0–7), then write the three digits in order: owner, group, others. For example rwx = 4 + 2 + 1 = 7, and r-x = 4 + 1 = 5, so rwxr-xr-x is 755.
Common permissions reference
| Numeric | Symbolic | Plain English | Typical use |
|---|---|---|---|
777 | rwxrwxrwx | Everyone can read, write, and execute | Avoid — world-writable security risk |
755 | rwxr-xr-x | Owner full; group & others read + execute | Directories, scripts, executables |
750 | rwxr-x--- | Owner full; group read + execute; others none | Group-private executables |
700 | rwx------ | Owner full; nobody else | Private directories, ~/.ssh |
644 | rw-r--r-- | Owner read + write; everyone else read | Regular files, web content |
640 | rw-r----- | Owner read + write; group read; others none | Config files with group secrets |
600 | rw------- | Owner read + write only | Private keys, .env files |
444 | r--r--r-- | Everyone read-only | Locked read-only files |
400 | r-------- | Owner read-only | Protected private files |
Numeric vs symbolic notation
The numeric (octal) form sets all permissions at once as an absolute value: chmod 644 file. The symbolic form edits specific bits:
chmod u+x file— add execute for the owner (leaves everything else as-is)chmod go-w file— remove write from group and otherschmod u=rwx,g=rx,o=rx file— set absolute permissions; this equalschmod 755 file
Note the difference between + and =: + only adds bits on top of what is already there, while = sets the exact permissions. To reproduce a numeric mode with symbolic syntax, always use = — which is why this tool's symbolic command uses it.
What does chmod 777 mean — and why it's risky
chmod 777 (rwxrwxrwx) grants read, write, and execute to the owner, the group, and every other user on the system. That means any user can modify or replace the file — including overwriting a script with malicious code. It is almost never the right fix, even when a tutorial suggests it to "make a permission error go away."
Use the least permission that works instead: 755 for directories and executables, 644 for regular files, and 600 for secrets. If a web server needs to write to a folder, give that folder to the server's user/group rather than opening it to everyone.
Special permissions: setuid, setgid, and the sticky bit
A leading fourth digit holds three special bits (open the Advanced section above to toggle them):
- setuid (4) — an executable runs with the privileges of its owner, not the user running it (e.g.
passwd). Shown assin the owner execute slot:chmod 4755→rwsr-xr-x. - setgid (2) — runs with the group's privileges, or makes new files in a directory inherit that directory's group. Shown as
sin the group execute slot. - sticky bit (1) — on a shared directory like
/tmp, only a file's owner can delete or rename it. Shown astin the others execute slot:chmod 1777→rwxrwxrwt.
Frequently Asked Questions
What does chmod 755 mean?
chmod 755 sets rwxr-xr-x: the owner can read, write, and execute (7), while the group and others can read and execute but not write (5). It is the standard permission for directories and executable scripts — everyone can use them, but only the owner can change them.
How is the chmod number calculated?
Each permission has a value: read = 4, write = 2, execute = 1. Add them up for each of the three classes (owner, group, others). For example, read + write + execute = 4 + 2 + 1 = 7, and read + execute = 4 + 1 = 5, giving 755 for rwxr-xr-x.
What is the difference between numeric and symbolic chmod?
Numeric (octal) mode sets all permissions at once as an absolute value, e.g. chmod 644 file. Symbolic mode changes specific bits, e.g. chmod u+x file adds execute for the owner. To make a symbolic command equal to a numeric mode, use the absolute = form (chmod u=rwx,g=rx,o=rx) rather than the additive + form, which only adds bits without clearing the others.
What does chmod 777 mean and is it safe?
chmod 777 (rwxrwxrwx) gives read, write, and execute to everyone — owner, group, and all other users. It is almost always a security risk because any user on the system can modify or replace the file. Use the least permission that works instead, such as 755 for executables/directories or 644 for regular files.
What are the setuid, setgid, and sticky bits?
They are special permissions stored in a leading fourth digit. setuid (4) makes an executable run as its owner; setgid (2) makes it run as its group or makes new files in a directory inherit the group; the sticky bit (1) on a directory lets only a file's owner delete it (used on /tmp). For example, chmod 4755 sets setuid on a 755 file.
How do I apply chmod permissions recursively?
Add the -R flag: chmod -R 755 folder applies the mode to a directory and everything inside it. Be careful — applying a file mode like 644 recursively can strip the execute bit that directories need to be entered. A common safe approach is to set directories to 755 and files to 644 separately using find.