chmod Permissions Cheatsheet — Unix File Permission Reference

Unix file permissions control who can read, write, and execute files and directories. Every file has three permission sets: one for the owner, one for the group, and one for everyone else. Understanding permissions is essential for server administration, deployment, and security.

Permission Basics

Each file has three permission categories and three permission types:

Reading ls -l Output

-rwxr-xr-- 1 alice developers 4096 Mar 21 10:00 script.sh
│├─┤├─┤├─┤
│ │   │  └── Others: read only (r--)
│ │   └───── Group: read + execute (r-x)
│ └───────── Owner: read + write + execute (rwx)
└─────────── File type: - (regular file), d (directory), l (symlink)

Numeric (Octal) Notation

Each permission has a numeric value. Add them up for each category.

Combine by adding: rwx = 4+2+1 = 7, r-x = 4+0+1 = 5, r-- = 4+0+0 = 4

Common Permission Sets

chmod Command — Symbolic Mode

# Format: chmod [who][operator][permissions] file
# who: u (user), g (group), o (others), a (all)
# operator: + (add), - (remove), = (set exactly)

chmod u+x script.sh          # Add execute for owner
chmod g+rw file.txt           # Add read+write for group
chmod o-w file.txt            # Remove write for others
chmod a+r file.txt            # Add read for everyone
chmod u=rwx,g=rx,o=r file     # Set exact permissions
chmod go= secret.key          # Remove all group and others permissions
chmod +x script.sh            # Add execute for all (same as a+x)
chmod u+s program             # Set setuid bit
chmod g+s directory            # Set setgid bit
chmod +t /tmp                  # Set sticky bit

chmod Command — Numeric Mode

chmod 755 script.sh           # rwxr-xr-x
chmod 644 index.html          # rw-r--r--
chmod 600 id_rsa              # rw-------
chmod 700 .ssh                # rwx------
chmod 664 shared-doc.txt      # rw-rw-r--
chmod 775 shared-dir          # rwxrwxr-x

Recursive Permission Changes

# Change all files and directories recursively
chmod -R 755 /var/www/html

# Change only directories (find + chmod)
find /var/www -type d -exec chmod 755 {} \;

# Change only files
find /var/www -type f -exec chmod 644 {} \;

# Common web server setup
find /var/www -type d -exec chmod 755 {} \;
find /var/www -type f -exec chmod 644 {} \;

Special Permissions

Beyond the standard rwx bits, there are three special permission bits.

# Setuid example (appears as 's' in user execute position)
chmod 4755 /usr/bin/passwd     # -rwsr-xr-x

# Setgid on directory (new files inherit group)
chmod 2775 /shared/project     # drwxrwsr-x

# Sticky bit (appears as 't' in others execute position)
chmod 1777 /tmp                # drwxrwxrwt

# Numeric with special bits: prepend the special bit digit
chmod 4755 file   # setuid + 755
chmod 2755 dir    # setgid + 755
chmod 1755 dir    # sticky + 755

chown and chgrp

Change file ownership alongside permissions:

# Change owner
chown alice file.txt
chown alice:developers file.txt    # Change owner and group
chown :developers file.txt         # Change group only
chown -R alice:developers /dir     # Recursive

# Change group
chgrp developers file.txt
chgrp -R developers /dir           # Recursive

Default Permissions (umask)

The umask controls default permissions for newly created files and directories.

# View current umask
umask              # Shows octal (e.g., 0022)
umask -S           # Shows symbolic (e.g., u=rwx,g=rx,o=rx)

# Set umask
umask 022          # Default: files 644, dirs 755
umask 077          # Restrictive: files 600, dirs 700
umask 002          # Group-friendly: files 664, dirs 775

The calculation: files start at 666 and directories at 777. The umask is subtracted (bitwise AND with complement).

Quick Reference for Common Scenarios

Calculate permissions visually with the chmod Calculator tool.