What is chmod?
chmod (short for “change mode”) is a core Unix and Linux command used to change the access permissions of files and directories. Every file on a Unix-like system has three sets of permissions controlling access for the file’s owner, its group, and all other users.
Permissions were part of the original Unix design in the 1970s and remain the cornerstone of file security on Linux, macOS, BSD, and every other Unix-like operating system. Understanding chmod matters for system administration, web development, and security.
Permission Types
Each file has three types of access:
- Read (r = 4): View file contents or list directory contents
- Write (w = 2): Modify or delete the file, or add/remove files in a directory
- Execute (x = 1): Run the file as a program, or access files within a directory
These are assigned independently to three categories of users:
- Owner (u): The user who owns the file
- Group (g): Users in the file’s group
- Others (o): Everyone else
Numeric (Octal) Notation
The numeric system uses three digits, one per category. Each digit is the sum of permission values:
| Permission | Value |
|---|---|
| Read (r) | 4 |
| Write (w) | 2 |
| Execute (x) | 1 |
| None (-) | 0 |
For example, chmod 755 means:
- Owner: 7 (4+2+1) = rwx (read, write, execute)
- Group: 5 (4+0+1) = r-x (read, execute)
- Others: 5 (4+0+1) = r-x (read, execute)
How to Use This Tool
- Click the checkboxes to toggle read, write, and execute for each category
- Or enter a numeric value (like 755) to see the visual breakdown
- Read the numeric code and symbolic representation
- Copy the chmod command
Common Permission Values
| Numeric | Symbolic | Typical Use |
|---|---|---|
| 777 | rwxrwxrwx | Full access for everyone (dangerous) |
| 755 | rwxr-xr-x | Executable files, directories |
| 750 | rwxr-x— | Group-restricted executables |
| 644 | rw-r–r– | Regular files (web content) |
| 640 | rw-r—– | Group-readable config files |
| 600 | rw——- | Private files (SSH keys, configs) |
| 400 | r——– | Read-only private files |
Symbolic Notation
Symbolic notation uses letters and operators:
chmod u+x file # Add execute for owner
chmod g-w file # Remove write for group
chmod o=r file # Set others to read-only
chmod a+r file # Add read for all (a = all)
chmod u=rwx,g=rx,o=r file # Set all at once
Best Practices
- Principle of least privilege: Grant only the permissions that are needed
- Never use 777: Full access for everyone is a security risk
- Directories need execute: Without
x, users can’tcdinto or list a directory - Use 600 for sensitive files: SSH keys, database credentials, and config files with secrets
- Set directory permissions to 755: Allows others to traverse but not modify
- Check before changing: Use
ls -lato view current permissions before modifying - Use groups wisely: Instead of opening permissions to “others”, add users to the file’s group