How chmod and File Permissions Work
A practical guide to Unix file permissions — reading the permission string, understanding octal notation, using chmod and chown, and common secure permission patterns.
Reading the permission string
Run ls -l and you will see a 10-character string before each file. The first character is the file type (- for regular file, d for directory, l for symlink). The next nine characters are three groups of three: owner (u), group (g), and others (o). Each group shows read (r), write (w), execute (x), or a dash if the permission is absent.
-rwxr-xr-x 1 alice devs 4096 Jan 15 12:00 script.sh
^\ owner /\ group /\ others /
|
file type (- = regular file, d = directory, l = symlink)
# Breakdown:
# rwx = owner can read, write, execute
# r-x = group can read and execute (not write)
# r-x = others can read and execute (not write)Octal notation
Each permission group maps to a 3-bit number: read = 4, write = 2, execute = 1. Sum the bits you want. The three digits represent owner, group, others.
# Building 755:
# Owner: rwx = 4+2+1 = 7
# Group: r-x = 4+0+1 = 5
# Others: r-x = 4+0+1 = 5
# Result: 755
# Common permissions and their meaning:
# 755 rwxr-xr-x — directories, executables
# 644 rw-r--r-- — regular files
# 600 rw------- — private files (SSH keys, .env)
# 700 rwx------ — private executables or directories
# 400 r-------- — read-only (e.g. authorised_keys)
# 777 rwxrwxrwx — avoid in productionUsing chmod
# Octal mode
chmod 755 script.sh
chmod 644 config.json
chmod -R 755 public/ # recursive
# Symbolic mode
chmod u+x script.sh # add execute for owner
chmod g-w file.txt # remove write from group
chmod o=r file.txt # set others to read-only
chmod a+x script.sh # add execute for all
chmod u=rwx,go=rx script.sh # owner full; group and others r+x
# Who do the letters refer to?
# u = user (owner)
# g = group
# o = others
# a = all (u+g+o)Changing ownership with chown
# Change owner
chown alice file.txt
# Change owner and group
chown alice:developers file.txt
# Change group only (chgrp or chown :group)
chown :developers file.txt
chgrp developers file.txt
# Recursive
chown -R alice:developers /var/www/project/The sticky bit and setuid/setgid
# Sticky bit (1xxx) — common on shared directories like /tmp
# Only the file owner can delete or rename the file
chmod +t /tmp/shared-dir
# Shows as: drwxrwxrwt
# Setuid (4xxx) — file executes as its owner, not the caller
# Used by system tools like passwd
chmod u+s /usr/bin/passwd
# Shows as: -rwsr-xr-x
# Setgid (2xxx) — new files in directory inherit the directory's group
chmod g+s /var/www/uploads
# Shows as: drwxrwsr-xumask — default permissions for new files
umask is subtracted from the maximum permissions (666 for files, 777 for directories) when new files are created. The default umask of 022 gives new files 644 and new directories 755.
umask # show current umask (e.g. 0022)
umask 027 # new files: 640, new dirs: 750
# removes write+execute from others, write from group
# Calculation: max - umask = result
# Files: 666 - 022 = 644 (rw-r--r--)
# Directories: 777 - 022 = 755 (rwxr-xr-x)Why can I not edit a file even though I am the owner?
Check the permissions of the directory containing the file. To create, delete, or rename files in a directory you need write permission on the directory itself, regardless of the file's own permissions. Also check if the file system is mounted read-only.
What is the difference between chmod 777 and chmod a+rwx?
They produce the same result — both grant read, write, and execute to owner, group, and others. 777 uses octal notation; a+rwx uses symbolic notation. Use 777 sparingly — it gives every user on the system full access to the file.
Cron Expression Examples
A reference guide to cron syntax with common schedule patterns — from every minute to complex multi-field expressions — with plain-English explanations.
Read guide →How to Convert Units
A practical guide to unit conversion — understand the metric and imperial systems, common conversion factors, and how to convert length, weight, temperature, and volume accurately.
Read guide →How to Read HTTP Headers
A practical guide to HTTP headers — request vs response headers, what the most important ones mean, how to inspect them in the browser and curl, and security headers you should be setting.
Read guide →