正在加载,请稍候…

Linux File Permissions Explained: chmod Calculator and Reference

Master Unix and Linux file permissions. Learn rwx notation, octal values, special bits (setuid, setgid, sticky), and use our chmod calculator.

What Are Unix File Permissions?

Unix file permissions control who can read, write, and execute files and directories. They are a fundamental part of Unix and Linux security, determining which users and groups can access each file.

Every file and directory has three sets of permissions for three categories of users: the owner (user), the group, and others (everyone else).

The Permission Bits

Each category has three permission bits:

Symbol Value Meaning for Files Meaning for Directories
r 4 Read the file content List directory contents
w 2 Modify the file Create/delete files in directory
x 1 Execute as a program Enter the directory (cd)
- 0 Permission denied Permission denied

Reading the Permission String

The ls -l command shows permissions as a 10-character string:

-rwxr-xr--  owner group  filename
│└──┴──┴──
│  │  │  └── Others: r--, read only (4)
│  │  └───── Group:  r-x, read+execute (5)
│  └──────── Owner:  rwx, full access (7)
└─────────── File type: - (file), d (directory), l (symlink)

The Octal Notation

Permissions are most commonly expressed as an octal (base-8) number where each digit represents one category (owner, group, others):

Permission  Binary  Octal
---         000     0
--x         001     1
-w-         010     2
-wx         011     3
r--         100     4
r-x         101     5
rw-         110     6
rwx         111     7

So chmod 755 means:

7 = rwx (owner: full access)
5 = r-x (group: read and execute)
5 = r-x (others: read and execute)

Common Permission Patterns

Octal Symbolic Use Case
400 r-------- Read-only, owner only (private key files)
600 rw------- Read/write, owner only (SSH private keys, .env files)
644 rw-r--r-- Web files (readable by server, writable by owner)
664 rw-rw-r-- Shared team files
700 rwx------ Private executable or directory
755 rwxr-xr-x Standard executables and public directories
775 rwxrwxr-x Shared directory (group can write)
777 rwxrwxrwx Anyone can do anything (avoid in production)

The chmod Command

# Set permissions with octal notation
chmod 755 script.sh
chmod 644 index.html
chmod 600 ~/.ssh/id_rsa

# Set permissions with symbolic notation
chmod u+x script.sh       # Add execute for owner
chmod g-w shared.txt      # Remove write for group
chmod o=r public.txt      # Set others to read-only
chmod a+r document.pdf    # Add read for all (a = all = ugo)

# Recursive (apply to directory and all contents)
chmod -R 755 /var/www/html

Special Permission Bits

Beyond the standard rwx bits, Unix has three special permission bits:

Setuid (s on owner execute, octal 4000)

Executable runs with the owner's privileges, not the caller's:

chmod 4755 /usr/bin/sudo
-rwsr-xr-x  (s in owner's execute position)

Setgid (s on group execute, octal 2000)

For executables: runs with group's privileges. For directories: new files inherit the directory's group:

chmod 2775 /shared/project
drwxrwsr-x

Sticky bit (t on others execute, octal 1000)

For directories: only the file owner can delete their own files:

chmod 1777 /tmp
drwxrwxrwt  (t = sticky bit)

This is why everyone can write to /tmp but cannot delete each other's files.

Default Permissions with umask

The umask (user file creation mask) determines default permissions for new files. It subtracts from the maximum permissions:

Default max for files:       666 (rw-rw-rw-)
Default max for directories: 777 (rwxrwxrwx)
Typical umask:               022
Result for files:            644 (666 - 022)
Result for directories:      755 (777 - 022)

-> Try the chmod Calculator