Linux file permissions control who can read, write, and execute files. Understanding chmod and permission notation is essential for every developer working with servers, Docker, or CI/CD pipelines.
Understanding the Permission System
Every file and directory in Linux has three permission sets: one for the owner (user), one for the group, and one for others (everyone else). Each set can grant three types of access:
- r — Read (r) — View file contents or list directory entries
- w — Write (w) — Modify file contents or create/delete files in a directory
- x — Execute (x) — Run a file as a program or enter a directory
-rwxr-xr-x 1 user group 4096 Feb 10 file.sh
│││ │││ │││
│││ │││ └── Others: r-x (read + execute = 5)
│││ └──── Group: r-x (read + execute = 5)
└────── Owner: rwx (read + write + execute = 7)
Result: 755Octal Notation Explained
Each permission set can be represented as a single digit from 0 to 7. The digit is the sum of the permission values:
4— Read = 42— Write = 21— Execute = 10— No permission = 0
Octal Reference Table
| Octal | rwx | Meaning |
|---|---|---|
0 | --- | No permission |
1 | --x | Execute only |
2 | -w- | Write only |
3 | -wx | Write + Execute |
4 | r-- | Read only |
5 | r-x | Read + Execute |
6 | rw- | Read + Write |
7 | rwx | Read + Write + Execute |
Common Permission Values
777777 — Full access for everyone (owner + group + others). Avoid in production! Only use for temporary debugging.755755 — Owner can do everything; group and others can read and execute. Standard for directories and executables.644644 — Owner can read and write; group and others can only read. Standard for regular files.600600 — Owner can read and write; no one else has access. Use for private config files and SSH keys.400400 — Owner can only read. Use for sensitive read-only files like certificates.chmod Command Syntax
Numeric mode sets all permissions at once:
chmod 755 script.sh # rwxr-xr-x
chmod 644 config.json # rw-r--r--
chmod 600 id_rsa # rw-------
chmod -R 755 /var/www/html # RecursiveSymbolic mode modifies specific permissions:
chmod u+x script.sh # Add execute for owner
chmod g-w file.txt # Remove write from group
chmod o+r file.txt # Add read for others
chmod a+x script.sh # Add execute for all (a = all)
chmod u=rwx,go=rx dir/ # Set owner=rwx, group+others=rxPractical Examples
# Web server setup
chmod 755 /var/www/html
chmod 644 /var/www/html/index.html
chmod 644 /var/www/html/style.css
# SSH key permissions
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
chmod 600 ~/.ssh/authorized_keys
# Script permissions
chmod +x deploy.sh
chmod 755 /usr/local/bin/my-tool
# Docker volume permissions
chmod -R 777 /tmp/build # Temporary build dir only!Special Permissions: SUID, SGID, Sticky Bit
SUID (4xxx) — Run file as the file owner. Example: /usr/bin/passwd runs as root.
chmod 4755 /usr/bin/passwdSGID (2xxx) — Run file as the file group, or new files in directory inherit group.
chmod 2755 /shared/projectSticky Bit (1xxx) — Only file owner can delete files in directory. Example: /tmp.
chmod 1777 /tmpCommon Mistakes and Security Tips
- Never use chmod 777 in production — it gives everyone full access.
- SSH keys must be 600 or 400 — SSH refuses to use keys with group/other access.
- Web server files should be 644 (files) and 755 (directories).
- Use chmod -R carefully — recursive changes can break things.
- Check permissions with ls -la before and after changes.
Try our interactive Chmod Calculator
Chmod Calculator →FAQ
What does chmod 777 mean?
chmod 777 gives read (4), write (2), and execute (1) permissions to the owner, group, and others — total access for everyone. This is a security risk and should be avoided in production.
What is the difference between 755 and 644?
755 allows the owner full access and others read+execute (used for directories and scripts). 644 allows the owner read+write and others read-only (used for regular files).
Why does SSH reject my key file?
SSH requires private key files to have permissions 600 or stricter. Run: chmod 600 ~/.ssh/id_rsa
What is the sticky bit?
The sticky bit (chmod 1xxx or chmod +t) prevents users from deleting files they do not own in a shared directory. The /tmp directory uses this.
How do I check current file permissions?
Run ls -la to see permissions in rwx format. The first column shows the permission string like -rwxr-xr-x (which equals 755).