Unix file permissions control who can read, write, and execute files and directories. Permissions are represented in two notations: octal (e.g., 755) and symbolic (e.g., rwxr-xr-x). Each file has three permission groups — owner, group, and others — with three bits each (read=4, write=2, execute=1). The chmod command modifies these permissions and is fundamental to Linux/macOS system administration and web server security.
How do Unix file permissions work?
Every file and directory on a Unix-like system (Linux, macOS) has three sets of permissions assigned to three categories of users: the owner (the user who created the file), the group (users sharing a group with the owner), and others (everyone else).
Each category can be granted three types of access:
- Read (r) — view the file contents, or list a directory's files.
- Write (w) — modify the file, or create/delete files inside a directory.
- Execute (x) — run the file as a program, or enter a directory with
cd.
These permissions are stored as a bitmask. Each permission type has a numeric weight: read = 4, write = 2, execute = 1. Add the values together for each group to get the octal digit. For example, read + execute = 4 + 1 = 5.
A full permission set is expressed as three octal digits, one per group. chmod 755 means the owner gets 7 (4+2+1 = rwx), the group gets 5 (4+0+1 = r-x), and others get 5 (r-x).
What is the difference between octal and symbolic notation?
The chmod command accepts two notations:
Octal notation uses three digits (e.g., chmod 755 file). Each digit encodes one group's permissions as a sum of 4 (read), 2 (write), and 1 (execute). This is compact and unambiguous — it sets all permissions in one shot.
Symbolic notation uses letters and operators (e.g., chmod u+x file). The letters u, g, o refer to user/owner, group, and others. The operators +, -, = add, remove, or set permissions.
Most developers prefer octal for setting permissions from scratch and symbolic for quick adjustments.
What are the most common chmod permission patterns?
| Octal | Symbolic | Typical use |
|---|---|---|
| 755 | rwxr-xr-x | Directories, shell scripts, executables |
| 644 | rw-r--r-- | Regular files (HTML, CSS, config) |
| 600 | rw------- | Private files (SSH keys, .env) |
| 400 | r-------- | Read-only sensitive files |
| 777 | rwxrwxrwx | Avoid in production — full access to everyone |
A common mistake is setting 777 on web-accessible directories. This lets any process on the server modify your files. Use 755 for directories and 644 for files as your default, and only relax permissions when you have a specific reason.
If you also work with scheduled tasks, try our cron expression generator to build crontab schedules visually.