chmod Command in Linux: Octal, Symbolic Modes & Recursive -R (Ubuntu)

The chmod command sets read, write, and execute permission bits on files and directories. Use octal modes like 644 and 755, symbolic forms like u+x, or chmod -R to fix an entire tree.

Published

Updated

Read time 10 min read

Reviewed byDeepak Prasad

chmod Command in Linux: Octal, Symbolic Modes & Recursive -R (Ubuntu)
About The chmod command sets read, write, and execute permission bits on files and directories. Use octal modes like 644 and 755, symbolic forms like u+x, or chmod -R to fix an entire tree.
Tested on Ubuntu 25.04 (Plucky Puffin); chmod (GNU coreutils) 9.5; kernel 7.0.0-27-generic
Package coreutils (apt/deb) · coreutils (dnf/rpm)
Man page chmod(1)
Privilege file owner / root / sudo
Distros

GNU coreutils on Linux, BSD, and macOS (options may differ slightly).

Ownership changes: chown.

Related guide

chmod — quick reference

Octal modes

Three digits set owner, group, and others. Each digit is the sum of r=4, w=2, x=1.

When to use Command
Read/write for owner, read-only for everyone else (common file default) chmod 644 FILE
Full access for owner, read+execute for group and others (common script) chmod 755 FILE
Only the owner can read or write chmod 600 FILE
Read-only for all three classes chmod 444 FILE
Set setuid bit on a file (leading 4) chmod 4755 FILE
Set setgid bit (leading 2) chmod 2755 FILE
Sticky bit on a directory (leading 1, often 1777) chmod 1777 DIR

Symbolic modes

Adjust specific classes without rewriting all three digits. Classes: u user, g group, o others, a all. Operators: + add, - remove, = set exactly.

When to use Command
Make a script executable for the owner chmod u+x FILE
Remove write for group and others chmod go-w FILE
Add read for everyone chmod a+r FILE
Set owner to read+write only, clear group/others chmod u=rw,go= FILE
Set setuid on the owner execute bit chmod u+s FILE
Set setgid on the group execute bit chmod g+s FILE
Set sticky bit on a directory chmod +t DIR

Recursive traversal

-R applies the mode to a directory and its contents. With -R, pick how symlinks to directories are traversed; only the last -H, -L, or -P counts (-H is the default for chmod).

When to use Command
Change an entire directory tree chmod -R 755 DIR
Recursive with symlink-to-dir CLI arg traversed chmod -R -H MODE DIR
Follow every directory symlink while walking chmod -R -L MODE DIR
Do not traverse directory symlinks chmod -R -P MODE DIR
Directories 755, files 644 (safer than one mode on everything) find DIR -type d -exec chmod 755 {} \;
find DIR -type f -exec chmod 644 {} \;
When to use Command
Change the symlink inode (not the target) chmod -h MODE SYMLINK
Change the referent (default) chmod MODE SYMLINK

Reference mode

When to use Command
Match permissions of another file chmod --reference=REF FILE

Output control

When to use Command
Print a line for every file processed chmod -v MODE FILE
Print only when the mode actually changes chmod -c MODE FILE
Suppress most file-related errors chmod -f MODE FILE

Safety

When to use Command
Block recursive chmod on / chmod -R --preserve-root MODE /path
Allow recursive chmod on / (dangerous) chmod -R --no-preserve-root MODE /

Help and version

When to use Command
Show brief usage chmod --help
Show coreutils version chmod --version

chmod — command syntax

Synopsis from chmod --help on Ubuntu 25.04 (chmod GNU coreutils 9.5):

text
chmod [OPTION]... MODE[,MODE]... FILE...
  or:  chmod [OPTION]... OCTAL-MODE FILE...
  or:  chmod [OPTION]... --reference=RFILE FILE...

Each symbolic MODE looks like [ugoa]*([-+=]([rwxXst]*|[ugo]))+|[-+=][0-7]+. chmod changes permission bits only — use chown to change owner or group.


chmod — command examples

Essential Set file permissions with an octal mode

Octal 644 is a common default for regular files: owner read+write, everyone else read-only.

Run the command:

bash
chmod 644 /tmp/chmod-lab/file.txt

Verify the mode:

bash
stat -c '%a %n' /tmp/chmod-lab/file.txt

Sample output:

text
644 /tmp/chmod-lab/file.txt

You can also read the symbolic form with ls -l (rw-r--r--).

Essential Make a script executable for the owner

Shell scripts need the execute bit before you can run them as ./script.sh.

Run the command:

bash
chmod u+x /tmp/chmod-lab/script.sh

Verify:

bash
ls -l /tmp/chmod-lab/script.sh

Sample output:

text
-rwxr--r-- 1 root root 19 Jul  1 17:46 /tmp/chmod-lab/script.sh

The x in the owner triplet (rwx) means the owner may execute the file.

Common Tighten permissions with symbolic modes

Symbolic modes let you add or remove bits without recalculating octal digits — handy when you only want to drop group write.

Run the command:

bash
chmod go-w /tmp/chmod-lab/file.txt

Verify:

bash
stat -c '%a %n' /tmp/chmod-lab/file.txt

Sample output:

text
644 /tmp/chmod-lab/file.txt

Starting from 664, removing go-w lands on 644. Add read back for all classes with chmod a+r FILE when needed.

Common Apply one mode recursively with -R

chmod -R walks a directory and sets the same mode on every entry. Fast, but the same bits on files and directories are not always what you want — see the find example next.

Run the command:

bash
chmod -R 750 /tmp/chmod-lab

List modes under the tree:

The step below orders lines with sort; see the sort command for flags, key fields, and piping from awk, find, or ls.

bash
find /tmp/chmod-lab -exec stat -c '%a %n' {} \; | sort

Sample output (trimmed):

text
750 /tmp/chmod-lab
750 /tmp/chmod-lab/file.txt
750 /tmp/chmod-lab/script.sh
750 /tmp/chmod-lab/subdir
750 /tmp/chmod-lab/subdir/inner.txt

Every entry received 750 (rwxr-x---). For web roots, prefer separate directory and file modes.

Common Directories 755, files 644 — safer recursive fix

Directories need execute so users can cd into them; files usually should not be world-executable. find with -type avoids applying one octal mode to everything.

Run the commands:

bash
find /tmp/chmod-lab -type d -exec chmod 755 {} \;
find /tmp/chmod-lab -type f -exec chmod 644 {} \;

Verify:

bash
find /tmp/chmod-lab -exec stat -c '%a %n' {} \; | sort

Sample output:

text
644 /tmp/chmod-lab/file.txt
644 /tmp/chmod-lab/ref.txt
644 /tmp/chmod-lab/script.sh
644 /tmp/chmod-lab/subdir/inner.txt
755 /tmp/chmod-lab
755 /tmp/chmod-lab/subdir

Directories show 755; regular files show 644. Symlinks are not regular files and keep their own mode unless you handle them explicitly.

Common Copy permissions from a reference file

When a new file should match an existing template, --reference copies the full mode in one step.

Run the command:

bash
chmod 640 /tmp/chmod-lab/ref.txt
chmod 600 /tmp/chmod-lab/file.txt
chmod --reference=/tmp/chmod-lab/ref.txt /tmp/chmod-lab/file.txt

Verify both files:

bash
stat -c '%a %n' /tmp/chmod-lab/file.txt /tmp/chmod-lab/ref.txt

Sample output:

text
640 /tmp/chmod-lab/file.txt
640 /tmp/chmod-lab/ref.txt

Both paths now share mode 640.

Advanced Verbose and changes-only output

-v reports every file; -c reports only when the mode changes — useful in scripts and audit logs.

Run:

bash
chmod -v 644 /tmp/chmod-lab/file.txt
chmod -c 644 /tmp/chmod-lab/file.txt
chmod -c 600 /tmp/chmod-lab/file.txt

Sample output:

text
mode of '/tmp/chmod-lab/file.txt' changed from 0640 (rw-r-----) to 0644 (rw-r--r--)
mode of '/tmp/chmod-lab/file.txt' changed from 0644 (rw-r--r--) to 0600 (rw-------)

The second chmod -c 644 prints nothing because the mode was already 644.

Advanced Recursive chmod safety on /

A mistyped recursive chmod against / can make the system unusable. GNU chmod blocks that when --preserve-root is set (common in distro aliases).

Run:

bash
chmod -R --preserve-root 755 /

Sample output:

text
chmod: it is dangerous to operate recursively on '/'
chmod: use --no-preserve-root to override this failsafe

Always narrow the path (/var/www/app, /tmp/staging) instead of overriding this guard.


chmod — when to use / when not

Use chmod when Use something else when
  • You need to change permission bits (read, write, execute) on files or directories
  • You are making a script executable or locking down a config file
  • You are fixing modes on a deploy tree — often find + chmod for dirs vs files
  • You want to copy modes from a template file with --reference
  • You need to change who owns the file → chown
  • You only need to change the group owner → chgrp
  • You need per-user ACLs beyond user/group/other → setfacl
  • You want default modes for new files → umask in shell profile or systemd unit

chmod vs chown

chmod chown
Changes rwx permission bits User and/or group owner
Typical input 755, u+x, go-w user:group
Who may run it File owner for owned files; root for others Usually root / sudo

Fix ownership first when files landed as the wrong user; then tighten modes with chmod.


Command One line
chmod Change permission bits (this page)
umask Default permission mask for new files
ls List files with permission strings

Browse the full index in our Linux commands reference.


chmod — interview corner

What is the difference between octal and symbolic chmod?

Octal modes use three digits (owner, group, others). Each digit sums r=4, w=2, x=1 — so 755 means owner rwx, group r-x, others r-x.

Symbolic modes name the class (u g o a) and an operator (+ - =):

bash
chmod 755 script.sh    # octal — set all bits at once
chmod u+x script.sh    # symbolic — add execute for owner only

Use octal in scripts when you want a fixed final mode. Use symbolic when you are tweaking one bit without touching the rest.

A strong answer is:

"Octal sets all three classes in one number; symbolic adds or removes specific bits per class. I use 644/755 in automation and u+x or go-w for quick fixes."

What does chmod -R do and what are the risks?

-R applies the mode to a directory and every file and subdirectory below it. One wrong path or mode can break apps — for example chmod -R 777 on a web root exposes writes to everyone.

Safer pattern for trees:

bash
find /var/www/app -type d -exec chmod 755 {} \;
find /var/www/app -type f -exec chmod 644 {} \;

GNU chmod also supports --preserve-root to refuse recursive runs on /.

A strong answer is:

"chmod -R propagates a mode through a tree. I avoid blanket 777, split dirs and files with find when possible, and never target / without meaning to."

Why do directories need the execute bit?

On a directory, execute means search — permission to traverse the directory and access entries inside (cd, stat on children). Read lets you list names (ls); write lets you create or delete entries.

A directory with rw- but no x is awkward: you might list filenames yet fail to open files inside. That is why directory modes are often 755 (owner full, others traverse+read) while files stay 644.

A strong answer is:

"On directories, x is traverse/search — without it you cannot cd into the dir or open files inside even if you can ls. That's why dirs are usually 755 and files 644."

What are setuid, setgid, and the sticky bit?

Special bits extend normal rwx:

Bit Octal prefix Effect (typical)
setuid 4 (4755) Process runs as file owner (e.g. passwd)
setgid 2 (2755) Process runs as file group; new files in dir inherit group
sticky 1 (1777) Only owner may delete their files in dir (e.g. /tmp)

Set them with octal prefixes or symbolic u+s, g+s, +t.

A strong answer is:

"setuid runs a program as its owner, setgid controls group inheritance on dirs, sticky on /tmp stops users deleting each other's files. I set them deliberately — not as part of routine 755 fixes."

Does chmod change file ownership?

No. chmod only changes permission bits visible in ls -l (rwxrwxrwx). chown changes the user and group owner columns.

After tar or rsync as root you often run both: chown to the service account, chmod to drop world-write on configs.

A strong answer is:

"chmod adjusts rwx bits; chown adjusts owner and group. I use chown for the account, chmod for the mode — they're complementary."


Troubleshooting

Symptom Likely cause Fix
Operation not permitted Not owner and not root Run with sudo or change only files you own
invalid mode Typo in symbolic or octal mode Check chmod --help; octal uses digits 0–7 only
cannot access 'FILE': No such file or directory Wrong path Fix path; use -f if missing files are expected in scripts
it is dangerous to operate recursively on '/' -R hit / with --preserve-root Narrow the target directory
Scripts still "Permission denied" after chmod +x Wrong interpreter, mount noexec, or SELinux Check shebang, mount options, and security context
chmod -R 755 broke web uploads Files lost write bit for the app user Restore file/dir split with find + chmod 644 / 755

Deepak Prasad

R&D Engineer

Founder of GoLinuxCloud with more than 15 years of expertise in Linux, Python, Go, Laravel, DevOps, Kubernetes, Git, Shell scripting, OpenShift, AWS, Networking, and Security. With extensive …