chmod — quick reference
Octal modes
Three digits set owner, group, and others. Each digit is the sum of r=4, w=2, x=1.
| When to use | Command |
|---|---|
| Read/write for owner, read-only for everyone else (common file default) | chmod 644 FILE |
| Full access for owner, read+execute for group and others (common script) | chmod 755 FILE |
| Only the owner can read or write | chmod 600 FILE |
| Read-only for all three classes | chmod 444 FILE |
| Set setuid bit on a file (leading 4) | chmod 4755 FILE |
| Set setgid bit (leading 2) | chmod 2755 FILE |
| Sticky bit on a directory (leading 1, often 1777) | chmod 1777 DIR |
Symbolic modes
Adjust specific classes without rewriting all three digits. Classes: u user, g group, o others, a all. Operators: + add, - remove, = set exactly.
| When to use | Command |
|---|---|
| Make a script executable for the owner | chmod u+x FILE |
| Remove write for group and others | chmod go-w FILE |
| Add read for everyone | chmod a+r FILE |
| Set owner to read+write only, clear group/others | chmod u=rw,go= FILE |
| Set setuid on the owner execute bit | chmod u+s FILE |
| Set setgid on the group execute bit | chmod g+s FILE |
| Set sticky bit on a directory | chmod +t DIR |
Recursive traversal
-R applies the mode to a directory and its contents. With -R, pick how symlinks to directories are traversed; only the last -H, -L, or -P counts (-H is the default for chmod).
| When to use | Command |
|---|---|
| Change an entire directory tree | chmod -R 755 DIR |
| Recursive with symlink-to-dir CLI arg traversed | chmod -R -H MODE DIR |
| Follow every directory symlink while walking | chmod -R -L MODE DIR |
| Do not traverse directory symlinks | chmod -R -P MODE DIR |
| Directories 755, files 644 (safer than one mode on everything) | find DIR -type d -exec chmod 755 {} \;find DIR -type f -exec chmod 644 {} \; |
Symbolic links
| When to use | Command |
|---|---|
| Change the symlink inode (not the target) | chmod -h MODE SYMLINK |
| Change the referent (default) | chmod MODE SYMLINK |
Reference mode
| When to use | Command |
|---|---|
| Match permissions of another file | chmod --reference=REF FILE |
Output control
| When to use | Command |
|---|---|
| Print a line for every file processed | chmod -v MODE FILE |
| Print only when the mode actually changes | chmod -c MODE FILE |
| Suppress most file-related errors | chmod -f MODE FILE |
Safety
| When to use | Command |
|---|---|
Block recursive chmod on / |
chmod -R --preserve-root MODE /path |
Allow recursive chmod on / (dangerous) |
chmod -R --no-preserve-root MODE / |
Help and version
| When to use | Command |
|---|---|
| Show brief usage | chmod --help |
| Show coreutils version | chmod --version |
chmod — command syntax
Synopsis from chmod --help on Ubuntu 25.04 (chmod GNU coreutils 9.5):
chmod [OPTION]... MODE[,MODE]... FILE...
or: chmod [OPTION]... OCTAL-MODE FILE...
or: chmod [OPTION]... --reference=RFILE FILE...Each symbolic MODE looks like [ugoa]*([-+=]([rwxXst]*|[ugo]))+|[-+=][0-7]+. chmod changes permission bits only — use chown to change owner or group.
chmod — command examples
Essential Set file permissions with an octal mode
Octal 644 is a common default for regular files: owner read+write, everyone else read-only.
Run the command:
chmod 644 /tmp/chmod-lab/file.txtVerify the mode:
stat -c '%a %n' /tmp/chmod-lab/file.txtSample output:
644 /tmp/chmod-lab/file.txtYou can also read the symbolic form with ls -l (rw-r--r--).
Essential Make a script executable for the owner
Shell scripts need the execute bit before you can run them as ./script.sh.
Run the command:
chmod u+x /tmp/chmod-lab/script.shVerify:
ls -l /tmp/chmod-lab/script.shSample output:
-rwxr--r-- 1 root root 19 Jul 1 17:46 /tmp/chmod-lab/script.shThe x in the owner triplet (rwx) means the owner may execute the file.
Common Tighten permissions with symbolic modes
Symbolic modes let you add or remove bits without recalculating octal digits — handy when you only want to drop group write.
Run the command:
chmod go-w /tmp/chmod-lab/file.txtVerify:
stat -c '%a %n' /tmp/chmod-lab/file.txtSample output:
644 /tmp/chmod-lab/file.txtStarting from 664, removing go-w lands on 644. Add read back for all classes with chmod a+r FILE when needed.
Common Apply one mode recursively with -R
chmod -R walks a directory and sets the same mode on every entry. Fast, but the same bits on files and directories are not always what you want — see the find example next.
Run the command:
chmod -R 750 /tmp/chmod-labList modes under the tree:
The step below orders lines with sort; see the sort command for flags, key fields, and piping from awk, find, or ls.
find /tmp/chmod-lab -exec stat -c '%a %n' {} \; | sortSample output (trimmed):
750 /tmp/chmod-lab
750 /tmp/chmod-lab/file.txt
750 /tmp/chmod-lab/script.sh
750 /tmp/chmod-lab/subdir
750 /tmp/chmod-lab/subdir/inner.txtEvery entry received 750 (rwxr-x---). For web roots, prefer separate directory and file modes.
Common Directories 755, files 644 — safer recursive fix
Directories need execute so users can cd into them; files usually should not be world-executable. find with -type avoids applying one octal mode to everything.
Run the commands:
find /tmp/chmod-lab -type d -exec chmod 755 {} \;
find /tmp/chmod-lab -type f -exec chmod 644 {} \;Verify:
find /tmp/chmod-lab -exec stat -c '%a %n' {} \; | sortSample output:
644 /tmp/chmod-lab/file.txt
644 /tmp/chmod-lab/ref.txt
644 /tmp/chmod-lab/script.sh
644 /tmp/chmod-lab/subdir/inner.txt
755 /tmp/chmod-lab
755 /tmp/chmod-lab/subdirDirectories show 755; regular files show 644. Symlinks are not regular files and keep their own mode unless you handle them explicitly.
Common Copy permissions from a reference file
When a new file should match an existing template, --reference copies the full mode in one step.
Run the command:
chmod 640 /tmp/chmod-lab/ref.txt
chmod 600 /tmp/chmod-lab/file.txt
chmod --reference=/tmp/chmod-lab/ref.txt /tmp/chmod-lab/file.txtVerify both files:
stat -c '%a %n' /tmp/chmod-lab/file.txt /tmp/chmod-lab/ref.txtSample output:
640 /tmp/chmod-lab/file.txt
640 /tmp/chmod-lab/ref.txtBoth paths now share mode 640.
Advanced Verbose and changes-only output
-v reports every file; -c reports only when the mode changes — useful in scripts and audit logs.
Run:
chmod -v 644 /tmp/chmod-lab/file.txt
chmod -c 644 /tmp/chmod-lab/file.txt
chmod -c 600 /tmp/chmod-lab/file.txtSample output:
mode of '/tmp/chmod-lab/file.txt' changed from 0640 (rw-r-----) to 0644 (rw-r--r--)
mode of '/tmp/chmod-lab/file.txt' changed from 0644 (rw-r--r--) to 0600 (rw-------)The second chmod -c 644 prints nothing because the mode was already 644.
Advanced Recursive chmod safety on /
A mistyped recursive chmod against / can make the system unusable. GNU chmod blocks that when --preserve-root is set (common in distro aliases).
Run:
chmod -R --preserve-root 755 /Sample output:
chmod: it is dangerous to operate recursively on '/'
chmod: use --no-preserve-root to override this failsafeAlways narrow the path (/var/www/app, /tmp/staging) instead of overriding this guard.
chmod — when to use / when not
| Use chmod when | Use something else when |
|---|---|
|
chmod vs chown
| chmod | chown | |
|---|---|---|
| Changes | rwx permission bits |
User and/or group owner |
| Typical input | 755, u+x, go-w |
user:group |
| Who may run it | File owner for owned files; root for others | Usually root / sudo |
Fix ownership first when files landed as the wrong user; then tighten modes with chmod.
Related commands
| Command | One line |
|---|---|
| chmod | Change permission bits (this page) |
umask |
Default permission mask for new files |
ls |
List files with permission strings |
Browse the full index in our Linux commands reference.
chmod — interview corner
What is the difference between octal and symbolic chmod?
Octal modes use three digits (owner, group, others). Each digit sums r=4, w=2, x=1 — so 755 means owner rwx, group r-x, others r-x.
Symbolic modes name the class (u g o a) and an operator (+ - =):
chmod 755 script.sh # octal — set all bits at once
chmod u+x script.sh # symbolic — add execute for owner onlyUse octal in scripts when you want a fixed final mode. Use symbolic when you are tweaking one bit without touching the rest.
A strong answer is:
"Octal sets all three classes in one number; symbolic adds or removes specific bits per class. I use 644/755 in automation and u+x or go-w for quick fixes."
What does chmod -R do and what are the risks?
-R applies the mode to a directory and every file and subdirectory below it. One wrong path or mode can break apps — for example chmod -R 777 on a web root exposes writes to everyone.
Safer pattern for trees:
find /var/www/app -type d -exec chmod 755 {} \;
find /var/www/app -type f -exec chmod 644 {} \;GNU chmod also supports --preserve-root to refuse recursive runs on /.
A strong answer is:
"chmod -R propagates a mode through a tree. I avoid blanket 777, split dirs and files with find when possible, and never target / without meaning to."
Why do directories need the execute bit?
On a directory, execute means search — permission to traverse the directory and access entries inside (cd, stat on children). Read lets you list names (ls); write lets you create or delete entries.
A directory with rw- but no x is awkward: you might list filenames yet fail to open files inside. That is why directory modes are often 755 (owner full, others traverse+read) while files stay 644.
A strong answer is:
"On directories, x is traverse/search — without it you cannot cd into the dir or open files inside even if you can ls. That's why dirs are usually 755 and files 644."
What are setuid, setgid, and the sticky bit?
Special bits extend normal rwx:
| Bit | Octal prefix | Effect (typical) |
|---|---|---|
| setuid | 4 (4755) |
Process runs as file owner (e.g. passwd) |
| setgid | 2 (2755) |
Process runs as file group; new files in dir inherit group |
| sticky | 1 (1777) |
Only owner may delete their files in dir (e.g. /tmp) |
Set them with octal prefixes or symbolic u+s, g+s, +t.
A strong answer is:
"setuid runs a program as its owner, setgid controls group inheritance on dirs, sticky on /tmp stops users deleting each other's files. I set them deliberately — not as part of routine 755 fixes."
Does chmod change file ownership?
No. chmod only changes permission bits visible in ls -l (rwxrwxrwx). chown changes the user and group owner columns.
After tar or rsync as root you often run both: chown to the service account, chmod to drop world-write on configs.
A strong answer is:
"chmod adjusts rwx bits; chown adjusts owner and group. I use chown for the account, chmod for the mode — they're complementary."
Troubleshooting
| Symptom | Likely cause | Fix |
|---|---|---|
Operation not permitted |
Not owner and not root | Run with sudo or change only files you own |
invalid mode |
Typo in symbolic or octal mode | Check chmod --help; octal uses digits 0–7 only |
cannot access 'FILE': No such file or directory |
Wrong path | Fix path; use -f if missing files are expected in scripts |
it is dangerous to operate recursively on '/' |
-R hit / with --preserve-root |
Narrow the target directory |
Scripts still "Permission denied" after chmod +x |
Wrong interpreter, mount noexec, or SELinux |
Check shebang, mount options, and security context |
chmod -R 755 broke web uploads |
Files lost write bit for the app user | Restore file/dir split with find + chmod 644 / 755 |

