>_cmd.script

chmod

Change file and directory permissions

Permissions

By CMD Script Team · 3 min read · Last updated

SYNTAX
chmod [OPTIONS] MODE FILE...

Options

Command options and flags
FlagDescription
+xAdd execute permission (shorthand for u+x,g+x,o+x)
-RApply the change recursively to a directory tree
u+wAdd write permission for the file's owner (user)
go-xRemove execute permission for group and others
--reference=FILEApply the same permissions as another file

Distribution compatibility

  • Ubuntu
  • Debian
  • Fedora
  • Arch
  • macOS

What it does

chmod ("change mode") changes the permission bits on a file or directory — who can read, write, or execute it. Permissions can be set symbolically (u+x, g-w) or numerically (755, 644).

Beginner examples

  • chmod +x script.sh — make a file executable for everyone
  • chmod 644 file.txt — owner can read/write, everyone else read-only
  • chmod u+w file.txt — add write permission for the owner
  • chmod -R 755 mydir/ — apply recursively to a directory tree
chmod 644 config.yaml

Advanced examples

  • Remove execute permission for group and others: chmod go-x file
  • Set permissions symbolically for multiple classes at once: chmod u=rwx,g=rx,o=r file
  • Apply the same permissions as another file: chmod --reference=other_file target_file
  • Set the setuid bit: chmod u+s /usr/bin/some-binary (use with caution — security sensitive)
find . -type f -exec chmod 644 {} \;

Common mistakes

  • Running chmod 777 on a file "just to make it work" — this grants write access to everyone, a common source of security vulnerabilities.
  • Forgetting -R when trying to change permissions on an entire directory tree, and wondering why subdirectories are unaffected.
  • Confusing numeric modes: 755 is rwxr-xr-x, not "rwx-r-x-r-x" — each digit is one octal value covering owner, group, other in that order.
  • Making a file executable (chmod +x) when the actual problem was a missing shebang line or wrong interpreter path.

Tips

  • Use chmod -R together with find and -type f/-type d when files and directories need different permissions (e.g. files 644, directories 755).
  • chmod +x is shorthand for adding execute to owner, group, and other — use u+x if you only want the owner to be able to execute it.
  • Check current permissions with ls -l before and after to confirm the change did what you expected.

Best practices

  • Avoid 777 permissions in production; grant the minimum access actually needed (principle of least privilege).
  • Prefer numeric mode (644, 755) for scripts and automation — it's unambiguous and idempotent, unlike relative symbolic changes (+x).
  • Be especially careful with setuid/setgid bits (chmod u+s, chmod g+s) — they can be a security risk if applied to writable or untrusted binaries.

Try it yourself

A simulated shell with a sample home directory — experiment freely, nothing leaves your browser. Type help to list supported commands.

Real-world use cases

  • Making a downloaded shell script executable before running it: chmod +x install.sh.
  • Locking down a secrets file so only the owner can read it: chmod 600 .env.
  • Fixing "permission denied" errors on a deployed web app's file-uploads directory.

Common interview questions

  • What does chmod 755 mean? Owner gets read/write/execute (7), group and others get read/execute (5 each) — rwxr-xr-x.
  • What's the difference between symbolic and numeric modes? Symbolic (u+x, g-w) modifies existing permissions relative to their current state; numeric (755) sets the absolute permission bits directly.
  • Why is chmod 777 considered bad practice? It gives every user on the system read, write, and execute access, removing any access control and creating a security risk.

Frequently Asked Questions

What does chmod 755 mean?

Owner gets read/write/execute (7), group and others get read/execute (5 each) — rwxr-xr-x.

What's the difference between symbolic and numeric modes?

Symbolic (u+x, g-w) modifies existing permissions relative to their current state; numeric (755) sets the absolute permission bits directly.

Why is chmod 777 considered bad practice?

It gives every user on the system read, write, and execute access, removing any access control and creating a security risk.

Cheat sheet

Download a quick-reference cheat sheet for chmod.