Alright, let’s talk about chmod. This is the command that lets you tell the system who gets to do what to a file. It’s the digital equivalent of a bouncer at a very exclusive club, checking a list before letting anyone in. And just like a bouncer, if you give it the wrong instructions, you’re going to have a bad time. You can use chmod in two main ways: the quick, powerful, but slightly cryptic octal mode (like 755) and the more verbose but intuitive symbolic mode (like u+x). We’re going to master both.

The Three Permission Types (The “What”)

Before we change permissions, we need to know what we’re changing. Every file and directory has three types of permissions, which are pretty straightforward:

  • Read (r): For a file, this means you can view its contents. For a directory, it means you can list the files inside it (ls). You can’t ls a directory you don’t have read permission for.
  • Write (w): For a file, this means you can modify its contents. For a directory, this is sneakier—it means you can create, delete, or rename files within that directory. Yes, deleting a file inside a directory is governed by the directory’s write permission, not the file’s. I’ll wait while you process that absurd-but-true fact.
  • Execute (x): For a file, this means you can run it as a program. For a directory, it’s often called “search”—it means you can access files inside the directory. This is the real kicker. You can cd into a directory only if you have execute on it. You can access a file inside a directory (e.g., cat /somedir/myfile) only if you have execute on the directory and the appropriate permission on the file itself. It’s a two-key system.

The Three Permission Groups (The “Who”)

Permissions aren’t assigned blindly; they’re given to three specific groups:

  • User (u): The owner of the file. The one who created it or had it bestowed upon them by the almighty chown.
  • Group (g): All the users who belong to the file’s assigned group. This is how you give access to a whole team at once.
  • Others (o): Everyone else on the system who isn’t the user and isn’t in the group. Often referred to as “world” permissions.

There’s also a for “all”, which is a handy shortcut to mean ugo.

Octal Mode: The Power of Numbers

Octal mode is where people’s eyes glaze over, but it’s actually incredibly elegant once it clicks. It represents permissions as a 3-digit number. Each digit is a sum of three values:

  • 4 = Read (r)
  • 2 = Write (w)
  • 1 = Execute (x)

You add these values together for each of the three groups (User, Group, Others) to form the three digits.

Let’s break down the classic chmod 755 my_script.sh:

# Let's see the before and after
ls -l my_script.sh
# -rw-r--r-- 1 user group 0 Aug 21 10:00 my_script.sh

chmod 755 my_script.sh

ls -l my_script.sh
# -rwxr-xr-x 1 user group 0 Aug 21 10:00 my_script.sh

Why 755?

  • User (first digit): 7 = 4 (Read) + 2 (Write) + 1 (Execute)
  • Group (second digit): 5 = 4 (Read) + 0 (Write) + 1 (Execute)
  • Others (third digit): 5 = 4 (Read) + 0 (Write) + 1 (Execute)

Another extremely common one is 644 for standard data files:

  • 644: User gets rw- (4+2=6), Group gets r-- (4), Others get r-- (4).

It’s dense, but it’s a fantastically quick and unambiguous way to set absolute permissions. You’re defining the entire state in one command.

Symbolic Mode: The Precision Tool

Symbolic mode is for making relative changes. You’re not defining the final state; you’re adding (+) or removing (-) a specific permission for a specific group. The format is [who][operator][permission].

Want to make a script executable for yourself? This is the perfect job for symbolic mode.

ls -l my_script.sh
# -rw-r--r-- 1 user group 0 Aug 21 10:00 my_script.sh

chmod u+x my_script.sh # User (u) add (+) Execute (x)

ls -l my_script.sh
# -rwxr--r-- 1 user group 0 Aug 21 10:00 my_script.sh

Need to lock down a file so no one else in the world can even peek at it?

chmod o-rwx secret_file.txt # Others (o) remove (-) Read, Write, and Execute

Made a horrible mistake and given everyone write permission to the company’s holiday party plan?

chmod a-w party_plan.doc # All (a) remove (-) Write

The beauty of symbolic mode is its surgical precision. You don’t need to know the current permissions for other groups; you’re just tweaking one part.

Best Practices and Pitfalls

  1. chmod -R is a Weapon of Mass Destruction: The recursive flag is your best friend and worst enemy. Running chmod -R 777 / will brick your system. Always, always double-check the path you’re about to recursively change. I test the recursive command with ls first: ls -l /path/to/target/dir to make sure it’s the right place.

  2. Directories Need Execute: The most common “it doesn’t work!” moment. You’ve set a directory to chmod 644. It looks right in ls -l, but you can’t cd into it. Why? Because you gave it read but not execute. Directories almost always need to be at least 755 (rwxr-xr-x).

  3. Umask is the Default Manager: Permissions for newly created files aren’t random; they’re controlled by the umask. It’s a mask that subtracts permissions from a default (usually 666 for files, 777 for dirs). A common umask like 022 means new files become 644 (666 - 022) and new directories become 755 (777 - 022). It’s why your files aren’t world-writable by default.

  4. The Sticky Bit (t): This is a gem. On a directory, the sticky bit (chmod +t /tmp or the octal 1 prefix, e.g., 1777) means only the file’s owner, the directory’s owner, or root can delete a file within it. It’s why you can’t delete other people’s files in /tmp, even though it’s world-writable. The t shows up in the others’ execute field (drwxrwxrwt).

Use octal when you know the exact permissions you want to set on everything. Use symbolic when you need to make a quick, targeted adjustment. Know the difference between file and directory semantics. Do this, and you’ll be the one handing out permissions instead of begging for them.