chmod Command in Linux: Change File and Directory Permissions

In Linux, you can control file access through permissions, attributes, and ownership. This ensures that only authorized users and processes can read, modify, or execute files and directories.

This tutorial explains how to use the chmod command to change permissions on files and directories.

Linux File Permissions Overview #

Before going further, let us explain the basic Linux permissions model.

Every file and directory in Linux has an owner and a group, and is assigned permission access rights for three different classes of users:

• Owner (the user who owns the file)
• Group (users in the file’s group)
• Others (everyone else)

File ownership can be modified with chown (for owner) and chgrp (for group).

Three file permission types apply to each class:

• Read (r): View file contents or list directory contents
• Write (w): Modify file or add/remove items in a directory
• Execute (x): Run file as program/script or enter (cd) directory

Special bits (setuid, setgid, sticky) appear as s, S, t, or T in the execute position.

This concept allows you to specify which users are allowed to read, write, or execute the file.

File permissions can be viewed using the ls command:

ls -l filename.txt

-rw-r--r-- 12 linuxize users 12.0K Apr  8 20:51 filename.txt
|[-][-][-]-   [------] [---]
| |  |  | |      |       |
| |  |  | |      |       +-----------> 7. Group
| |  |  | |      +-------------------> 6. Owner
| |  |  | +--------------------------> 5. Alternate Access Method
| |  |  +----------------------------> 4. Others Permissions
| |  +-------------------------------> 3. Group Permissions
| +----------------------------------> 2. Owner Permissions
+------------------------------------> 1. File Type

Breakdown:

• The first character shows the file type. It can be a regular file (-), a directory (d), a symbolic link (l), or any other special type of file.

• The following nine characters represent the file permissions, three triplets of three characters each. The first triplet shows the owner permissions, the second one group permissions, and the last shows others permissions. The permissions can have a different meaning depending on the file type.

In the example (rw-r--r--):

• The file owner has read and write permissions (rw-)
• The group and others have only read permissions (r--)

The permission types can have different effects, depending on whether they are set to a file or to a directory:

Permissions on Files #

Permissions on Directories (Folders) #

Using the chmod Command #

The chmod command takes the following syntax:

chmod [OPTIONS] MODE FILE...

The chmod command allows you to change the permissions on a file using either a symbolic or numeric mode or a reference file. We will explain the modes in more detail later in this article. The command can accept one or more files and/or directories separated by spaces as arguments.

Only the root, the file owner, or a user with sudo privileges can change the permissions of a file. Be extra careful when using chmod, especially when changing permissions recursively.

Symbolic (Text) Method #

The symbolic method uses letters and operators to specify permissions. The syntax is:

chmod [OPTIONS] [ugoa…][-+=]perms…[,…] FILE...

The first set of flags ([ugoa…]) represent the users’ classes:

• u - The file owner.
• g - The users who are members of the group.
• o - All other users.
• a - All users, identical to ugo.

If the user’s flag is omitted, the default one is a, and the permissions that are set by umask are not affected.

The second set of flags ([-+=]), the operation flags, defines whether the permissions are to be removed, added, or set:

• - Removes the specified permissions.
• + Adds specified permissions.
• = Changes the current permissions to the specified permissions. If no permissions are specified after the = symbol, all permissions from the specified user class are removed.

The permissions (perms...) can be explicitly set using either zero or one or more of the following letters: r, w, x, X, s, and t. Use a single letter from the set u, g, and o when copying permissions from one user’s class to another user’s class.

When setting permissions for more than one user class ([,…]), use commas (without spaces) to separate the symbolic modes.

Below are some examples of how to use the chmod command in symbolic mode:

• Give the members of the group permission to read the file, but not to write and execute it:

  Terminal

  chmod g=r filename

• Remove the execute permission for all users:

  Terminal

  chmod a-x filename

• Recursively remove the write permission for other users:

  Terminal

  chmod -R o-w dirname

• Remove the read, write, and execute permission for all users except the file’s owner:

  Terminal

  chmod og-rwx filename

  The same can be also accomplished by using the following form:

  Terminal

  chmod og= filename

• Give read, write, and execute permissions to the file’s owner, read permissions to the file’s group, and no permissions to all other users:

  Terminal

  chmod u=rwx,g=r,o= filename

• Add the file’s owner permissions to the permissions that the members of the file’s group have:

  Terminal

  chmod g+u filename

• Add a sticky bit to a given directory:

  Terminal

  chmod o+t dirname

Numeric (Octal) Method #

In numeric mode, you set permissions for all three user classes (owner, group, and others) at once. The syntax is:

chmod [OPTIONS] NUMBER FILE...

The NUMBER can be a 3 or 4 digit number.

When a three-digit number is used, the first digit represents the permissions for the file’s owner, the second for the file’s group, and the last for all other users.

Each write, read, and execute permission has the following number value:

• r (read) = 4
• w (write) = 2
• x (execute) = 1
• no permissions = 0

The permissions number for a specific user class is the sum of the values of the permissions for that group.

To find out the file’s permissions in numeric mode, simply calculate the totals for all user classes. For example, to give read, write, and execute permission to the file’s owner, read and execute permissions to the file’s group, and only read permissions to all other users, you would do the following:

• Owner: rwx=4+2+1=7
• Group: r-x=4+0+1=5
• Others: r–=4+0+0=4

Using the method above, we come up with the number 754, which represents the desired permissions.

To set up the setuid, setgid, and sticky bit flags, use a four-digit number.

When the four-digit number is used, the first digit has the following meaning:

• setuid=4
• setgid=2
• sticky=1
• no changes = 0

The next three digits have the same meaning as when using a three-digit number.

If the first digit is 0, it can be omitted, and the mode can be represented with 3 digits. The numeric mode 0755 is equivalent to 755.

To calculate the numeric mode, you can also use another method (the binary method), but it is a little more complicated. Knowing how to calculate the numeric mode using 4, 2, and 1 is sufficient for most users.

You can check the file’s permissions in the numeric notation using the stat command:

stat -c "%a" filename

644

Here are some examples of how to use the chmod command in numeric mode:

• Give the file’s owner read and write permissions and only read permissions to group members and all other users:

  Terminal

  chmod 644 filename

• Give the file’s owner read, write, and execute permissions, read and execute permissions to group members, and no permissions to all other users:

  Terminal

  chmod 750 filename

• Give read, write, and execute permissions, and a sticky bit to a given directory:

  Terminal

  chmod 1777 dirname

• Recursively set read, write, and execute permissions to the file owner and no permissions for all other users on a given directory:

  Terminal

  chmod -R 700 dirname

Using a Reference File #

The --reference=ref_file option allows you to set the file’s permissions to be the same as those of the specified reference file (ref_file).

chmod --reference=REF_FILE FILE

For example, the following command will assign the permissions of file1 to file2:

chmod --reference=file1 file2

Recursively Change the File’s Permissions #

To recursively operate on all files and directories under the given directory, use the -R (--recursive) option:

chmod -R MODE DIRECTORY

For example, to change the permissions of all files and subdirectories under the /var/www directory to 755, you would use:

chmod -R 755 /var/www

Recursive changes may affect unintended files and can be dangerous. When not sure, test with find ... -print first. For fine-grained recursive control, such as setting different permissions for files and directories separately, see chmod recursive .

Operating on Symbolic Links #

Symbolic links always have 777 permissions.

By default, when changing a symlink’s permissions, chmod will change the permissions on the file the link is pointing to.

chmod 755 symlink

Chances are that instead of changing the target permissions, you will get a “cannot access ‘symlink’: Permission denied” error.

The error occurs because, by default, symlinks are protected on most Linux distributions, so you cannot operate on the target files. This option is set in /proc/sys/fs/protected_symlinks. 1 means enabled and 0 disabled. It is recommended not to disable the symlink protection.

Changing File Permissions in Bulk #

Sometimes you need to bulk change file and directory permissions. The most common scenario is to recursively change the website’s files permissions to 644 and the directories permissions to 755.

Using the numeric method:

find /var/www/my_website -type d -exec chmod 755 {} \;
find /var/www/my_website -type f -exec chmod 644 {} \;

Using the symbolic method:

find /var/www/my_website -type d -exec chmod u=rwx,go=rx {} \;
find /var/www/my_website -type f -exec chmod u=rw,go=r {} \;

The find command will search for files and directories under /var/www/my_website and pass each found file and directory to the chmod command to set the permissions.

Common chmod Permission Values #

Some chmod values appear so often that it is worth knowing what they mean in practice.

chmod 644 #

chmod 644 sets permissions to rw-r--r--: the owner can read and write, while the group and others get read-only access. This is the standard permission for most regular files and web content.

chmod 644 file

chmod 755 #

chmod 755 sets permissions to rwxr-xr-x: the owner has full access (read, write, execute), while the group and others can read and execute. Use it for directories and scripts that should be publicly accessible.

chmod 755 dir

chmod 700 #

chmod 700 sets permissions to rwx------: the owner has full access and no one else has any permissions. Use it for private scripts, config directories, or any resource restricted to the owner only.

chmod 700 file

chmod 600 #

chmod 600 sets permissions to rw-------: only the owner can read and write, with no access for anyone else. Use it for sensitive files such as private SSH keys (~/.ssh/id_rsa) or files that contain passwords.

chmod 600 file

chmod +x #

chmod +x adds execute permission for all user classes (owner, group, and others). It is the quickest way to make a script runnable without changing its read or write permissions.

chmod +x script.sh

Quick Reference #

For a printable quick reference, see the chmod cheatsheet .

Troubleshooting #

“Permission denied” error
You do not have the authority to change the file’s permissions. Run sudo chmod ... or switch to the file owner.

“No such file or directory”
The path is incorrect or the file does not exist. Verify with ls, use an absolute path, or use tab completion.

“Operation not permitted” even with sudo
Caused by filesystem mounts (e.g., FAT/NTFS), immutable attributes, or SELinux/AppArmor restrictions. Check with mount for noexec/nodev flags; remove the immutable flag with chattr -i file; review security policies.

Changes not applying to symbolic links
chmod on a symlink affects the target file, not the link itself. Due to /proc/sys/fs/protected_symlinks, the operation may be blocked. Run chmod directly on the target file instead.

“Invalid mode” error (e.g., “invalid mode: ‘abc’”)
Typo in symbolic or numeric mode. Numeric modes must be 3–4 digits. Use chmod --verbose to see what changes are applied and verify afterward with ls -l.

FAQ #

What is the difference between chmod 644 and chmod 755?
644 gives the owner read and write access while the group and others get read-only access, the standard permission for web files. 755 adds execute permission for everyone, making it the standard for directories and executable scripts. For a full breakdown of common values, see the chmod 777 guide .

What does chmod 755 mean?
chmod 755 sets permissions to rwxr-xr-x. The owner can read, write, and execute, while the group and others can read and execute only. This is a common setting for directories and executable scripts.

What does chmod 644 mean?
chmod 644 sets permissions to rw-r--r--. The owner can read and write the file, while the group and others can only read it. It is the standard permission for most regular files and web server content.

What does chmod 700 mean?
chmod 700 sets permissions to rwx------. The owner has full access and no other user can read, write, or execute the file. Use it for private scripts, directories with sensitive data, or SSH key directories such as ~/.ssh.

What does chmod 600 mean?
chmod 600 sets permissions to rw-------. Only the owner can read and write the file, with no access for anyone else. It is the standard permission for private SSH keys (~/.ssh/id_rsa) and files that store credentials.

How do I apply chmod recursively to files but not directories?
Use find to filter by type before passing to chmod. For example: find /path -type f -exec chmod 644 {} \; sets permissions on files only. See chmod recursive for a full guide.

What does chmod +x do?
It adds execute permission for all user classes (owner, group, and others). It is commonly used to make a shell script runnable: chmod +x script.sh.

Can I use letters and numbers together in the same chmod command?
No. The symbolic mode (letters) and numeric mode (octal digits) are separate methods; use one or the other in a single chmod call.

What happens if I run chmod 777 on a file?
It grants read, write, and execute access to everyone on the system. This is rarely appropriate outside of testing; avoid it on production files and web server directories.

Conclusion #

The chmod command gives you precise control over who can read, write, and execute files and directories on your Linux system. For a deeper look at how permissions interact with ownership, see the chown and chgrp commands.

About the authors

Dejan Panovski

Dejan Panovski is the founder of Linuxize, an RHCSA-certified Linux system administrator and DevOps engineer based in Skopje, Macedonia. Author of 800+ Linux tutorials with 20+ years of experience turning complex Linux tasks into clear, reliable guides.

View author page