chmod changes file permissions - who can read, write, and execute a file. Understanding permissions fixes "Permission denied" errors and secures your files.
The Permission System
Every file has three permission types:
| Permission | Letter | Number | Meaning |
|---|---|---|---|
| Read | r | 4 | View contents |
| Write | w | 2 | Modify contents |
| Execute | x | 1 | Run as program |
And three user categories:
| Category | Letter | Who |
|---|---|---|
| Owner | u | The file's owner |
| Group | g | Users in the file's group |
| Others | o | Everyone else |
View Permissions
ls -l filenameOutput:
-rwxr-xr-- 1 john staff 1024 Dec 15 file.shBreaking down -rwxr-xr--:
| Characters | Meaning |
|---|---|
- |
File type (- = file, d = directory) |
rwx |
Owner: read, write, execute |
r-x |
Group: read, execute |
r-- |
Others: read only |
Numeric Mode
Each permission has a number:
| Permission | Value |
|---|---|
| Read (r) | 4 |
| Write (w) | 2 |
| Execute (x) | 1 |
Add them up for each category:
| Number | Meaning |
|---|---|
| 7 | rwx (4+2+1) |
| 6 | rw- (4+2) |
| 5 | r-x (4+1) |
| 4 | r-- (4) |
| 0 | --- (none) |
Common Permission Numbers
| Mode | Meaning | Use case |
|---|---|---|
| 755 | Owner: all. Others: read/execute | Executable scripts |
| 644 | Owner: read/write. Others: read | Normal files |
| 700 | Owner only | Private files |
| 600 | Owner read/write only | Secrets, SSH keys |
| 777 | Everyone: everything | Almost never needed |
Change Permissions (Numeric)
chmod 755 script.sh
chmod 644 document.txt
chmod 600 ~/.ssh/id_rsaSymbolic Mode
Use letters instead of numbers:
chmod u+x file # Add execute for owner
chmod g-w file # Remove write for group
chmod o=r file # Set others to read only
chmod a+r file # Add read for all (a = all)Operators:
+adds permission-removes permission=sets exact permission
Make a Script Executable
The most common use:
chmod +x script.shNow you can run it:
./script.shRecursive Changes (-R)
Apply to directory and contents:
chmod -R 755 folder/Be careful - this changes everything inside.
Common Scenarios
Fix "Permission denied" on a script:
chmod +x script.shSecure SSH keys (required by SSH):
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
chmod 700 ~/.sshMake a file read-only:
chmod 444 important.txtReset to default permissions:
chmod 644 file.txt # Regular file
chmod 755 folder/ # DirectoryDirectory Permissions
Directories need execute permission to be entered:
| Permission | For directories |
|---|---|
| r | List contents |
| w | Create/delete files inside |
| x | Enter the directory |
chmod 755 folder/ # Normal directory
chmod 700 private/ # Private directoryView Numeric Permissions
stat -f "%Lp" filenameShows just the number like 755 or 644.
Common Mistakes
Using 777:
chmod 777 fileGives everyone full access. Almost never what you want. Use the minimum permissions needed.
Recursive on wrong directory:
chmod -R 755 /Would break your system. Always double-check paths before -R.
Fixing Common Permission Issues
"Permission denied" running a script:
chmod +x script.shCan't edit a file you own:
chmod u+w file.txtDirectory won't let you in:
chmod +x directory/chown vs chmod
| Command | Changes |
|---|---|
chmod |
Permissions (who can do what) |
chown |
Ownership (who owns it) |
chmod 755 file # Change permissions
chown john:staff file # Change owner to john, group to staffQuick Reference
| Command | Result |
|---|---|
chmod 755 file |
rwxr-xr-x |
chmod 644 file |
rw-r--r-- |
chmod 600 file |
rw------- |
chmod +x file |
Add execute |
chmod -w file |
Remove write |
chmod -R 755 dir/ |
Recursive |
Keep Learning
Permissions are fundamental to Unix security. The free course covers this and other essential concepts.
Check it out at Mac Terminal for Humans.