Interactive chmod calculator, common permissions, symbolic notation, umask, and special permissions.
SYMBOLIC NOTATION
Format: chmod [who][operator][permission] file
Who: u (user/owner), g (group), o (others), a (all)
Operator: + (add), - (remove), = (set exactly)
Permission: r (read), w (write), x (execute)
EXAMPLES
| Command | Equivalent | Description |
|---|
chmod u+x file | -- | Add execute for owner |
chmod g-w file | -- | Remove write for group |
chmod o=r file | -- | Set others to read only |
chmod a+r file | -- | Add read for everyone |
chmod u=rwx,g=rx,o=rx | 755 | Standard executable |
chmod u=rw,g=r,o=r | 644 | Standard file |
chmod u=rwx,g=,o= | 700 | Owner only (full) |
chmod a= file | 000 | Remove all permissions |
chmod ug+rw file | -- | Add read+write for user and group |
chmod +x file | -- | Add execute for all (same as a+x) |
chmod -R 755 dir/ | -- | Recursive: apply to dir and contents |
chmod --reference=f1 f2 | -- | Copy permissions from f1 to f2 |
NUMERIC BREAKDOWN
| Value | Permission | Binary |
|---|
| 0 | --- (none) | 000 |
| 1 | --x (execute) | 001 |
| 2 | -w- (write) | 010 |
| 3 | -wx (write+execute) | 011 |
| 4 | r-- (read) | 100 |
| 5 | r-x (read+execute) | 101 |
| 6 | rw- (read+write) | 110 |
| 7 | rwx (all) | 111 |
UMASK REFERENCE
What is umask?
umask sets the default permissions for newly created files and directories. It works by subtracting from the maximum permissions.
Default max: files = 666, directories = 777
Resulting permission = max - umask
| umask | Files | Directories | Description |
|---|
0000 | 666 (rw-rw-rw-) | 777 (rwxrwxrwx) | No restrictions (insecure) |
0002 | 664 (rw-rw-r--) | 775 (rwxrwxr-x) | Collaborative: group can write |
0022 | 644 (rw-r--r--) | 755 (rwxr-xr-x) | Standard default (most systems) |
0027 | 640 (rw-r-----) | 750 (rwxr-x---) | Group read, no others |
0037 | 640 (rw-r-----) | 740 (rwxr-----) | Restrictive group |
0077 | 600 (rw-------) | 700 (rwx------) | Owner only (most restrictive) |
0177 | 600 (rw-------) | 600 (rw-------) | Owner read/write only |
0277 | 400 (r--------) | 500 (r-x------) | Owner read only |
Common Commands
umask - Show current umask
umask 022 - Set umask for current session
Add to ~/.bashrc or ~/.profile for permanent change
SPECIAL PERMISSIONS
Setuid (SUID) - 4xxx
When set on an executable, it runs with the permissions of the file owner (not the user running it).
chmod 4755 file or chmod u+s file
Shown as: -rwsr-xr-x (lowercase s = x is also set, uppercase S = x is not set)
Example: /usr/bin/passwd uses SUID to modify /etc/shadow
Setgid (SGID) - 2xxx
On files: executes with group permissions of the file. On directories: new files inherit the directory's group.
chmod 2755 dir or chmod g+s dir
Shown as: drwxr-sr-x (lowercase s = x is also set)
Useful for shared directories where files should belong to the same group
Sticky Bit - 1xxx
On directories: only the file owner, directory owner, or root can delete/rename files within.
chmod 1777 dir or chmod +t dir
Shown as: drwxrwxrwt (lowercase t = x is also set, uppercase T = x is not set)
Example: /tmp uses sticky bit so users can't delete each other's temp files
SPECIAL PERMISSION COMBINATIONS
| Numeric | Symbolic | Description |
|---|
4755 | -rwsr-xr-x | SUID executable (e.g. passwd) |
4750 | -rwsr-x--- | SUID, group execute, no others |
2755 | drwxr-sr-x | SGID directory |
2775 | drwxrwsr-x | SGID, group writable |
1777 | drwxrwxrwt | Sticky bit (/tmp) |
1755 | drwxr-xr-t | Sticky, standard permissions |
6755 | -rwsr-sr-x | SUID + SGID |
3777 | drwxrwsrwt | SGID + Sticky |