Linux File Permissions Cheat Sheet | Interactive chmod Reference

#

Numeric Modes

12

chmod 777 file

Full permissions for everyone (rwxrwxrwx). Use with extreme caution.

Dangerous

chmod 755 file

Standard for executables and directories. Owner can read/write/execute; group and others can read/execute.

Common

chmod 644 file

Standard for files. Owner can read/write; group and others can only read.

Common

chmod 600 file

Owner only — read and write. Perfect for private keys and sensitive config files.

Private

chmod 700 file

Owner only — full access. No one else can do anything.

Private

chmod 400 file

Owner read-only. Immutable from owner's perspective (unless root).

chmod 444 file

Read-only for everyone. Useful for published files.

chmod 750 file

Owner full access, group read+execute, others nothing. Good for shared executables.

chmod 660 file

Owner and group can read/write, others no access. Good for shared files.

chmod 640 file

Owner read+write, group read-only, others nothing. Conservative file sharing.

chmod -R 755 directory

Recursively apply 755 to directory and all contents. Common for web roots.

Recursive

chmod -R u+rwX,go+rX,go-w directory

Smart recursive: files get 644, directories get 755, executables keep execute.

RecursiveSmart

+

Symbolic Modes

10

chmod u+x file

Add execute permission for the owner (user).

chmod g+w file

Add write permission for the group.

chmod o-r file

Remove read permission for others.

chmod a+r file

Add read permission for all (user, group, and others).

chmod u=rwx,g=rx,o= file

Set exact permissions: owner rwx, group rx, others none. Equivalent to 750.

chmod +x file

Add execute for all classes. Shorthand for a+x.

chmod -R u+w directory

Recursively add owner write permission.

Recursive

chmod g=u file

Set group permissions equal to owner permissions.

chmod o= file

Remove all permissions for others.

chmod u+s file

Set SUID bit — execute with owner privileges. Used for passwd, ping, etc.

Special

@

Ownership

8

chown user file

Change file owner to specified user.

chown user:group file

Change both owner and group simultaneously.

Common

chown :group file

Change only the group, keep current owner.

chown -R user:group directory

Recursively change owner and group for directory and all contents.

Recursive

chgrp group file

Change group ownership. Same as chown :group file.

chown --reference=ref_file target_file

Copy ownership from reference file to target.

chown $USER:$USER file

Change owner and group to current user using env variable.

sudo chown root:root /etc/config

Change ownership to root. Requires sudo privileges.

Root

*

Special Bits

8

chmod 4755 file

Set SUID bit (4) + 755. File runs with owner privileges. Shown as rws instead of rwx.

SUID

chmod 2755 file

Set SGID bit (2) + 755. File runs with group privileges. For directories: new files inherit group.

SGID

chmod 1755 directory

Set sticky bit (1) + 755. Only owner can delete/rename files in directory. Used for /tmp.

Sticky

chmod 6755 file

Set both SUID and SGID (6) + 755. Both owner and group privileges.

Both

chmod u+s file

Symbolic: set SUID bit.

SUID

chmod g+s directory

Symbolic: set SGID on directory. New files inherit directory's group.

SGID

chmod +t directory

Symbolic: set sticky bit. Prevents users from deleting others' files in shared directories.

Sticky

chmod 7777 file

All special bits + full permissions. SUID, SGID, sticky, and rwxrwxrwx. Extremely dangerous.

Dangerous

ACL

Access Control Lists

8

getfacl file

Display Access Control List for a file. Shows owner, group, and any ACL entries.

setfacl -m u:username:rwx file

Modify ACL to give specific user read/write/execute permissions on a file.

setfacl -m g:groupname:rx file

Give a specific group read and execute permissions via ACL.

setfacl -x u:username file

Remove a specific user's ACL entry from a file.

setfacl -b file

Remove all extended ACL entries, leaving only standard permissions.

setfacl -R -m u:username:rwx directory

Recursively apply ACL to directory and all contents.

Recursive

setfacl -d -m u:username:rx directory

Set default ACL on directory. New files created in directory inherit these permissions.

Default

setfacl --restore=permissions.acl

Restore ACLs from a backup file created with getfacl -R.

R

Permission Bits Reference

Table

Bit	Octal	Permission	Effect on File	Effect on Directory
`r`	`4`	Read	View contents	List files
`w`	`2`	Write	Modify contents	Create/delete files
`x`	`1`	Execute	Run as program	Enter (cd into)
`s`	`4 (SUID)`	Set UID	Run as owner	—
`s`	`2 (SGID)`	Set GID	Run as group	Inherit group
`t`	`1 (Sticky)`	Sticky	—	Restrict deletion

#

Numeric Values

Table

Value	Binary	Permissions	Common Use
`7`	`111`	rwx	Full access
`6`	`110`	rw-	Read + write
`5`	`101`	r-x	Read + execute
`4`	`100`	r--	Read only
`3`	`011`	-wx	Write + execute
`2`	`010`	-w-	Write only
`1`	`001`	--x	Execute only
`0`	`000`	---	No access

chmod Permission Calculator

Numeric Modes

Symbolic Modes

Ownership

Special Bits

Access Control Lists

Permission Bits Reference

Numeric Values