The Linux chmod Command: Learning to Speak Permissions

I'll never forget the day I accidentally broke our production server. I meant to run chmod 755 script.sh but typed chmod -R 755 / from the wrong directory. Three hours of downtime,多位 senior engineers scrambling, and a very embarrassed junior admin (me).

That day taught me to respect chmod—and to verify my commands twice.

The Permission Problem

As a new sysadmin, I kept running into permission errors:

"Permission denied" when running scripts
Apache couldn't read my files
My SFTP upload wouldn't work
Scripts wouldn't execute

Each problem had the same root cause: I didn't understand permissions.

Understanding Permission Notation

Numeric (Octal) Mode

The simplest syntax:

owner  group  other
 rwx    rwx    rwx
 7      7      7

Each digit is the sum of:

4 = read (r)
2 = write (w)
1 = execute (x)

So:

7 = read + write + execute (4+2+1)
6 = read + write (4+2)
5 = read + execute (4+1)
4 = read only
0 = no permissions

Symbolic Mode

The chmod Mistakes That Almost Killed Me

1. Running chmod -R recursively on /

NEVER do this:

chmod -R 777 /

This breaks your system. The -R flag applies to ALL subdirectories.

2. Forgetting that scripts need execute

-rw-r--r-- 1 user user  100 Jan 1 10:00 script.sh

User can't run this! Execute bit is missing.

Fix:

chmod u+x script.sh

Now:

-rwxr----- 1 user user  100 Jan 1 10:00 script.sh

3. Using numeric mode incorrectly

Forgot that 777 sets ALL permissions:

chmod 777 /var/www

Huge security hole. Apache can read/modify everything.

4. Breaking Apache

Apache needs read access to files, execute on directories:

chmod -R 750 /var/www/html

Now only owner can read. Apache (running as www-data) gets denied.

chmod Commands That Work

Setting script to executable

chmod +x script.sh

Or explicitly:

chmod 755 script.sh

Securing web files

chmod -R 644 /var/www/html
find /var/www/html -type d -exec chmod 755 {} \;

Files = 644 (readable all, writable owner) Directories = 755 (readable/executable all)

Securing directories

chmod 750 /home/user

Only user can access.

Removing all permissions from others

chmod 770 /-sensitive-dir

Owner and group only.

Setting SGID for group collaboration

chmod 2775 /shared/folder

The 2 at the front sets SGID—new files inherit the group.

Setting sticky bit (for /tmp)

chmod 1777 /tmp

The 1 prevents users from deleting others' files.

The chmod Command Builder: Safer Permissions

After years of making mistakes, I was thrilled when we built the chmod Command Builder:

Visual permission editor shows what each bit does
Toggle checkboxes instead of calculating octal
Presets for common scenarios (scripts, web files, etc.)
Symbolic and numeric views to understand both

No more guessing. Visual clicks, safe commands.

Permission Scenarios

Scenario: Web Application

Files need to be readable by Apache:

# Directories must be executable (browseable)
find /var/www -type d -exec chmod 755 {} \;
 
# Files must be readable
find /var/www -type f -exec chmod 644 {} \;
 
# PHP files may need write access
find /var/www/uploads -exec chmod 664 {} \;

Scenario: User Script

chmod 755 ~/bin/myscript.sh

Executable by all, writable by owner.

Scenario: Sensitive Files

chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub

Private key = owner only. Public key = readable all.

Quick Reference

Command	What It Does
`chmod +x file`	Add execute
`chmod 755 file`	Standard executable
`chmod 644 file`	Standard file
`chmod 600 file`	Private file
`chmod 777 file`	World-writable (unsafe!)
`chmod +X dir`	Execute only on dirs
`chmod -R 755 dir`	Recursive

Lessons Learned the Hard Way

Always verify the path twice before -R on system directories.
Use +x instead of 755 when you just need "executable by anyone."
Check current permissions with ls -la before changing.
Remember directories need execute bit to be browseable, not just readable.
Web directories need 755, not 644—the execute bit allows listing.

Conclusion: Respect chmod

chmod is powerful but dangerous. One mistake can break production or create security vulnerabilities.

The chmod Command Builder makes permissions visual—see what you're setting before you run it.

Test safely. Verify twice. Sleep better.

The Linux chmod Command: Learning to Speak Permissions

4 min read

•

Last updated: 2026-04-22

#Linux#chmod#Permissions#Security#Tutorial

The Linux chmod Command: Learning to Speak Permissions

That day taught me to respect chmod—and to verify my commands twice.

The Permission Problem

As a new sysadmin, I kept running into permission errors:

"Permission denied" when running scripts
Apache couldn't read my files
My SFTP upload wouldn't work
Scripts wouldn't execute

Each problem had the same root cause: I didn't understand permissions.

Understanding Permission Notation

Numeric (Octal) Mode

The simplest syntax:

owner  group  other
 rwx    rwx    rwx
 7      7      7

Each digit is the sum of:

4 = read (r)
2 = write (w)
1 = execute (x)

So:

7 = read + write + execute (4+2+1)
6 = read + write (4+2)
5 = read + execute (4+1)
4 = read only
0 = no permissions

Symbolic Mode

The chmod Mistakes That Almost Killed Me

1. Running chmod -R recursively on /

NEVER do this:

chmod -R 777 /

This breaks your system. The -R flag applies to ALL subdirectories.

2. Forgetting that scripts need execute

-rw-r--r-- 1 user user  100 Jan 1 10:00 script.sh

User can't run this! Execute bit is missing.

Fix:

chmod u+x script.sh

Now:

-rwxr----- 1 user user  100 Jan 1 10:00 script.sh

3. Using numeric mode incorrectly

Forgot that 777 sets ALL permissions:

chmod 777 /var/www

Huge security hole. Apache can read/modify everything.

4. Breaking Apache

Apache needs read access to files, execute on directories:

chmod -R 750 /var/www/html

Now only owner can read. Apache (running as www-data) gets denied.

chmod Commands That Work

Setting script to executable

chmod +x script.sh

Or explicitly:

chmod 755 script.sh

Securing web files

chmod -R 644 /var/www/html
find /var/www/html -type d -exec chmod 755 {} \;

Files = 644 (readable all, writable owner) Directories = 755 (readable/executable all)

Securing directories

chmod 750 /home/user

Only user can access.

Removing all permissions from others

chmod 770 /-sensitive-dir

Owner and group only.

Setting SGID for group collaboration

chmod 2775 /shared/folder

The 2 at the front sets SGID—new files inherit the group.

Setting sticky bit (for /tmp)

chmod 1777 /tmp

The 1 prevents users from deleting others' files.

The chmod Command Builder: Safer Permissions

After years of making mistakes, I was thrilled when we built the chmod Command Builder:

Visual permission editor shows what each bit does
Toggle checkboxes instead of calculating octal
Presets for common scenarios (scripts, web files, etc.)
Symbolic and numeric views to understand both

No more guessing. Visual clicks, safe commands.

Permission Scenarios

Scenario: Web Application

Files need to be readable by Apache:

# Directories must be executable (browseable)
find /var/www -type d -exec chmod 755 {} \;
 
# Files must be readable
find /var/www -type f -exec chmod 644 {} \;
 
# PHP files may need write access
find /var/www/uploads -exec chmod 664 {} \;

Scenario: User Script

chmod 755 ~/bin/myscript.sh

Executable by all, writable by owner.

Scenario: Sensitive Files

chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub

Private key = owner only. Public key = readable all.

Quick Reference

Command	What It Does
`chmod +x file`	Add execute
`chmod 755 file`	Standard executable
`chmod 644 file`	Standard file
`chmod 600 file`	Private file
`chmod 777 file`	World-writable (unsafe!)
`chmod +X dir`	Execute only on dirs
`chmod -R 755 dir`	Recursive

Lessons Learned the Hard Way

Always verify the path twice before -R on system directories.
Use +x instead of 755 when you just need "executable by anyone."
Check current permissions with ls -la before changing.
Remember directories need execute bit to be browseable, not just readable.
Web directories need 755, not 644—the execute bit allows listing.

Conclusion: Respect chmod

chmod is powerful but dangerous. One mistake can break production or create security vulnerabilities.

The chmod Command Builder makes permissions visual—see what you're setting before you run it.

Test safely. Verify twice. Sleep better.

The Linux chmod Command: Learning to Speak Permissions

That day taught me to respect chmod—and to verify my commands twice.

The Permission Problem

As a new sysadmin, I kept running into permission errors:

"Permission denied" when running scripts
Apache couldn't read my files
My SFTP upload wouldn't work
Scripts wouldn't execute

Each problem had the same root cause: I didn't understand permissions.

Understanding Permission Notation

Numeric (Octal) Mode

The simplest syntax:

owner  group  other
 rwx    rwx    rwx
 7      7      7

Each digit is the sum of:

4 = read (r)
2 = write (w)
1 = execute (x)

So:

7 = read + write + execute (4+2+1)
6 = read + write (4+2)
5 = read + execute (4+1)
4 = read only
0 = no permissions

Symbolic Mode

The chmod Mistakes That Almost Killed Me

1. Running chmod -R recursively on /

NEVER do this:

chmod -R 777 /

This breaks your system. The -R flag applies to ALL subdirectories.

2. Forgetting that scripts need execute

-rw-r--r-- 1 user user  100 Jan 1 10:00 script.sh

User can't run this! Execute bit is missing.

Fix:

chmod u+x script.sh

Now:

-rwxr----- 1 user user  100 Jan 1 10:00 script.sh

3. Using numeric mode incorrectly

Forgot that 777 sets ALL permissions:

chmod 777 /var/www

Huge security hole. Apache can read/modify everything.

4. Breaking Apache

Apache needs read access to files, execute on directories:

chmod -R 750 /var/www/html

Now only owner can read. Apache (running as www-data) gets denied.

chmod Commands That Work

Setting script to executable

chmod +x script.sh

Or explicitly:

chmod 755 script.sh

Securing web files

chmod -R 644 /var/www/html
find /var/www/html -type d -exec chmod 755 {} \;

Files = 644 (readable all, writable owner) Directories = 755 (readable/executable all)

Securing directories

chmod 750 /home/user

Only user can access.

Removing all permissions from others

chmod 770 /-sensitive-dir

Owner and group only.

Setting SGID for group collaboration

chmod 2775 /shared/folder

The 2 at the front sets SGID—new files inherit the group.

Setting sticky bit (for /tmp)

chmod 1777 /tmp

The 1 prevents users from deleting others' files.

The chmod Command Builder: Safer Permissions

After years of making mistakes, I was thrilled when we built the chmod Command Builder:

Visual permission editor shows what each bit does
Toggle checkboxes instead of calculating octal
Presets for common scenarios (scripts, web files, etc.)
Symbolic and numeric views to understand both

No more guessing. Visual clicks, safe commands.

Permission Scenarios

Scenario: Web Application

Files need to be readable by Apache:

# Directories must be executable (browseable)
find /var/www -type d -exec chmod 755 {} \;
 
# Files must be readable
find /var/www -type f -exec chmod 644 {} \;
 
# PHP files may need write access
find /var/www/uploads -exec chmod 664 {} \;

Scenario: User Script

chmod 755 ~/bin/myscript.sh

Executable by all, writable by owner.

Scenario: Sensitive Files

chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub

Private key = owner only. Public key = readable all.

Quick Reference

Command	What It Does
`chmod +x file`	Add execute
`chmod 755 file`	Standard executable
`chmod 644 file`	Standard file
`chmod 600 file`	Private file
`chmod 777 file`	World-writable (unsafe!)
`chmod +X dir`	Execute only on dirs
`chmod -R 755 dir`	Recursive

Lessons Learned the Hard Way

Always verify the path twice before -R on system directories.
Use +x instead of 755 when you just need "executable by anyone."
Check current permissions with ls -la before changing.
Remember directories need execute bit to be browseable, not just readable.
Web directories need 755, not 644—the execute bit allows listing.

Conclusion: Respect chmod

chmod is powerful but dangerous. One mistake can break production or create security vulnerabilities.

The chmod Command Builder makes permissions visual—see what you're setting before you run it.

Test safely. Verify twice. Sleep better.

The Linux chmod Command: Learning to Speak Permissions

The Permission Problem

Understanding Permission Notation

Numeric (Octal) Mode

Symbolic Mode

The chmod Mistakes That Almost Killed Me

1. Running chmod -R recursively on /

2. Forgetting that scripts need execute

3. Using numeric mode incorrectly

4. Breaking Apache

chmod Commands That Work

Setting script to executable

Securing web files

Securing directories

Removing all permissions from others

Setting SGID for group collaboration

Setting sticky bit (for /tmp)

The chmod Command Builder: Safer Permissions

Permission Scenarios

Scenario: Web Application

Scenario: User Script

Scenario: Sensitive Files

Quick Reference

Lessons Learned the Hard Way

Conclusion: Respect chmod

Further Reading

Explore Our Toolset

The Linux chmod Command: Learning to Speak Permissions

The Permission Problem

Understanding Permission Notation

Numeric (Octal) Mode

Symbolic Mode

The chmod Mistakes That Almost Killed Me

1. Running chmod -R recursively on /

2. Forgetting that scripts need execute

3. Using numeric mode incorrectly

4. Breaking Apache

chmod Commands That Work

Setting script to executable

Securing web files

Securing directories

Removing all permissions from others

Setting SGID for group collaboration

Setting sticky bit (for /tmp)

The chmod Command Builder: Safer Permissions

Permission Scenarios

Scenario: Web Application

Scenario: User Script

Scenario: Sensitive Files

Quick Reference

Lessons Learned the Hard Way

Conclusion: Respect chmod

Further Reading