# chmod Quick Reference

*File permissions, numeric & symbolic modes, special bits, umask*

> Source: chmod(1) Manual Page · MIT

## Numeric Mode

### Octal Permission Digits

| Command | Description |
|---------|-------------|
| `4` | Read (r) |
| `2` | Write (w) |
| `1` | Execute (x) |
| `0` | No permission |

### Three-Digit Format

```
chmod 755 file    # rwxr-xr-x
chmod 644 file    # rw-r--r--
chmod 700 file    # rwx------
chmod 600 file    # rw-------
```

### Digit Calculation

| Command | Description |
|---------|-------------|
| `7 (4+2+1)` | rwx — read, write, execute |
| `6 (4+2)` | rw- — read, write |
| `5 (4+1)` | r-x — read, execute |
| `4` | r-- — read only |
| `3 (2+1)` | -wx — write, execute |
| `2` | -w- — write only |
| `1` | --x — execute only |
| `0` | --- — no permissions |

## Symbolic Mode

### Syntax: [ugoa][+-=][rwxXst]

| Command | Description |
|---------|-------------|
| `u` | User (owner) |
| `g` | Group |
| `o` | Others |
| `a` | All (u + g + o) |
| `+` | Add permission |
| `-` | Remove permission |
| `=` | Set exact permission |

### Symbolic Examples

```
chmod u+x file         # owner: add execute
chmod g-w file         # group: remove write
chmod o=r file         # others: set read only
chmod a+r file         # all: add read
chmod u+x,g-w,o= file # combined operations
```

## Common Permissions

### File Permission Presets

| Command | Description |
|---------|-------------|
| `644  rw-r--r--` | Default file — owner rw, others read |
| `755  rwxr-xr-x` | Script / binary — owner rwx, others rx |
| `600  rw-------` | Private file — owner only |
| `400  r--------` | Read-only private (SSH keys) |
| `666  rw-rw-rw-` | World-writable file (avoid) |
| `777  rwxrwxrwx` | Full access for all (avoid) |

### Quick Reference

```
chmod 644 *.html       # web files: owner rw, world r
chmod 755 *.sh         # scripts: owner rwx, world rx
chmod 600 ~/.ssh/id_*  # SSH keys: owner only
chmod 400 secret.pem   # certificate: read-only
```

## Directory Permissions

### What Permissions Mean for Directories

| Command | Description |
|---------|-------------|
| `r (4)` | List directory contents (`ls`) |
| `w (2)` | Create / delete files in directory |
| `x (1)` | Access (cd into) the directory |
| `rx (5)` | List + access (typical for read) |
| `rwx (7)` | Full control |

### Common Directory Permissions

```
chmod 755 dir/     # standard: owner rwx, others rx
chmod 700 dir/     # private: owner only
chmod 750 dir/     # group access: owner rwx, group rx
chmod 1777 /tmp    # sticky bit: only owner can delete
```

## Special Bits

### Setuid, Setgid, Sticky

| Command | Description |
|---------|-------------|
| `Setuid (4xxx)` | Run as file owner (e.g., `passwd`) |
| `Setgid (2xxx)` | Run as file group / inherit dir group |
| `Sticky (1xxx)` | Only owner can delete files (e.g., `/tmp`) |

### Setting Special Bits

```
chmod 4755 program     # setuid: -rwsr-xr-x
chmod 2755 dir/        # setgid: drwxr-sr-x
chmod 1755 dir/        # sticky: drwxr-xr-t
chmod u+s program      # symbolic setuid
chmod g+s dir/         # symbolic setgid
chmod +t dir/          # symbolic sticky bit
```

## Recursive

### Recursive Permission Changes

```
chmod -R 755 dir/           # set all to 755 recursively
chmod -R u+rwX dir/         # owner rw, +x on dirs only
chmod -R go-w dir/          # remove group/other write
```

### Files vs Directories with find

```
# set directories to 755, files to 644
find /path -type d -exec chmod 755 {} +
find /path -type f -exec chmod 644 {} +
```

### Capital X — Conditional Execute

| Command | Description |
|---------|-------------|
| `x (lowercase)` | Add execute to all files and dirs |
| `X (uppercase)` | Add execute only to dirs and already-executable files |

## umask

### How umask Works

| Command | Description |
|---------|-------------|
| `umask` | Display current umask |
| `umask 022` | Files: 644, Dirs: 755 |
| `umask 077` | Files: 600, Dirs: 700 |
| `umask 002` | Files: 664, Dirs: 775 |

### umask Calculation

```
# default permission minus umask = effective
# Files:  666 - 022 = 644 (rw-r--r--)
# Dirs:   777 - 022 = 755 (rwxr-xr-x)
umask          # display current umask
umask 022      # typical default
umask -S       # show in symbolic notation
```

## Common Patterns

### Everyday Use Cases

| Command | Description |
|---------|-------------|
| `Web root` | `chmod -R 755 /var/www/html` |
| `Config file` | `chmod 600 app.conf` |
| `SSH directory` | `chmod 700 ~/.ssh` |
| `SSH authorized_keys` | `chmod 600 ~/.ssh/authorized_keys` |
| `Shared directory` | `chmod 2775 /shared` (setgid) |
| `Log files` | `chmod 640 /var/log/app.log` |
| `Cron scripts` | `chmod 755 /etc/cron.daily/myjob` |
| `Temp directory` | `chmod 1777 /tmp` (sticky) |

### Viewing Permissions

```
ls -l file.txt       # show permissions
ls -ld dir/          # show directory permissions
stat -c '%A %a %n' * # symbolic + numeric + name
getfacl file.txt     # show ACLs (if in use)
```