In Linux, file and directory permissions decide who can read data, change it, or access a path at all. Setting them correctly protects configuration files, shared project trees, uploads, backups, and service data from accidental or unwanted access.
The chmod command changes the mode bits for the owner, the group, and everyone else by using symbolic expressions such as g+w and o-r or octal values such as 640 and 750. The same bits apply to both files and directories, but the execute bit means different things: on a regular file it allows the file to run, while on a directory it acts as search permission that allows entering the directory and resolving names inside it.
That difference matters most during recursive permission changes. A mode that is correct for a regular file can break a directory if it removes execute permission, so check the current tree before changing it and use X when one recursive command should keep directories traversable without making every plain file executable. Add sudo only when the current account does not own the target path.
| Octal | Binary | Permission |
|---|---|---|
| 0 | 000 | none |
| 1 | 001 | execute or search |
| 2 | 010 | write |
| 3 | 011 | write, execute or search |
| 4 | 100 | read |
| 5 | 101 | read, execute or search |
| 6 | 110 | read, write |
| 7 | 111 | read, write, execute or search |
Steps to change file and folder permissions in Linux:
- Check the current mode on the target directory and one of its files before changing anything.
$ stat -c "%A %a %n" /srv/perm-demo /srv/perm-demo/alpha.txt drwxr-xr-x 755 /srv/perm-demo -rw-r--r-- 644 /srv/perm-demo/alpha.txt
The first field is the symbolic mode, the second is the octal value, and the last is the path that was checked.
- Add or remove one permission bit with symbolic mode when the rest of the mode should stay intact.
$ chmod g+w /srv/perm-demo/alpha.txt $ chmod o-r /srv/perm-demo/alpha.txt $ stat -c "%A %a %n" /srv/perm-demo/alpha.txt -rw-rw---- 660 /srv/perm-demo/alpha.txt
Use + to add access, - to remove it, and = to replace the selected user class completely.
- Set an exact mode on a regular file when the full result should be explicit.
$ chmod 640 /srv/perm-demo/alpha.txt $ stat -c "%A %a %n" /srv/perm-demo/alpha.txt -rw-r----- 640 /srv/perm-demo/alpha.txt
Mode 640 keeps read-write access for the owner, read-only access for the group, and no access for others.
- Set a directory mode separately so the directory stays traversable.
$ chmod 750 /srv/perm-demo $ stat -c "%A %a %n" /srv/perm-demo drwxr-x--- 750 /srv/perm-demo
On directories, the x bit is search permission. Without it, users cannot enter the directory or resolve file names inside it even if the read bit is still present.
- Apply one recursive command when directories should stay traversable and plain files should not all become executable.
$ chmod -R u=rwX,g=rX,o= /srv/perm-demo
The uppercase X adds execute or search permission only to directories and to files that already had execute permission.
- Verify the whole tree after the recursive change.
$ find /srv/perm-demo -maxdepth 2 -printf "%M %p\n" | sort -rw-r----- /srv/perm-demo/alpha.txt -rwxr-x--- /srv/perm-demo/run.sh drwxr-x--- /srv/perm-demo drwxr-x--- /srv/perm-demo/subdir
Review the target path carefully before using -R. GNU chmod ignores symlinks found during recursive traversal, but a symlink passed directly on the command line normally affects the file it points to.
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.
