ورقة مرجعية Chmod
مرجع سريع لأذونات ملفات Unix: التدوين الثماني، التدوين الرمزي، البتات الخاصة، وأنماط الأوامر المتكررة.
Permission values
| Symbol | Value | Effect |
|---|---|---|
r | 4 | Read — view file contents or list directory |
w | 2 | Write — modify file or add/remove directory entries |
x | 1 | Execute — run file or enter (cd into) directory |
- | 0 | Permission denied |
Common octal modes
| Octal | Symbolic | Use case |
|---|---|---|
700 | rwx------ | Private executable (only owner) |
755 | rwxr-xr-x | Public executable / directory |
644 | rw-r--r-- | Public file (HTML, CSS, configs) |
600 | rw------- | Private file (SSH keys, secrets) |
666 | rw-rw-rw- | World-writable file (rare, risky) |
777 | rwxrwxrwx | World-everything (almost never correct) |
400 | r-------- | Read-only for owner (locked file) |
Symbolic notation
| Pattern | Effect |
|---|---|
chmod u+x file | Add execute for owner |
chmod g-w file | Remove write for group |
chmod o=r file | Set others to read-only |
chmod a+r file | Add read for all (a = u+g+o) |
chmod ug+w file | Add write for owner and group |
chmod -R u+w dir/ | Recursive — apply to all contents |
chmod +X dir/ | Add execute only on directories and already-executable files |
Special bits (4-digit octal)
| Bit | Octal | Effect |
|---|---|---|
| setuid | 4xxx | Run executable with owner's privileges (e.g., 4755) |
| setgid | 2xxx | Run with group's privileges, OR new files in directory inherit group |
| sticky | 1xxx | Only file owner can delete (used on /tmp, e.g., 1777) |
In ls -l output, special bits show as s, S, t, or T in the execute column.
Reading ls -l output
-rwxr-xr-x 1 alice staff 4096 May 6 12:34 script.sh └┬┘└┬┘└┬┘└┬┘ │ │ │ └─ others permissions (r-x = read, execute) │ │ └──── group permissions (r-x = read, execute) │ └─────── owner permissions (rwx = read, write, execute) └────────── file type: - regular file, d directory, l symlink, b/c device
Recursive permission fixes
| Goal | Command |
|---|---|
| Files 644, dirs 755 (websites) | find . -type f -exec chmod 644 {} + then find . -type d -exec chmod 755 {} + |
| Add x only on directories | chmod -R +X . |
| Lock everything down | chmod -R go= . |
| SSH config dir | chmod 700 ~/.ssh && chmod 600 ~/.ssh/* |
Visual chmod calculator: Stax Chmod Calculator.
How chmod permissions work
Every Unix file has three permission classes: owner (u), group (g), and others (o). Each class can be granted three permissions: read (r=4), write (w=2), and execute (x=1). Add the values to combine: rwx = 7, rw- = 6, r-x = 5, r-- = 4, --- = 0.
Octal vs symbolic notation
The three-digit octal notation (e.g., 755) sets owner, group, others in that order. Each digit is the sum of permissions for that class. 755 = owner rwx (4+2+1=7), group r-x (4+1=5), others r-x (5). Symbolic notation lets you adjust permissions selectively without resetting the whole bitmask.
الأسئلة الشائعة
- What's the difference between 755 and 644?
- 755 (rwxr-xr-x) — owner can read/write/execute, group and others can read/execute. Used for executable files and directories. 644 (rw-r--r--) — owner can read/write, group and others can only read. Used for regular files (HTML, CSS, images, configs).
- Why does 777 work but everyone says don't use it?
- 777 grants read/write/execute to everyone. It works in the sense that the file becomes accessible by all processes, but it's a security catastrophe — any compromised user or process can modify the file. Use 644 for files, 755 for executables, 700 for private data, 600 for SSH keys. Reserve 777 only for /tmp-style world-writable directories that intentionally need it.
- What's the difference between numeric and symbolic chmod?
- Numeric (chmod 755) sets all 9 permission bits in one shot. Symbolic (chmod u+x file) modifies specific bits without touching others. Use numeric for absolute permissions, symbolic for relative changes. Both produce the same final state — pick whichever reads cleaner for your case.
- Why doesn't chmod -R work as expected on directories?
- Recursive chmod applies the SAME permissions to all files and directories — but executable bit on a regular file is rarely what you want. Use find: 'find . -type f -exec chmod 644 {} +' for files, 'find . -type d -exec chmod 755 {} +' for directories. Or chmod's symbolic +X (capital X) which only sets execute on directories and already-executable files.
- Why does sudo chmod fail to change /tmp?
- Some directories have the sticky bit set (last digit 1, e.g., 1777). The sticky bit on /tmp means only the owner of a file can delete it, regardless of directory permissions. This prevents users from deleting each other's temp files. To remove sticky bit: chmod -t /path. To set sticky: chmod +t /path or chmod 1755 /path.
أدوات ذات صلة
- JSON Formatter
تنسيق وتجميل وتصغير والتحقق من صحة JSON في متصفحك.
- مولد رمز QR
توليد رموز QR للروابط والنصوص وشبكات Wi-Fi. تنزيل بصيغة PNG.
- مولد كلمات المرور
إنشاء كلمات مرور قوية وعشوائية بطول وأنواع حروف مخصصة.
- Base64 Encoder / Decoder
ترميز النص إلى Base64 أو فك ترميزه.
- URL Encoder / Decoder
ترميز أو فك ترميز URLs ومعاملات الاستعلام.