ورقة مرجعية Chmod
مرجع سريع لأذونات ملفات Unix: التدوين الثماني، التدوين الرمزي، البتات الخاصة، وأنماط الأوامر المتكررة.
Permission values
| Symbol | Value | Effect |
|---|---|---|
r | 4 | Read — view file contents or list directory |
w | 2 | Write — modify file or add/remove directory entries |
x | 1 | Execute — run file or enter (cd into) directory |
- | 0 | Permission denied |
Common octal modes
| Octal | Symbolic | Use case |
|---|---|---|
700 | rwx------ | Private executable (only owner) |
755 | rwxr-xr-x | Public executable / directory |
644 | rw-r--r-- | Public file (HTML, CSS, configs) |
600 | rw------- | Private file (SSH keys, secrets) |
666 | rw-rw-rw- | World-writable file (rare, risky) |
777 | rwxrwxrwx | World-everything (almost never correct) |
400 | r-------- | Read-only for owner (locked file) |
Symbolic notation
| Pattern | Effect |
|---|---|
chmod u+x file | Add execute for owner |
chmod g-w file | Remove write for group |
chmod o=r file | Set others to read-only |
chmod a+r file | Add read for all (a = u+g+o) |
chmod ug+w file | Add write for owner and group |
chmod -R u+w dir/ | Recursive — apply to all contents |
chmod +X dir/ | Add execute only on directories and already-executable files |
Special bits (4-digit octal)
| Bit | Octal | Effect |
|---|---|---|
| setuid | 4xxx | Run executable with owner's privileges (e.g., 4755) |
| setgid | 2xxx | Run with group's privileges, OR new files in directory inherit group |
| sticky | 1xxx | Only file owner can delete (used on /tmp, e.g., 1777) |
In ls -l output, special bits show as s, S, t, or T in the execute column.
Reading ls -l output
-rwxr-xr-x 1 alice staff 4096 May 6 12:34 script.sh └┬┘└┬┘└┬┘└┬┘ │ │ │ └─ others permissions (r-x = read, execute) │ │ └──── group permissions (r-x = read, execute) │ └─────── owner permissions (rwx = read, write, execute) └────────── file type: - regular file, d directory, l symlink, b/c device
Recursive permission fixes
| Goal | Command |
|---|---|
| Files 644, dirs 755 (websites) | find . -type f -exec chmod 644 {} + then find . -type d -exec chmod 755 {} + |
| Add x only on directories | chmod -R +X . |
| Lock everything down | chmod -R go= . |
| SSH config dir | chmod 700 ~/.ssh && chmod 600 ~/.ssh/* |
Visual chmod calculator: Stax Chmod Calculator.
Chmod Cheat Sheet — Unix File Permission Reference for Developers and System Administrators
File permissions are one of the foundational concepts in Unix and Linux administration — yet the octal notation trips up even experienced developers who encounter it infrequently. Whether you are deploying a web application to a Linux server and need to set the right permissions on config files, working on a CI/CD pipeline that needs execute permissions on shell scripts, or hardening an SSH setup that requires strict 600 permissions on private keys, this reference gives you the exact commands and values you need without digging through man pages.
How to read this reference
The permission tables below cover: the numeric values for each permission type (r=4, w=2, x=1), the most common octal modes with their symbolic equivalents and recommended use cases, symbolic notation syntax for making relative changes without resetting all permissions, special bits (setuid, setgid, sticky bit) with their octal prefixes, how to read ls -l output, and the correct recursive permission commands for common scenarios like web server deployments. Each row is a direct reference — look up the situation, copy the command.
The permissions every developer needs to know
755 (rwxr-xr-x) is the correct permission for executable files, scripts, and directories that should be publicly readable and executable but only owner-writable. This is what you want on web server directories and most shell scripts. 644 (rw-r--r--) is correct for regular files like HTML, CSS, JavaScript, and config files — readable by everyone, writable only by the owner. 600 (rw-------) is for sensitive private files like SSH private keys, .env files, and credential files — only the owner can read or write them. 700 (rwx------) is for private executable files or directories that should be completely hidden from other users. Never use 777 in production — it grants write and execute access to every user on the system and is a serious security vulnerability.
Who uses this cheat sheet
Web developers deploying to Linux servers use it to set the correct permissions on uploaded application files and ensure web server processes can read but not write config files. DevOps engineers use it when writing Dockerfile or Ansible playbooks that set file permissions as part of infrastructure setup. System administrators use it for the recursive permission fix patterns when restoring correct permissions after a botched chmod -R command. Security auditors use it to verify that sensitive files (private keys, database credentials, API tokens) have sufficiently restrictive permissions during server hardening reviews.
Privacy and data handling
This is a static reference page — no user input is collected, and no data is transmitted to any server.
الأسئلة الشائعة
- What's the difference between 755 and 644?
- 755 (rwxr-xr-x) — owner can read/write/execute, group and others can read/execute. Used for executable files and directories. 644 (rw-r--r--) — owner can read/write, group and others can only read. Used for regular files (HTML, CSS, images, configs).
- Why does 777 work but everyone says don't use it?
- 777 grants read/write/execute to everyone. It works in the sense that the file becomes accessible by all processes, but it's a security catastrophe — any compromised user or process can modify the file. Use 644 for files, 755 for executables, 700 for private data, 600 for SSH keys. Reserve 777 only for /tmp-style world-writable directories that intentionally need it.
- What's the difference between numeric and symbolic chmod?
- Numeric (chmod 755) sets all 9 permission bits in one shot. Symbolic (chmod u+x file) modifies specific bits without touching others. Use numeric for absolute permissions, symbolic for relative changes. Both produce the same final state — pick whichever reads cleaner for your case.
- Why doesn't chmod -R work as expected on directories?
- Recursive chmod applies the SAME permissions to all files and directories — but executable bit on a regular file is rarely what you want. Use find: 'find . -type f -exec chmod 644 {} +' for files, 'find . -type d -exec chmod 755 {} +' for directories. Or chmod's symbolic +X (capital X) which only sets execute on directories and already-executable files.
- Why does sudo chmod fail to change /tmp?
- Some directories have the sticky bit set (last digit 1, e.g., 1777). The sticky bit on /tmp means only the owner of a file can delete it, regardless of directory permissions. This prevents users from deleting each other's temp files. To remove sticky bit: chmod -t /path. To set sticky: chmod +t /path or chmod 1755 /path.
أدوات ذات صلة
- مُنسِّق JSON مع إصلاح وتحقق
قم بتنسيق وتصغير والتحقق وإصلاح JSON فوراً في متصفحك. رتّب المفاتيح أبجدياً، تنسيق تلقائي عند اللصق، تنزيل كملف — مجاناً، بدون تسجيل، يعمل بالكامل على جهازك.
- مولد رمز QR
توليد رموز QR للروابط والنصوص وشبكات Wi-Fi. تنزيل بصيغة PNG.
- مولد كلمات المرور
إنشاء كلمات مرور قوية وعشوائية بطول وأنواع حروف مخصصة.
- Base64 Encoder / Decoder
ترميز النص إلى Base64 أو فك ترميزه.
- URL Encoder / Decoder
ترميز أو فك ترميز URLs ومعاملات الاستعلام.