chmod: Numeric and Symbolic Permission Modes

2026-06-05 Reading time: About 10 min Difficulty: Beginner

What are chmod's "two ways to write it"?

Lina: Linny-senpai, I looked up chmod and some articles write chmod 644 while others write chmod u+x. Which one is correct?

Linny-senpai: Both are correct! chmod has two notations: numeric mode, where you set everything at once with digits, and symbolic mode, where you use letters like u+x. They just express the same thing differently.

Lina: So... I have to memorize twice as much?

Linny-senpai: Don't worry. Once you see how they work, you'll realize using both is actually easier. Today we'll learn how to pick the right one.

chmod changes the permissions of files and directories. You can specify them with numeric mode (digits like 644) or symbolic mode (letters like u+x). Both can set the exact same permissions.

In one line

Numeric mode → when you want to set the whole permission "in one shot" (chmod 644 file)
Symbolic mode → when you want to "add or remove just a bit" from the current state (chmod u+x file)

What You'll Learn

That numeric mode (644, 755) and symbolic mode (u+x, go-w) describe the same permissions
How to compute numeric mode yourself with r=4, w=2, x=1
How to build symbolic mode with u/g/o/a and +/-/=
How to choose between "set the whole thing" and "add/remove a bit"
A safe pattern that avoids accidents like chmod 777

1. The shared foundation: rwx and three audiences

Conclusion: Permissions grant read (r), write (w), execute (x) to owner (u), group (g), and other (o). Both numeric and symbolic just describe this.

Lina: Honestly, when ls -l shows something like rwxr-xr-x, it just looks like a spell to me...

Linny-senpai: Read it in chunks of three. The first rwx is the owner, the next r-x is the group, the last r-x is everyone else. r means read, w means write, x means execute.

$ ls -l script.sh

-rwxr-xr-x 1 user user 128 Jun  5 10:00 script.sh

Position	Audience	Letter	This example	Meaning
chars 1-3	owner	`u` (user)	`rwx`	read, write, execute
chars 4-6	group	`g` (group)	`r-x`	read and execute
chars 7-9	other	`o` (other)	`r-x`	read and execute

a (all) is a shortcut that means "u + g + o together." We'll use it later.

2. Symbolic mode: think in add and remove

Conclusion: Symbolic mode is "who (u/g/o/a) + how (+/-/=) + what (r/w/x)." It changes from the current state, so the intent is clear.

Symbolic mode combines three parts:

Part	Letters	Meaning
who	`u` / `g` / `o` / `a`	owner / group / other / all
how	`+` / `-` / `=`	add / remove / set (overwrite)
what	`r` / `w` / `x`	read / write / execute

2-1. Add execute for the owner

$ chmod u+x script.sh

u (owner) plus + (add) plus x (execute). Now only you can run it.

2-2. Take write away from group and other

$ chmod go-w secret.txt

g and o (group and other), - (remove), w (write). You can target multiple audiences at once.

2-3. Make it read-only for everyone (the power of =)

$ chmod a=r notes.txt

a (all), = (set), r only. = clears the current permissions first, then sets them, so even if write or execute were present, the result is guaranteed to be "read only."

Lina: How is + different from =?

Linny-senpai: +r means "add read to whatever exists now." =r means "make it read only (remove the rest)." When you want to be sure execute is gone, = is handy.

You can combine specs with commas: chmod u+x,go-w file adds execute for the owner and removes write from group and other in one command.

3. Numeric mode: the r=4 w=2 x=1 math

Conclusion: Numeric mode adds r=4, w=2, x=1 into one digit, then lines up three digits for owner, group, other. 644 is owner rw, others r.

Lina: How are the digits decided? Where does the 6 in 644 come from?

Linny-senpai: Each permission has a score: r is 4, w is 2, x is 1. Just add them. rw- is 4+2=6, r-- is 4. So owner 6, group 4, other 4 gives 644.

Memorize the score for each permission.

Permission	Score
`r` (read)	4
`w` (write)	2
`x` (execute)	1

Each digit represents one audience's permissions, lined up as owner, group, other.

Digit	Sum	Letters	Meaning
7	4+2+1	`rwx`	everything
6	4+2	`rw-`	read and write
5	4+1	`r-x`	read and execute
4	4	`r--`	read only
0	0	`---`	no permission

3-1. Common numeric combinations

$ chmod 644 notes.txt    # rw-r--r-- a normal file
$ chmod 755 script.sh    # rwxr-xr-x runnable script or directory
$ chmod 600 id_rsa       # rw------- private key, owner only

Numeric	Letters	Common use
`644`	`rw-r--r--`	normal file (only owner edits)
`755`	`rwxr-xr-x`	scripts and directories
`600`	`rw-------`	private keys, password files
`700`	`rwx------`	owner-only directory

Tip for reading back: read 755 one digit at a time as "7=rwx, 5=r-x, 5=r-x." With r=4 w=2 x=1 memorized, you can move freely between letters and digits.

4. Which one? A pattern for choosing

Conclusion: Use numeric to "set the whole permission," symbolic to "add or remove a bit from the current state." Pick the one whose intent reads clearly.

Lina: In the end, which should I use in practice?

Linny-senpai: Decide by your goal and you won't hesitate. If you know the final permission you want, numeric is fast. If you're changing from the current state, like "just add execute," symbolic is safer. Being able to read both is best of all.

What you want	Recommended	Example
Set the full permission at once	numeric	`chmod 644 file`
Add or remove from current	symbolic	`chmod u+x file`
Change without disturbing others	symbolic	`chmod g+w file`
Lock a private key to owner	numeric	`chmod 600 id_rsa`
Remove execute from everyone	symbolic	`chmod a-x file`

Rule of thumb in practice

Just adding execute to a script → chmod +x script.sh (same as a+x)
Resetting a config file to standard permissions → chmod 644 config.yaml

5. Common accidents and the safe pattern

Conclusion: chmod 777 grants "everyone everything" and is dangerous. The safe pattern is to give only the minimum permission needed.

A frequent accident: chmod 777

$ chmod 777 file    # rwxrwxrwx = anyone can read, write, and execute

Setting 777 "because it makes Permission denied go away" is the worst pattern. It grants write and execute even to other, opening a security hole.

Lina: I set 777 because it started working, so I thought it was fine...

Linny-senpai: It works, but it's wide open. First check the current permission with ls -l, then add only what's missing. If you just can't run it yourself, chmod u+x is enough. 777 almost never has a real use.

Watch out for x on directories

For a directory, x is the permission to "enter it (cd into it)." With only r, you can list it but not enter. Directories commonly use 755 (rwxr-xr-x).

The safe pattern is these three steps:

Check the current permission with ls -l
Decide "who is missing or has extra what"
Add only the minimum needed, like chmod u+x

6. Practice (5 minutes)

Conclusion: Set the same permission in both numeric and symbolic mode, then confirm with ls -l that the results match.

$ touch demo.txt
$ ls -l demo.txt
$ chmod 600 demo.txt
$ ls -l demo.txt

-rw------- 1 user user 0 Jun  5 10:10 demo.txt

Now build the same rw------- in symbolic mode.

$ chmod a=,u=rw demo.txt
$ ls -l demo.txt

-rw------- 1 user user 0 Jun  5 10:11 demo.txt

What to check:

Confirm 600 and a=,u=rw both produce rw-------
Explain 6 = rw using the r=4 w=2 x=1 addition

If you have time, try whether chmod 755 demo.txt and chmod u=rwx,go=rx demo.txt give the same result.

Summary

What you want	Numeric mode	Symbolic mode
Normal file	`chmod 644 file`	`chmod u=rw,go=r file`
Runnable script	`chmod 755 file`	`chmod u=rwx,go=rx file`
Add execute	(needs full spec)	`chmod u+x file`
Remove write	(needs full spec)	`chmod go-w file`
Private key	`chmod 600 file`	`chmod a=,u=rw file`

Three things to remember

r=4 w=2 x=1: addition lets you read and write numeric mode
u/g/o/a and +/-/=: symbolic mode is "who, how, what"
Numeric for the final state, symbolic to add/remove: choose by goal