What are Unix File Permissions?
Every file and directory on a Unix or Linux system has an associated set of permissions that control who can read, write, or execute it. Permissions are divided into three classes: owner (user), group, and others (world). Each class can independently have read (r), write (w), and execute (x) permissions. These nine permission bits, plus special bits like setuid, setgid, and sticky, form the complete permission model that protects files on Unix-like operating systems including Linux and macOS.
Understanding Octal Notation
Octal (base-8) notation represents each permission class as a single digit from 0 to 7. Read equals 4, write equals 2, and execute equals 1. Add the values for each class to get the digit: rwx = 4+2+1 = 7, r-x = 4+0+1 = 5, r-- = 4+0+0 = 4. The classic 755 means the owner can read, write, and execute, while group and others can only read and execute. This compact notation is used with the chmod command on the command line.
Symbolic vs Numeric chmod
The chmod command supports both symbolic and numeric modes. Symbolic mode uses letters (u, g, o, a) with operators (+, -, =) and permission letters (r, w, x). For example, chmod u+x file adds execute permission for the owner. Numeric mode sets all permissions at once: chmod 644 file gives rw-r--r--. Symbolic mode is better for incremental changes; numeric mode is clearer when setting all permissions from scratch.
Best Practices for File Permissions
Follow the principle of least privilege: grant only the permissions needed. Use 644 for regular files (owner reads and writes, everyone else reads), 755 for directories and scripts (owner has full access, others can read and enter), and 600 for sensitive files like SSH keys or configuration files with passwords. Avoid 777 (full access for everyone) in production as it creates serious security vulnerabilities. Always test permission changes in a staging environment first.
