chmod (change mode) is a Unix/Linux command that changes the access permissions of files and directories. Permissions are divided into three categories: Owner (the file's creator), Group (users in the file's group), and Others (everyone else). Each category can have Read (r=4), Write (w=2), and Execute (x=1) permissions. The numeric mode sums these values — for example, chmod 755 file gives the owner full control (7=4+2+1) and everyone else read+execute (5=4+1).

644 (rw-r--r--) is the standard permission for regular files — the owner can read and write, while group and others can only read. 755 (rwxr-xr-x) is standard for directories and executable files — the owner has full access (read, write, execute), while group and others can read and execute but not modify. Directories require execute permission to be accessible (cd into them), which is why 755 is the default for most directories on web servers.

SUID (Set User ID — 4000): When set on an executable file, the program runs with the permissions of the file owner, not the user executing it. The owner's execute x becomes s. A classic example is /usr/bin/passwd (permissions: -rwsr-xr-x).

SGID (Set Group ID — 2000): On executable files, the program runs with the file's group permissions. On directories, new files created inside inherit the directory's group. The group's x becomes s.

Sticky Bit (1000): Used on directories like /tmp to prevent users from deleting files they don't own, even if they have write permission. The others' x becomes t.

Each permission has a numeric value: Read = 4, Write = 2, Execute = 1. Add them up for each category (Owner, Group, Others). For example, rwx = 4+2+1 = 7, r-x = 4+0+1 = 5, r-- = 4+0+0 = 4. Combine the three digits: 754. Special permissions add a fourth digit at the front: SUID=4, SGID=2, Sticky=1. So chmod 4755 sets SUID + 755.

For directories, the execute (x) permission doesn't mean "run" — it means "traverse" or "enter." Without execute permission on a directory, you cannot cd into it or access any files inside, even if you have read permission on those files. Read permission on a directory lets you list its contents (ls), while execute lets you access files inside. Most directories should have 755 or 750 permissions.

For web servers (Apache, Nginx, etc.): Files should typically be 644 (rw-r--r--) — owner writable, everyone readable. Directories should be 755 (rwxr-xr-x) — owner full access, everyone can traverse. Configuration files with sensitive data (database passwords, API keys) should be 600 (rw-------) or 640 (rw-r-----). Never use 777 on production servers — it allows anyone to modify your files.

chmod 777 (rwxrwxrwx) gives everyone full read, write, and execute permissions. This is a significant security risk on production servers and shared environments — any user can modify, delete, or replace your files. The only common legitimate use cases are: temporary debugging, /tmp directories (where the sticky bit provides additional protection), or fully isolated development environments. For most purposes, use more restrictive permissions like 755 or 644.

Use the -R (recursive) flag: chmod -R 755 /path/to/directory. This changes permissions for the directory and all its contents. Caution: Recursive chmod can break systems if used carelessly. A safer approach for mixed file/directory permissions is: find /path -type d -exec chmod 755 {} \; (directories only) and find /path -type f -exec chmod 644 {} \; (files only). This ensures directories remain traversable while files stay non-executable.

Numeric (octal) notation uses 3-4 digits: chmod 755 file. It sets all permissions absolutely. Symbolic notation uses letters: chmod u=rwx,g=rx,o=rx file or chmod a+x file (add execute for all). Symbolic is more flexible for relative changes — you can add/remove specific permissions without knowing the current state: chmod g+w file adds group write, chmod o-rwx file removes all others' permissions. Both achieve the same result; numeric is more concise, symbolic is more expressive.

Use ls -l filename to see permissions in symbolic format (e.g., -rwxr-xr-x). For numeric format, use stat -c "%a %n" filename (Linux) or stat -f "%OLp %N" filename (macOS/BSD). The stat command displays the octal permission value directly. You can also use ls -l | awk '{print $1, $NF}' to see symbolic permissions for all files in a directory.