The complete, systematic breakdown of Unix/Linux permission modes requires enumerating every valid combination, and grouping them into mutually exclusive, collectively exhaustive categories โ across all axes:
- Axis 1: File type (1st char)
- Axis 2: Owner / Group / Others permission triplets
- Axis 3: Permission levels (r/w/x combinations)
- Axis 4: Special bits (setuid, setgid, sticky)
- Axis 5: Numerical representation (octal)
Below is the full, formal structure. We will proceed layer by layer โ from simplest to full combination space.
| Symbol | Type | Description | Typical Example |
|---|---|---|---|
- |
Regular file | Standard file | -rw-r--r-- |
d |
Directory | Folder | drwxr-xr-x |
l |
Symbolic link | Pointer to another file | lrwxrwxrwx |
c |
Character device | Stream I/O device | /dev/tty |
b |
Block device | Block I/O device | /dev/sda |
p |
FIFO / named pipe | IPC channel | /tmp/fifo_pipe |
s |
Socket | IPC socket | /var/run/docker.sock |
โ 7 exhaustive file-type classes, mutually exclusive.
Each of the next 9 bits (positions 2โ10) describe permissions:
- Owner (u) = bits 2โ4
- Group (g) = bits 5โ7
- Others (o) = bits 8โ10
Each triplet can take one of 8 possible values (2ยณ = 8):
| Triplet | r | w | x | Binary | Octal | Meaning |
|---|---|---|---|---|---|---|
--- |
0 | 0 | 0 | 000 | 0 | no permissions |
--x |
0 | 0 | 1 | 001 | 1 | execute only |
-w- |
0 | 1 | 0 | 010 | 2 | write only |
-wx |
0 | 1 | 1 | 011 | 3 | write + execute |
r-- |
1 | 0 | 0 | 100 | 4 | read only |
r-x |
1 | 0 | 1 | 101 | 5 | read + execute |
rw- |
1 | 1 | 0 | 110 | 6 | read + write |
rwx |
1 | 1 | 1 | 111 | 7 | full access |
โ Each permission triplet = 8 possibilities.
Since we have 3 triplets (user, group, others):
Each combination corresponds to an octal triplet (XYZ):
- X = owner permissions (0โ7)
- Y = group permissions (0โ7)
- Z = others permissions (0โ7)
Example mappings:
| Symbolic | Octal | Binary (9 bits) | Meaning |
|---|---|---|---|
rwxr-xr-x |
755 | 111101101 | Executable for all, modifiable by owner |
rw-r--r-- |
644 | 110100100 | Readable by all, writable by owner |
rwx------ |
700 | 111000000 | Private executable |
rw------- |
600 | 110000000 | Private file |
rwxrwxrwx |
777 | 111111111 | Everyone full access (dangerous) |
---------- |
000 | 000000000 | Completely inaccessible |
We now add the special bits (the first octal digit):
| Bit | Octal Value | Symbolic Indicator | Scope | Meaning |
|---|---|---|---|---|
| setuid | 4 | s in user exec position |
user | run as file owner |
| setgid | 2 | s in group exec position |
group | run as fileโs group / inherited group |
| sticky | 1 | t in others exec position |
others | only file owner can delete in shared dir |
These three bits form the most significant octal digit, ranging from 0โ7:
| High Digit | Meaning |
|---|---|
| 0 | No special bits |
| 1 | Sticky bit only |
| 2 | Setgid only |
| 3 | Setgid + sticky |
| 4 | Setuid only |
| 5 | Setuid + sticky |
| 6 | Setuid + setgid |
| 7 | All three set |
| Octal Form | Composition | Example Symbolic | Meaning |
|---|---|---|---|
0XYZ |
No special bits | -rwxr-xr-x |
Normal file/dir |
1XYZ |
Sticky bit | drwxrwxrwt |
Shared dir like /tmp |
2XYZ |
Setgid | rwxr-sr-x |
Group inheritance |
3XYZ |
Setgid + Sticky | rwxr-sr-t |
Sticky + group inheritance |
4XYZ |
Setuid | rwsr-xr-x |
Execute as owner |
5XYZ |
Setuid + Sticky | rwsr-xr-t |
Owner exec + sticky |
6XYZ |
Setuid + Setgid | rwsr-sr-x |
Owner + group elevation |
7XYZ |
All special bits | rwsr-sr-t |
Full privilege/sticky |
Each XYZ expands to 512 combinations, so full space:
To make 4096 manageable, we can classify symbolically and semantically:
| Category | Definition | Examples (Octal) |
|---|---|---|
| Private | Only owner can access | 700, 600 |
| Shared Group | Group can read/write | 770, 660 |
| Public Read | Anyone can read | 755, 644 |
| Public Write | Anyone can write | 777 (insecure) |
| No Access | No one can read/write | 000 |
| Category | Definition | Example |
|---|---|---|
| Executable | At least one x bit set |
755, 775, 711 |
| Non-executable | No x bits |
644, 600, 664 |
| Category | Effect | Example |
|---|---|---|
| setuid | Execute as owner | /usr/bin/passwd (4755) |
| setgid | Execute as group / inherited group | /usr/bin/mail (2755) |
| sticky | Only owner can delete | /tmp (1777) |
| Level | Description | Example |
|---|---|---|
| Secure | Restricted to owner | 600, 700 |
| Controlled | Group-shared | 660, 770 |
| Exposed | Public readable | 644, 755 |
| Dangerous | Public writable | 666, 777 |
| X | Owner Permissions | Symbolic | Binary |
|---|---|---|---|
| 0 | --- | none | 000 |
| 1 | --x | execute | 001 |
| 2 | -w- | write only | 010 |
| 3 | -wx | write + exec | 011 |
| 4 | r-- | read only | 100 |
| 5 | r-x | read + exec | 101 |
| 6 | rw- | read + write | 110 |
| 7 | rwx | full | 111 |
Same table applies to Group (Y) and Others (Z).
โ Cross product: ( 8 \times 8 \times 8 = 512 ).
| Category | Octal | Symbolic | Use Case |
|---|---|---|---|
| Private files | 600 | rw------- |
SSH keys, config |
| Private dirs | 700 | rwx------ |
Home directories |
| Group collaboration | 660 | rw-rw---- |
Shared writable files |
| Shared dir | 770 | rwxrwx--- |
Group projects |
| Public readable | 644 | rw-r--r-- |
Web docs |
| Public executable | 755 | rwxr-xr-x |
Scripts, binaries |
| Sticky shared dir | 1777 | drwxrwxrwt |
/tmp |
| Setuid binary | 4755 | rwsr-xr-x |
passwd, sudo |
| Setgid directory | 2755 | rwxr-sr-x |
Shared team folder |
Symbolic operators in chmod:
| Operator | Meaning |
|---|---|
+ |
Add permission |
- |
Remove permission |
= |
Set exactly |
Example rules:
chmod u+x fileโ add execute for ownerchmod go-w fileโ remove write for group/otherschmod a=r fileโ set everyone to read-only
Shorthand classes:
| Class | Scope |
|---|---|
u |
user (owner) |
g |
group |
o |
others |
a |
all (u+g+o) |
| Dimension | Values | Mutually Exclusive? | Collectively Exhaustive? |
|---|---|---|---|
| File type | 7 | โ | โ |
| Permission triplet | 8 | โ | โ |
| Scope (u/g/o) | 3 | โ | โ |
| Special bits | 8 | โ | โ |
| Octal representation | 0000โ7777 | โ | โ |
So the Cartesian product space of possible permission states is:
Thatโs the complete universe of Unix file mode strings.
Unix Mode (10-char)
โโโ File Type (7)
โ โโโ Regular (-)
โ โโโ Directory (d)
โ โโโ Symlink (l)
โ โโโ Char Dev (c)
โ โโโ Block Dev (b)
โ โโโ FIFO (p)
โ โโโ Socket (s)
โโโ Permissions (512 = 8ยณ)
โ โโโ User (8)
โ โโโ Group (8)
โ โโโ Others (8)
โโโ Special Bits (8)
โโโ None (0)
โโโ Sticky (1)
โโโ Setgid (2)
โโโ Setgid+Sticky (3)
โโโ Setuid (4)
โโโ Setuid+Sticky (5)
โโโ Setuid+Setgid (6)
โโโ All (7)
| Dimension | Possibilities | Description |
|---|---|---|
| File Types | 7 | - d l c b p s |
| Permission Triplets per Entity | 8 each | --- --x -w- -wx r-- r-x rw- rwx |
| Entities | 3 | user, group, others |
| Special Bits | 8 | 0โ7 combinations of sticky/setuid/setgid |
| Full Permission Octals | 0000โ7777 | 4096 unique permission sets |
| Total Symbolic Mode Strings (with file types) | 28,672 | the complete universe |
SPREADSHEET-LINK: Unix_Permission_Combinations_as-a-Combinatory-Table
What youโre seeing in the spreadsheet for 4-digit octal's, (like 6667 in the sheet) is completely valid but not whatโs usually shown by ls -l. Hereโs why that happens, and how to interpret it correctly.
| Form | Digits | Meaning | Example | Typical Use |
|---|---|---|---|---|
| 3-digit | XYZ |
Base permissions only (owner, group, others) | 755 โ rwxr-xr-x |
Normal chmod/ls |
| 4-digit | SXYZ |
Adds the special bits (setuid, setgid, sticky) in the leading digit | 4755 โ rwsr-xr-x |
Complete representation |
So the tableโs 4-digit octals (e.g., 6667) are full 12-bit modes, not just the 9-bit permission triplets.
The 12-bit mode looks like this internally:
| Bit Range | Octal Digit | Role |
|---|---|---|
| 12โ10 | S | special bits (setuid/setgid/sticky) |
| 9โ7 | X | owner permissions |
| 6โ4 | Y | group permissions |
| 3โ1 | Z | others permissions |
So:
Mode = (SpecialBits ร 512) + (Owner ร 64) + (Group ร 8) + (Others)
In octal shorthand:
SXYZ
| Component | Octal | Binary | Meaning |
|---|---|---|---|
| Special bits | 6 | 110 | setuid + setgid |
| Owner | 6 | 110 | read + write |
| Group | 6 | 110 | read + write |
| Others | 7 | 111 | read + write + execute |
| โ | Symbolic: rwSrwSrwx |
execute under user/group privileges |
Interpretation:
setuid+setgidare active (from the leading 6).- Owner and group have
rw-. - Others have
rwx.
So this is not a mistake โ itโs simply the complete encoding, where the leading octal digit represents privilege bits.
| Context | Digits Used | Why |
|---|---|---|
Normal file (chmod 755, ls -l) |
3 | No special bits โ leading 0 omitted |
Special binary (e.g., passwd, sudo) |
4 | setuid or setgid active |
Secure directories like /tmp |
4 | Sticky bit active (e.g. 1777) |
So in the sheet:
- Rows with
000Xโ ordinary permissions (same as 3-digit form). - Rows with
1XXX,2XXX,4XXX, etc. โ special bits applied.
| Octal Digit Position | Meaning | Bit Flags |
|---|---|---|
| 1st (thousands place) | Special bits | 4 = setuid, 2 = setgid, 1 = sticky |
| 2nd | Owner perms | 4 = read, 2 = write, 1 = exec |
| 3rd | Group perms | same |
| 4th | Others perms | same |
Examples:
| Octal | Symbolic | Meaning |
|---|---|---|
0644 |
rw-r--r-- |
Normal text file |
0755 |
rwxr-xr-x |
Executable file |
1777 |
rwxrwxrwt |
Sticky shared directory (/tmp) |
4755 |
rwsr-xr-x |
setuid program (runs as owner) |
2755 |
rwxr-sr-x |
setgid program (runs as group) |
6667 |
rwSrwSrwx |
both setuid/setgid + full others access |
In short: ๐ 3-digit = regular permissions ๐ 4-digit = full mode (including privilege bits) ๐ The sheet correctly uses 4-digit form (SXYZ) so you can represent all 4096 possible combinations โ not just the 512 basic ones.
LinkedIn // GitHub // Medium // Twitter/X
A bit about David Youngblood...
David is a Partner, Father, Student, and Teacher, embodying the essence of a true polyoptic polymath and problem solver. As a Generative AI Prompt Engineer, Language Programmer, Context-Architect, and Artist, David seamlessly integrates technology, creativity, and strategic thinking to co-create systems of enablement and allowance that enhance experiences for everyone.
As a serial autodidact, David thrives on continuous learning and intellectual growth, constantly expanding his knowledge across diverse fields. His multifaceted career spans technology, sales, and the creative arts, showcasing his adaptability and relentless pursuit of excellence. At LouminAI Labs, David leads research initiatives that bridge the gap between advanced AI technologies and practical, impactful applications.
David's philosophy is rooted in thoughtful introspection and practical advice, guiding individuals to navigate the complexities of the digital age with self-awareness and intentionality. He passionately advocates for filtering out digital noise to focus on meaningful relationships, personal growth, and principled living. His work reflects a deep commitment to balance, resilience, and continuous improvement, inspiring others to live purposefully and authentically.
David believes in the power of collaboration and principled responsibility in leveraging AI for the greater good. He challenges the status quo, inspired by the spirit of the "crazy ones" who push humanity forward. His commitment to meritocracy, excellence, and intelligence drives his approach to both personal and professional endeavors.
"Hereโs to the crazy ones, the misfits, the rebels, the troublemakers, the round pegs in the square holesโฆ the ones who see things differently; theyโre not fond of rules, and they have no respect for the status quoโฆ They push the human race forward, and while some may see them as the crazy ones, we see genius, because the people who are crazy enough to think that they can change the world, are the ones who do." โ Apple, 1997
Why I Exist? To experience life in every way, at every moment. To "BE".
What I Love to Do While Existing? Co-creating here, in our collective, combined, and interoperably shared experience.
How Do I Choose to Experience My Existence? I choose to do what I love. I love to co-create systems of enablement and allowance that help enhance anyone's experience.
Who Do I Love Creating for and With? Everyone of YOU! I seek to observe and appreciate the creativity and experiences made by, for, and from each of us.
When & Where Does All of This Take Place? Everywhere, in every moment, of every day. It's a very fulfilling place to be... I'm learning to be better about observing it as it occurs.
I've learned a few overarching principles that now govern most of my day-to-day decision-making when it comes to how I choose to invest my time and who I choose to share it with:
- Work/Life/Sleep (Health) Balance: Family first; does the schedule agree?
- Love What You Do, and Do What You Love: If you have what you hold, what are YOU holding on to?
- Response Over Reaction: Take pause and choose how to respond from the center, rather than simply react from habit, instinct, or emotion.
- Progress Over Perfection: One of the greatest inhibitors of growth.
- Inspired by "7 Habits of Highly Effective People": Integrating Coveyโs principles into daily life.
David is dedicated to fostering meaningful connections and intentional living, leveraging his diverse skill set to make a positive impact in the world. Whether through his technical expertise, creative artistry, or philosophical insights, he strives to empower others to live their best lives by focusing on what truly matters.
โ David Youngblood