chmod — Change file mode bits — read / write / execute permissions on Unix across all 5 shells
Equivalents in every shell
chmod 755 filechmod 755 filechmod 755 fileicacls file /grant Users:(RX)Windows uses ACLs, not Unix mode bits. `icacls` (built into every Windows version) is the most direct equivalent; for PowerShell-native control use `Get-Acl` / `Set-Acl`. PowerShell 7 on Linux / macOS calls the system `chmod` binary.
icacls file /grant Users:(RX)No Unix-style `755` / `644` mode bits on NTFS — only ACL entries. `icacls` is the built-in tool.
Worked examples
Make a script executable
chmod +x deploy.shchmod +x deploy.shRecursively set read + execute permissions on a directory
chmod -R 755 diricacls dir /grant Users:(OI)(CI)RX /Ticacls dir /grant Users:(OI)(CI)RX /TRestrict a file to the owner only
chmod 600 secret.keyicacls secret.key /inheritance:r /grant:r "$env:USERNAME":(F)icacls secret.key /inheritance:r /grant:r %USERNAME%:(F)Gotchas
- Numeric modes (`chmod 755`) and symbolic modes (`chmod u+x`) coexist; pick one style per script. `755` = owner rwx, group r-x, others r-x.
- Windows NTFS has no Unix mode bits — `chmod` exists inside Git Bash and WSL but only affects POSIX-emulated metadata, not real ACLs visible to native tools.
- `chmod 777` is almost always wrong outside `/tmp`-style scratch directories; it grants world-write and is a common security misconfiguration.
- `icacls` inheritance flags: `(OI)` object inherit (files), `(CI)` container inherit (subdirs), `(IO)` inherit-only. Combine to mimic `chmod -R`.
WSL & PowerShell Core notes
Common tasks using chmod
- Change file permissions
Modify read/write/execute permissions on a file or directory.
- Change the group ownership of a file or directory
Reassign a file's group — for granting team-wide read/write via group permissions, for matching a service account's primary group, or for fixing post-clone permissions where the working tree is owned by the wrong group.
- Change the owner of a file or directory
Reassign a file or directory to a different user (and optionally group) — for fixing permission errors after copying files between users, after extracting tarballs as root, or when handing data over to a service account.
- Find files by permission bits
Search a directory tree for files matching specific permission bits — world-writable files for a security audit, SUID/SGID binaries for a post-CVE sweep, or files with exactly `0644` to verify a deployment.
- Make a script executable
Give a script the right permissions and shebang so you can run it directly (`./script.sh`) instead of through an interpreter (`bash script.sh`).
- Set permissions recursively on a directory tree
Apply a single permission change to a directory and every file underneath — for locking down a freshly-extracted tarball, undoing world-writable mistakes, or normalizing permissions on a copied directory.
- View ACLs and extended file permissions
Inspect the full access-control list of a file — beyond the POSIX nine-bit `rwxrwxrwx` mode — to see per-user / per-group grants, the ACL mask, default (inherited) ACLs, and the audit (SACL) entries that `ls -l` will not show.