Golang os.FileMode corresponding to drwxrwxr-x?

Which os.FileMode values should I provide to os.Mkdir as an argument to have a permission corresponding to drwxrwxr-x?

Daniel Farrell's answer covers the literal settings for modes, but if you're working on a Unix-like system, there are two other important points:

• For most cases (most files), you should just use 0666.
• For most of the remaining cases (most directories), you should just use 0777.

Certain Go code checkers complain about this, but they're just wrong. 😀

The reason to use 0666 (rw-rw-rw-) and 0777 (rwxrwxrwx) every time is that on Unix-like systems, newly created files are created under a umask setting. The protections that the binary program asks for, such as 0777, are always reduced.¹ The reduction is based on this umask setting.

The most permissive umask setting is 0. The least is the rather unusable 0777. The common settings are 077, 007, 022, and 002.

Bits that are set in the umask get cleared in the underlying file permissions. So a umask setting of 022 means that whatever the program asks for, the file winds up being not writable by Group or Other. A program that creates a file using 0666 mode winds up with a file whose actual mode is 0644, or rw-r--r--.

Should the user wish to grant group write permissions, they can run umask 2. Now only the Other w bit will be cleared and this file will be mode rw-rw-r--.

A umask setting of 077 takes away ---rwxrwx: that is, my files and directories are now private to me only (and the super-user of course). One of 027 takes away ----w-rwx, so that newly created files are now 0640, and newly created directories (that use 0777) are now 0750, or rwxr-x--.

One not-entirely-rare exception to the above rules is that temporary files created in areas of "unknown security" (os.CreateTemp files for instance), or files that contain any sensitive data, should be created with mode 0600. They can then be written out without worrying about the data leaking (except to the super-user as usual), and then if they turn out not to be sensitive after all, the final file can be created with the correct permissions.

The really tricky case is when creating a temporary file of unknown security which you are then able to rename (rather than copying) to a file of known-to-be-lower security level, where you'd like to os.Chmod the file to the final mode that you'd get by applying the user's umask. But that's pretty rare.

¹In the special case of umask = 0, no bits are removed. So the result is the original value. But that's what the user wanted: to have the reduction be a zero-valued reduction. We're still reducing the permissions, just with a degenerate case.

drwxrwxr-x

each set of rwx (r-x, etc) is represented by one digit in an octal string where 4 = r, 2 = w, and 1=x. So Read and write combine to make 6, read and execute (eg executables in /bin are 5, and read-only is 4.

For files, the most common mode is:

0644 owner gets read and write, group and other get only read

And for directories, typical is:

0755 owner gets read, write (create within) and execute (list contents) , group and other get only read.

In your case, you'd need to add 2 to the Group digit to allow any users in the directory's Group to also create files in that directory.