PureDevTools

Unix Chmod Calculator

Calculate Unix file permissions — convert between symbolic and octal chmod notation

All processing happens in your browser. No data is sent to any server.

Common Presets

Permissions

CategoryRead (r)Write (w)Execute (x)Octal
Owner6
Group4
Other4

Special Bits

chmod Command

File name:
chmod 644 filename

What This Means

WhoPermissions
Ownerrw-
Groupr--
Otherr--

What Are Unix File Permissions?

Every file and directory on Unix-like systems (Linux, macOS, BSD) has a set of permission bits that control who can read, write, or execute it. Permissions are divided into three categories:

For each category there are three permission types:

PermissionOctal valueSymbolicFile effectDirectory effect
Read4rView file contentsList directory contents (ls)
Write2wModify or delete the fileCreate, delete, or rename files inside
Execute1xRun file as a programEnter directory (cd) and access contents

Octal vs Symbolic Notation

Unix permissions can be expressed in two equivalent notations.

Octal Notation

Each permission category is represented by a single digit 0–7, calculated by adding the bit values:

read (4) + write (2) + execute (1) = digit

Examples:

DigitPermissionsDescription
7rwxRead, write, and execute
6rw-Read and write
5r-xRead and execute
4r—Read only
0---No permissions

So chmod 755 means: owner=7 (rwx), group=5 (r-x), other=5 (r-x).

Symbolic Notation

Symbolic notation uses 9 characters, three per category, in the fixed order [owner][group][other]:

rwxr-xr-x

A dash (-) means the permission is not set. This maps directly to the octal representation.

Common Chmod Values Explained

755 — Standard Executable / Directory

chmod 755 myscript.sh

Symbolic: rwxr-xr-x

The file owner can read, write, and execute. Everyone else can read and execute but cannot modify. This is the standard permission for shell scripts, web server directories, and most executables.

644 — Standard File

chmod 644 config.yaml

Symbolic: rw-r--r--

Owner can read and write. Everyone else can only read. Ideal for configuration files, web assets, and source code checked out from a repository.

600 — Private File

chmod 600 ~/.ssh/id_rsa

Symbolic: rw-------

Only the owner can read and write. Group and other have no access at all. SSH requires this strict permission for private key files. Also suitable for password files or sensitive credentials.

777 — Full Access for Everyone

chmod 777 /tmp/shared/

Symbolic: rwxrwxrwx

Everyone can read, write, and execute. Use with extreme caution — this is a significant security risk on shared systems because any user can modify or delete the files.

700 — Owner-Only Directory

chmod 700 ~/.config/

Symbolic: rwx------

Only the owner can access the directory. Often used for personal configuration directories and SSH configuration folders.

664 — Group-Writable File

chmod 664 shared-notes.txt

Symbolic: rw-rw-r--

Owner and group can read and write. Others can only read. Useful for collaborative projects where a group of users needs write access.

Special Permission Bits

Beyond the standard rwx bits, Unix has three special bits that modify program execution behavior:

Setuid (4000)

chmod 4755 /usr/bin/sudo
chmod u+s /usr/bin/sudo

When set on an executable file, the program runs with the privileges of the file owner rather than the user who executed it. This is how /usr/bin/sudo and /usr/bin/passwd work — they run as root even when launched by a regular user.

In octal, setuid appears as the leading digit: 4755. In symbolic notation: rwsr-xr-x (lowercase s when execute is also set, uppercase S when not).

Security note: Setuid executables are a common attack surface. Only use setuid when absolutely necessary and audit the code carefully.

Setgid (2000)

chmod 2755 /var/www/html/
chmod g+s /var/www/html/

On an executable: runs with the group’s privileges. On a directory: new files created inside inherit the directory’s group rather than the creator’s primary group. This is essential for shared project directories where a team needs consistent group ownership.

Symbolic: rwxr-sr-x (lowercase s) or rwxr-Sr-x (uppercase S without execute).

Sticky Bit (1000)

chmod 1777 /tmp
chmod +t /tmp

When set on a directory, only the file’s owner (or root) can delete or rename files within it — even if others have write permission on the directory. This is set on /tmp on virtually every Unix system to prevent users from deleting each other’s temporary files.

In symbolic notation, sticky appears as t (or T) in the other-execute position: rwxrwxrwt.

How to Use the chmod Command

# Set permissions using octal notation
chmod 755 script.sh
chmod 644 index.html
chmod 4755 /usr/local/bin/mytool

# Set permissions using symbolic notation
chmod u=rwx,g=rx,o=rx script.sh
chmod u+x,g-w,o-w file.txt
chmod a+r public.txt          # a = all (owner+group+other)

# Recursive (apply to directory and all contents)
chmod -R 755 /var/www/html/

# Change owner and group simultaneously
chown user:group file.txt
chown -R www-data:www-data /var/www/

Reading Permissions with ls -l

The ls -l command shows permissions in symbolic notation:

-rwxr-xr-x  1 alice  staff  12345  Feb 24 10:00  script.sh
drwxr-xr-x  3 alice  staff   4096  Feb 24 10:00  mydir/
-rw-r--r--  1 alice  staff    512  Feb 24 10:00  config.yaml

The first character indicates file type:

The next 9 characters are the permission bits in owner/group/other × read/write/execute order.

Frequently Asked Questions

What happens if I set 000 permissions? No one can access the file — not even the owner. Only root can still read it. You can recover by running chmod 644 filename as root or using sudo.

Does chmod affect symbolic links? On most systems, chmod follows symbolic links and changes the permissions of the target file, not the link itself. The link permissions are generally irrelevant.

What is umask and how does it affect chmod? umask sets the default permissions subtracted from newly created files and directories. A typical umask of 022 means new files get 644 (777 − 022 − execute) and directories get 755 (777 − 022). Use umask in the terminal to see your current setting.

Is my data sent to a server when using this tool? No. All permission calculations happen entirely in your browser. No data is transmitted to any server, stored, or logged. The tool works offline once loaded.

What is the difference between s (lowercase) and S (uppercase) in symbolic notation? Lowercase s in the owner-execute position means both setuid and execute are set. Uppercase S means setuid is set but execute is not — this is unusual and often unintentional for executables. The same applies to s/S in the group position for setgid.

Related Tools