Unix Chmod Calculator
Calculate Unix file permissions — convert between symbolic and octal chmod notation
Common Presets
Permissions
| Category | Read (r) | Write (w) | Execute (x) | Octal |
|---|---|---|---|---|
| Owner | 6 | |||
| Group | 4 | |||
| Other | 4 |
Special Bits
chmod Command
chmod 644 filenameWhat This Means
| Who | Permissions |
|---|---|
| Owner | rw- |
| Group | r-- |
| Other | r-- |
Your deploy script fails with Permission denied. You ls -la and see -rw-r--r-- — no execute bit. You run chmod 755 and it works, but then your SSH key gets rejected because id_rsa is “too open” at 755 and needs 600. Or you’re writing a Dockerfile RUN chmod and need the octal for “owner all, group read-execute, other nothing.” You know the system — you just can’t do the mental math on nine bits while troubleshooting a deploy.
Why This Calculator (Not the Visual Chmod Matrix)
PureDevTools has a Visual Chmod Calculator with a clickable 3×3 grid for building permissions visually. This tool focuses on conversion and special bits — paste an octal like 4755 or symbolic like rwsr-xr-x, and get the other format plus the chmod command. It also handles setuid, setgid, and the sticky bit (4-digit octal), which the visual tool doesn’t cover. Everything runs in your browser; no data is sent anywhere.
What Are Unix File Permissions?
Every file and directory on Unix-like systems (Linux, macOS, BSD) has a set of permission bits that control who can read, write, or execute it. Permissions are divided into three categories:
- Owner — the user who owns the file
- Group — users who are members of the file’s group
- Other — everyone else
For each category there are three permission types:
| Permission | Octal value | Symbolic | File effect | Directory effect |
|---|---|---|---|---|
| Read | 4 | r | View file contents | List directory contents (ls) |
| Write | 2 | w | Modify or delete the file | Create, delete, or rename files inside |
| Execute | 1 | x | Run file as a program | Enter directory (cd) and access contents |
Octal vs Symbolic Notation
Unix permissions can be expressed in two equivalent notations.
Octal Notation
Each permission category is represented by a single digit 0–7, calculated by adding the bit values:
read (4) + write (2) + execute (1) = digitExamples:
| Digit | Permissions | Description |
|---|---|---|
7 | rwx | Read, write, and execute |
6 | rw- | Read and write |
5 | r-x | Read and execute |
4 | r— | Read only |
0 | --- | No permissions |
So chmod 755 means: owner=7 (rwx), group=5 (r-x), other=5 (r-x).
Symbolic Notation
Symbolic notation uses 9 characters, three per category, in the fixed order [owner][group][other]:
rwxr-xr-xA dash (-) means the permission is not set. This maps directly to the octal representation.
Common Chmod Values Explained
755 — Standard Executable / Directory
chmod 755 myscript.shSymbolic: rwxr-xr-x
The file owner can read, write, and execute. Everyone else can read and execute but cannot modify. This is the standard permission for shell scripts, web server directories, and most executables.
644 — Standard File
chmod 644 config.yamlSymbolic: rw-r--r--
Owner can read and write. Everyone else can only read. Ideal for configuration files, web assets, and source code checked out from a repository.
600 — Private File
chmod 600 ~/.ssh/id_rsaSymbolic: rw-------
Only the owner can read and write. Group and other have no access at all. SSH requires this strict permission for private key files. Also suitable for password files or sensitive credentials.
777 — Full Access for Everyone
chmod 777 /tmp/shared/Symbolic: rwxrwxrwx
Everyone can read, write, and execute. Use with extreme caution — this is a significant security risk on shared systems because any user can modify or delete the files.
700 — Owner-Only Directory
chmod 700 ~/.config/Symbolic: rwx------
Only the owner can access the directory. Often used for personal configuration directories and SSH configuration folders.
664 — Group-Writable File
chmod 664 shared-notes.txtSymbolic: rw-rw-r--
Owner and group can read and write. Others can only read. Useful for collaborative projects where a group of users needs write access.
Special Permission Bits
Beyond the standard rwx bits, Unix has three special bits that modify program execution behavior:
Setuid (4000)
chmod 4755 /usr/bin/sudo
chmod u+s /usr/bin/sudoWhen set on an executable file, the program runs with the privileges of the file owner rather than the user who executed it. This is how /usr/bin/sudo and /usr/bin/passwd work — they run as root even when launched by a regular user.
In octal, setuid appears as the leading digit: 4755. In symbolic notation: rwsr-xr-x (lowercase s when execute is also set, uppercase S when not).
Security note: Setuid executables are a common attack surface. Only use setuid when absolutely necessary and audit the code carefully.
Setgid (2000)
chmod 2755 /var/www/html/
chmod g+s /var/www/html/On an executable: runs with the group’s privileges. On a directory: new files created inside inherit the directory’s group rather than the creator’s primary group. This is essential for shared project directories where a team needs consistent group ownership.
Symbolic: rwxr-sr-x (lowercase s) or rwxr-Sr-x (uppercase S without execute).
Sticky Bit (1000)
chmod 1777 /tmp
chmod +t /tmpWhen set on a directory, only the file’s owner (or root) can delete or rename files within it — even if others have write permission on the directory. This is set on /tmp on virtually every Unix system to prevent users from deleting each other’s temporary files.
In symbolic notation, sticky appears as t (or T) in the other-execute position: rwxrwxrwt.
How to Use the chmod Command
# Set permissions using octal notation
chmod 755 script.sh
chmod 644 index.html
chmod 4755 /usr/local/bin/mytool
# Set permissions using symbolic notation
chmod u=rwx,g=rx,o=rx script.sh
chmod u+x,g-w,o-w file.txt
chmod a+r public.txt # a = all (owner+group+other)
# Recursive (apply to directory and all contents)
chmod -R 755 /var/www/html/
# Change owner and group simultaneously
chown user:group file.txt
chown -R www-data:www-data /var/www/Reading Permissions with ls -l
The ls -l command shows permissions in symbolic notation:
-rwxr-xr-x 1 alice staff 12345 Feb 24 10:00 script.sh
drwxr-xr-x 3 alice staff 4096 Feb 24 10:00 mydir/
-rw-r--r-- 1 alice staff 512 Feb 24 10:00 config.yamlThe first character indicates file type:
-= regular filed= directoryl= symbolic linkc= character deviceb= block device
The next 9 characters are the permission bits in owner/group/other × read/write/execute order.
Permission Mistakes That Cause Security Incidents
These are real-world permission errors that lead to data breaches, privilege escalation, or service outages.
chmod 777 on Web Directories
# NEVER do this in production
chmod -R 777 /var/www/html/This gives every user on the system full read/write/execute access to your web files. An attacker who gains access to any user account can inject malicious code into your website. Use 755 for directories and 644 for files — the web server user (www-data, nginx) only needs read access.
SSH Key Permissions Too Open
# SSH refuses to use keys with wrong permissions
$ ssh user@server
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/home/user/.ssh/id_rsa' are too open.SSH requires strict permissions on private keys. The fix:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
chmod 600 ~/.ssh/authorized_keys
chmod 644 ~/.ssh/configRecursive chmod on /
# This will brick your system
chmod -R 755 /Running recursive chmod on the root directory changes permissions on system files, breaking sudo, SSH, and most services. There is no easy recovery — you will likely need to reinstall the OS or restore from backup.
Setuid on Shell Scripts
# Dangerous — do not do this
chmod 4755 myscript.shMost modern Unix systems ignore the setuid bit on shell scripts (for security reasons), but some older systems honor it. If honored, any user can run the script with the owner’s privileges. Use a compiled wrapper binary instead.
Docker Container Permission Mismatch
Files created inside a Docker container often have root:root ownership. When mounted as a volume on the host, the host user cannot modify them:
# Inside container: file owned by root
-rw-r--r-- 1 root root 1024 config.yaml
# Fix: match the container user UID to the host user UID
docker run --user $(id -u):$(id -g) ...Frequently Asked Questions
What happens if I set 000 permissions?
No one can access the file — not even the owner. Only root can still read it. You can recover by running chmod 644 filename as root or using sudo.
Does chmod affect symbolic links?
On most systems, chmod follows symbolic links and changes the permissions of the target file, not the link itself. The link permissions are generally irrelevant.
What is umask and how does it affect chmod?
umask sets the default permissions subtracted from newly created files and directories. A typical umask of 022 means new files get 644 (777 − 022 − execute) and directories get 755 (777 − 022). Use umask in the terminal to see your current setting.
Is my data sent to a server when using this tool? No. All permission calculations happen entirely in your browser. No data is transmitted to any server, stored, or logged. The tool works offline once loaded.
What is the difference between s (lowercase) and S (uppercase) in symbolic notation?
Lowercase s in the owner-execute position means both setuid and execute are set. Uppercase S means setuid is set but execute is not — this is unusual and often unintentional for executables. The same applies to s/S in the group position for setgid.