Chmod Calculator
Developer UtilitiesCalculate Unix file permissions — convert between symbolic and octal notation. Free, private — all processing in your browser.
Common Presets
The Chmod Calculator is a free online tool for working with Unix/Linux file permissions. Calculate the octal number (like 755 or 644) for any combination of read/write/execute permissions for owner, group, and others. Convert between symbolic notation (rwxr-xr-x), octal notation (755), and long listing format (as shown by ls -l). Perfect for sysadmins setting file permissions, developers debugging permission-denied errors, and anyone learning Unix/Linux file system security.
File permissions are the foundation of Unix security. Every file and directory on Linux, macOS, BSD, or WSL has a mode — a set of permission bits telling the operating system who can read, write, or execute it. Get permissions wrong and your web server shows "403 Forbidden", your script refuses to run, or a file becomes world-writable (a security disaster). Get them right and your system is secure and functional. This calculator makes the octal-symbolic mapping instant and visual, plus it explains what each permission combination means in practice. Includes setuid, setgid, and sticky bit special permissions. All calculations are pure math — nothing is uploaded anywhere.
Chmod Calculator — key features
Instant octal ↔ symbolic conversion
Click checkboxes for each permission bit. Octal (755) and symbolic (rwxr-xr-x) update live.
Visual permission matrix
3×3 grid of checkboxes: rows for owner/group/others, columns for read/write/execute. See permissions at a glance.
Special bit support
Toggle setuid (4), setgid (2), and sticky bit (1) for a 4-digit octal like 4755 or 1777.
Common permission presets
One-click for 755, 644, 600, 700, and other common values. Fast for routine tasks.
Chmod command generator
Outputs the exact `chmod` command to apply your selected permissions, in both octal and symbolic forms.
Plain-English explanation
For each permission set, a sentence explains what it allows: "Owner can read, write, and execute. Group can read and execute. Others can read only."
Security warnings
World-writable permissions (777, 666) trigger a warning. Private key appropriate permissions (600, 400) are highlighted for security use.
Works offline
Pure client-side calculation. No network required. Ideal for quick lookups on any device.
How to use the Chmod Calculator
- 1
Select permissions
Check the boxes for read, write, execute on owner, group, and others. The matrix gives you a visual overview.
- 2
Read the octal value
The octal number (e.g., 755) updates live. This is what you pass to `chmod` on the command line.
- 3
Copy the chmod command
The tool shows the exact command: `chmod 755 filename`. Copy and run in your terminal.
- 4
Understand what it means
Plain-English explanation tells you who can do what — helpful for learning or verifying before applying.
- 5
Add special bits if needed
For setuid, setgid, or sticky bit, add the 4th octal digit. Most files don't need these.
Common use cases for the Chmod Calculator
System administration
- →Set permissions for web server files: Apache and Nginx need specific permissions: files 644, directories 755. This tool calculates the right values without second-guessing.
- →Secure SSH keys: Private SSH keys (`~/.ssh/id_rsa`) must be 600 or SSH rejects them. Public keys are 644.
- →Configure cron scripts: Scripts called by cron need execute permission (755 or 750). Calculate and apply quickly.
- →Fix "Permission denied" errors: When a script or file won't execute, calculate the right permissions and apply with chmod.
Web development
- →WordPress permissions: WP recommends 644 for files, 755 for directories, 600 for wp-config.php. Calculate and verify.
- →Laravel storage permissions: Laravel needs storage/ and bootstrap/cache/ writable by web server (typically 775).
- →Node.js deployment: Set correct permissions for deployed apps — 755 for executables, 644 for config files.
- →Docker file permissions: Container file ownership and permissions often cause issues. Use the calculator for reference.
Security
- →Audit file permissions: Running `find / -perm /002` finds world-writable files. Use the calculator to understand what permissions each file should have.
- →SSH key hygiene: Private keys at 600, public at 644, ~/.ssh directory at 700. One wrong permission breaks SSH.
- →Protect sensitive configs: Database credentials, API tokens — permissions should be 600 (owner read/write only).
- →Shared hosting security: On shared servers, incorrect permissions can expose files to other users. 644/755 is the safe minimum.
Learning and education
- →Learn Unix basics: Chmod is often confusing for beginners. The calculator makes the rwx ↔ octal mapping concrete.
- →Teaching Linux administration: Use as a classroom teaching aid — students can visualize and experiment with different combinations.
- →Certification prep (LPIC, RHCSA): Chmod appears on virtually every Linux cert. Practice with the calculator before the exam.
Chmod Calculator — examples
Standard file (644)
Owner reads/writes, others read.
Select: Owner rw-, Group r--, Others r--
Octal: 644 Symbolic: rw-r--r-- Command: chmod 644 file.txt
Standard directory (755)
Owner full, others read/enter.
Select: Owner rwx, Group r-x, Others r-x
Octal: 755 Symbolic: rwxr-xr-x Command: chmod 755 my_dir
Private SSH key (600)
Owner-only, no one else.
Select: Owner rw-, Group ---, Others ---
Octal: 600 Symbolic: rw------- Command: chmod 600 ~/.ssh/id_rsa
Private directory (700)
Only owner can enter.
Select: Owner rwx, Group ---, Others ---
Octal: 700 Symbolic: rwx------ Command: chmod 700 ~/.ssh
World-writable warning
Dangerous permission level.
Select: Everyone rwx
Octal: 777 ⚠ Warning: world-writable. Any user can modify or delete. Use only for public shared directories, never for system or web files.
Sticky bit on /tmp (1777)
Shared writable dir where only owner can delete their own files.
Select: Everyone rwx, sticky bit
Octal: 1777 Symbolic: rwxrwxrwt Usage: chmod 1777 /tmp Effect: anyone can create files, only owner can delete their own
setuid root binary
Runs with root privileges regardless of who calls it.
Select: rwx for all + setuid
Octal: 4755 Symbolic: rwsr-xr-x Example: /usr/bin/sudo Security: only for trusted binaries
Technical details
Unix/Linux file permissions use a 12-bit mode stored with each file's inode. The mode is traditionally shown in octal (base-8) because 3 bits fit perfectly in one octal digit.
The three permission bits:
- r (read) — bit value 4 — view file contents or list directory contents
- w (write) — bit value 2 — modify file or create/delete files in directory
- x (execute) — bit value 1 — run file as program, or enter directory
Three permission sets (in order):
- Owner (user, u) — the user who owns the file
- Group (g) — the group assigned to the file
- Others (o) — everyone else
Octal permission calculation:
Each set of 3 bits (rwx) becomes one octal digit. Add the values of the bits that are set:
- rwx = 4+2+1 = 7
- rw- = 4+2+0 = 6
- r-x = 4+0+1 = 5
- r-- = 4+0+0 = 4
- -wx = 0+2+1 = 3
- -w- = 0+2+0 = 2
- --x = 0+0+1 = 1
- --- = 0+0+0 = 0
Combine three digits for owner-group-others: 755 = rwx r-x r-x, 644 = rw- r-- r--.
Common permission values:
| Octal | Symbolic | Use case |
|---|---|---|
| 755 | rwxr-xr-x | Executable files, directories (standard) |
| 644 | rw-r--r-- | Regular files (readable, only owner writes) |
| 600 | rw------- | Private files, SSH keys |
| 700 | rwx------ | Private executable, owner-only directory |
| 777 | rwxrwxrwx | Avoid — world-writable, security risk |
| 666 | rw-rw-rw- | Avoid — world-writable files |
| 400 | r-------- | Read-only, owner-only (e.g., SSH private key) |
| 000 | --------- | No permissions (files effectively inaccessible) |
Special permission bits (additional octal digit prefix):
- setuid (4xxx) — when executed, runs with owner's privileges (e.g., /usr/bin/sudo is 4755 = setuid root)
- setgid (2xxx) — when executed, runs with group's privileges; on directories, new files inherit the directory's group
- sticky bit (1xxx) — in a directory, only the file owner can delete files (used on /tmp = 1777)
Umask:
The umask subtracts permissions from newly-created files. A umask of 022 means new files get 666 & ~022 = 644 (for files) and 777 & ~022 = 755 (for directories). Default umask on most systems is 022 or 002.
Symbolic chmod commands:
``bash``
chmod u+x script.sh # Add execute for owner
chmod g-w file.txt # Remove write for group
chmod o=r file.txt # Set others to read-only
chmod ugo+x script.sh # All can execute
chmod a+x script.sh # Same as ugo+x (a = all)
chmod -R 755 my_dir/ # Recursive change
Common problems and solutions
⚠chmod 777 as a fix-it
Setting 777 (world-writable) often "fixes" permission issues but creates massive security holes. Any process or user on the system can modify your files. Only use 777 in specific, well-understood cases (e.g., /tmp). Find the right permission instead.
⚠Symbolic vs octal confusion
`chmod u+x` adds execute for user; `chmod 755` sets absolute permissions. u+x is relative, 755 is absolute. Be clear which you want — using 755 when you meant u+x can remove unexpected permissions.
⚠Recursive chmod on files and directories
`chmod -R 755` sets everything (files and directories) to 755 — files become executable too. For differentiated permissions: `find . -type f -exec chmod 644 {} \;` for files and `find . -type d -exec chmod 755 {} \;` for directories.
⚠SSH refuses keys with wrong permissions
SSH requires private keys to be readable only by the owner (600 or 400). If group or others can read the key, SSH refuses to use it (for security). Fix with `chmod 600 ~/.ssh/id_rsa`.
⚠Web server can't read files
Apache/Nginx run as `www-data` or `nginx` user. If your files are owned by you with 600 permissions, the web server can't read them. Change to 644 (world-readable) or change ownership to the web server user.
⚠NTFS and FAT don't support Unix permissions
Files on Windows filesystems (NTFS, FAT, exFAT) mounted on Linux may ignore chmod (they have their own permission model). Use the correct mount options or copy files to a Linux filesystem first.
⚠chmod doesn't change ownership
Permissions apply based on file ownership. If you're not the owner, chmod fails (unless you're root). To change ownership, use `chown`. To allow non-owners to modify, you might use ACLs (`setfacl`) instead of chmod.
⚠umask masks permissions
Newly created files use the system's umask to remove permissions from the default. `umask 022` removes write for group and others. Check `umask` before setting permissions if you're getting unexpected results.
Chmod Calculator — comparisons and alternatives
Octal vs Symbolic notation: Octal (755) is compact and fast for experienced sysadmins. Symbolic (u=rwx,g=rx,o=rx) is more explicit and readable. Both produce the same result. Octal sets absolute permissions; symbolic supports relative changes (+x adds, -x removes). Scripts often use octal; teaching often uses symbolic.
chmod vs chown vs chgrp: chmod changes permissions. chown changes file owner. chgrp changes file group. All three may be needed to fully control access. Often: chown user:group file && chmod 644 file.
POSIX permissions vs ACLs: POSIX permissions (owner, group, others) handle simple cases. ACLs (Access Control Lists) via setfacl allow per-user and per-group permissions for complex scenarios. Use POSIX when possible; ACLs when you need finer control.
Unix permissions vs Windows ACLs: Windows uses a fundamentally different permission model (full ACLs, no concept of owner/group/others bits). WSL translates between them. NTFS mounted in Linux may show rwxrwxrwx regardless of real permissions — the kernel doesn't map NTFS ACLs to POSIX.
chmod vs attrib (Windows): Windows attrib is the closest equivalent but much more limited — handles read-only, hidden, system attributes. Windows permission management is done via the Properties dialog, icacls, or PowerShell.
Container file permissions: Docker images preserve permissions when COPY/ADD. But UID/GID inside containers may differ from the host. Use chown in your Dockerfile to align UIDs if needed.
Frequently asked questions about the Chmod Calculator
▶What is chmod?
chmod (change mode) is a Unix/Linux/macOS command that changes file and directory permissions. Permissions control who can read, write, and execute each file. chmod 755 script.sh sets the file to permission 755. Permissions are a foundation of Unix security.
▶What does 755 mean?
755 means: Owner has read/write/execute (rwx = 4+2+1 = 7), Group has read/execute (r-x = 4+1 = 5), Others have read/execute (r-x = 4+1 = 5). Common for executable scripts and directories. Allows everyone to read and execute, only owner to modify.
▶What does 644 mean?
644 means: Owner has read/write (rw- = 4+2 = 6), Group has read (r-- = 4), Others have read (r-- = 4). Common for regular files like documents, images, HTML, CSS, JavaScript. Read-accessible by everyone, writable only by owner.
▶What are octal permissions?
Octal is base-8 — each digit represents 3 bits. In Unix permissions, each set of rwx fits in one octal digit: r=4, w=2, x=1, sum them. rwx = 7, rw- = 6, r-x = 5, r-- = 4. Three sets (owner, group, others) give three octal digits: 755, 644, etc.
▶What permissions should a file have?
Regular files: 644 (rw-r--r--). Executable files / scripts: 755 (rwxr-xr-x). Private files (SSH keys, database passwords): 600 (rw-------). Shared writable: use sparingly. Directories typically need execute permission to be enterable, so 755 for directories, 644 for files inside.
▶Why is 777 dangerous?
777 means anyone on the system can read, write, or execute the file. In shared environments (web servers, hosting), another user or exploited process can modify your files, inject malicious code, or delete data. Only use 777 for truly public write areas like /tmp with sticky bit (1777). Never for regular files.
▶How do I change permissions recursively?
chmod -R 755 directory/ applies 755 to the directory and everything inside. Warning: this sets files to 755 too (executable). For different file/directory permissions, use find: find dir -type f -exec chmod 644 {} \; for files, find dir -type d -exec chmod 755 {} \; for directories.
▶What is setuid?
setuid (set user ID on execution, prefix 4 in octal) makes an executable run with the owner's privileges regardless of who invokes it. /usr/bin/sudo is setuid root — anyone can invoke it, but it runs with root's permissions. Use sparingly — setuid programs are a classic security vulnerability target.
▶What is the sticky bit?
The sticky bit (prefix 1 in octal) on a directory makes it so only a file's owner can delete or rename that file, even if others have write permission on the directory. Used on /tmp (mode 1777) so any user can create files but can't delete others' files.
▶Does chmod work on Windows?
Windows uses a different permission model (ACLs). chmod is available in WSL, Git Bash, Cygwin, and similar Unix-compatible environments. For native Windows, use icacls or the Properties dialog. Files on NTFS mounted in Linux may not respect chmod depending on mount options.
Additional resources
- chmod man page — Official Linux chmod documentation.
- POSIX File Permissions — POSIX standard for file permissions.
- Chmod Explained — Tooleras blog — Our in-depth chmod tutorial.
- Linux Permissions and Ownership — Comprehensive guide to Linux permissions.
- setfacl (ACL) man page — Extended ACL documentation for finer control.
Related tools
All Developer UtilitiesCron Expression Generator
Build and understand cron expressions — visual editor, plain English explanation
CSP Header Generator
Generate Content Security Policy headers with a structured form for all CSP directives, trusted sources, and advanced features.
.env File Validator
Validate .env files for syntax errors, missing required variables, secret leaks, and compare against .env.example templates.
.gitignore Generator
Create .gitignore files for 100+ languages, OS, IDEs — combinable templates
Hash Generator
Generate MD5, SHA-1, SHA-256, SHA-512 hashes for text and files
HMAC Generator
Generate HMAC signatures (SHA-256, SHA-512) for API auth and webhook verification
Learn more
Explore more tools
200+ free tools that run in your browser.
Browse all tools →