Chmod Calculator

Interactive Linux/Unix file permission calculator. Convert between numeric and symbolic notation with a visual permission grid. 100% client side - no data leaves your browser.

Read (4)
Write (2)
Execute (1)
Owner
Group
Other
Numeric
755
Symbolic
rwxr-xr-x
$ chmod 755 filename

About Linux File Permissions

Linux and Unix file permissions control who can read, write, and execute files and directories. Permissions are assigned to three categories: the file owner, the group, and all other users. Understanding chmod is essential for system administration, web server configuration, and security hardening.

Numeric (Octal) Notation

The numeric notation uses three digits, one for each category (owner, group, other). Each digit is the sum of its permission values: 4 for read, 2 for write, and 1 for execute. For example, 755 means owner has full access (7 = 4+2+1), while group and others can read and execute (5 = 4+1).

Symbolic Notation

The symbolic notation uses nine characters in three groups of three: rwxr-xr-x. Each group represents owner, group, and other permissions. The letters r, w, and x indicate read, write, and execute. A dash - indicates the permission is not set.

Common Permission Values

755 is the standard for executable files and directories. 644 is typical for regular files. 600 is used for private files like SSH keys. 777 grants full access to everyone and should generally be avoided for security reasons.

Directory Permissions

For directories, the execute permission has a special meaning: it allows users to access (traverse) the directory. Without execute permission on a directory, users cannot cd into it or access any files within, even if they have read permission on those files.

Unix File Permissions Without the Memorization

Unix permissions are a six-decade-old design: three permission bits (read, write, execute) repeated across three entities (owner, group, others), encoded as a three-digit octal number. The mental conversion (rwx → 7, r-x → 5) is straightforward once you know it, but most engineers still pause every time they type a chmod command. This calculator removes the pause.

How octal permissions work

Each digit is the sum of three bits: read = 4, write = 2, execute = 1. Add them up to get the digit:

  • 7 = read + write + execute (4+2+1)
  • 6 = read + write (4+2)
  • 5 = read + execute (4+1)
  • 4 = read only
  • 0 = no access

The three digits from left to right are owner, group, others. So chmod 644 file means owner can read/write, group and others can read.

The standard production presets

  • 644 — most files. Owner edits, everyone else reads. The default for source code, config, web assets.
  • 755 — directories and executables. Everyone can cd in or run the binary; only owner can modify contents.
  • 600 — private files. SSH keys, credentials, service-account JSON. Anyone else even reading is a security finding.
  • 700 — private directories. ~/.ssh, ~/.aws, ~/.gnupg.
  • 666 / 777 — almost always wrong. World-writable files are how cryptojackers and worms persist.

Setuid, setgid, and the sticky bit

The optional fourth (leading) octal digit controls the special bits:

  • 4xxx — setuid. The binary runs as the file's owner regardless of who invoked it. Used by sudo, passwd. Easy to misuse and create privilege escalation paths.
  • 2xxx — setgid. On a binary, runs as the group. On a directory, new files inherit the directory's group — useful for shared workspaces.
  • 1xxx — sticky bit. On a directory like /tmp, prevents users from deleting files they don't own.

Pitfalls

  • SSH key too permissive. If ~/.ssh/id_rsa is 644, ssh refuses to use it. Always 600.
  • World-writable web roots. Web shells get planted via 777 upload directories. Default to 755 and use ACLs for nuanced sharing.
  • Recursive chmod on a tree mixing files and directories. chmod -R 644 breaks cd on every directory. Use find . -type d -exec chmod 755 {} + and find . -type f -exec chmod 644 {} + separately.
  • Silently overriding ACLs. If a directory has POSIX ACLs (getfacl), chmod can mask them. Audit with getfacl after.

This calculator is fully offline. Toggle the checkboxes to see the matching octal value, or paste an octal number to see the resulting ls -l string.

Frequently Asked Questions

What is the difference between chmod 755 and chmod 775?

755 lets only the owner write (group and others can read+execute). 775 also lets the group write — common on shared development directories with setgid set.

Why does ssh refuse my private key with the error "permissions are too open"?

OpenSSH refuses keys that are group- or world-readable. Run "chmod 600 ~/.ssh/id_rsa" to fix it.

When do I need the setgid bit on a directory?

When multiple users contribute to the same directory and you want every new file to inherit a shared group. Set with "chmod 2775 directory".

Is chmod 777 ever appropriate?

Almost never. World-writable files are a standard target for attackers. Use group permissions or ACLs to grant narrow access.