chmod Calculator: Calculate Unix File Permission Values Online
Calculate Unix chmod permission values by clicking checkboxes for owner, group, and other. Get the octal code and the chmod command instantly.
Try the free online tool
Runs entirely in your browser — no signup, no uploads.
Unix file permissions control who can read, write, and execute files and directories on Linux and macOS systems. Every file has three permission sets — for the owner, the group, and all other users — and each set has three bits: read (r), write (w), and execute (x). While the symbolic notation ('rwxr-xr--') is readable once you learn it, the octal notation ('755') used by the chmod command is compact and frequently used in documentation, deployment scripts, and server configuration guides.
Translating between symbolic permissions and octal values requires simple arithmetic (read=4, write=2, execute=1, summed per group), but it is easy to get wrong under pressure — particularly for special permissions like the setuid bit, setgid bit, and sticky bit. Misconfigured file permissions are a common source of both security vulnerabilities (world-writable files, executable scripts owned by root) and access issues (application logs not writable by the service user).
This calculator provides a visual checkbox interface for all nine standard permission bits plus the three special bits. As you check and uncheck permissions, the octal value and the exact chmod command update in real time. The reverse also works: type an octal value and the checkboxes update to show the corresponding permissions, making it easy to understand what a permission value from documentation or a production server actually means.
What Are Unix File Permissions?
Unix file permissions implement a discretionary access control model where every file and directory has an owner (a user) and a group. Three sets of permission bits control access for three categories of principals: the owner of the file, members of the file's group, and all other users on the system. Each permission set has three bits: read (r), write (w), and execute (x).
For files, read permission allows the file's contents to be read, write permission allows modification, and execute permission allows the file to be run as a program. For directories, read means the contents can be listed (ls), write means files can be created or deleted inside the directory, and execute means the directory can be entered (cd) and used as part of a path.
The octal notation represents all nine bits as three octal digits. Each digit is the sum of the active bits in one group: read (4) + write (2) + execute (1). So '755' means the owner has read+write+execute (7=4+2+1), the group has read+execute (5=4+1), and others have read+execute (5=4+1). This is the typical permission for web server directories.
How to Use This Tool
The calculator works in both directions — from checkboxes to octal, and from octal to checkboxes:
- 1
Check the permission boxes
Click the checkboxes in the owner, group, and other rows to enable or disable read, write, and execute permissions for each category. The octal value and chmod command update instantly.
- 2
Or enter an octal value
Type a three- or four-digit octal value (like 755 or 644) into the octal input field. The checkboxes update to show exactly which permissions that value enables, helping you understand values from documentation or server listings.
- 3
Review special bits if needed
For advanced use cases, check the setuid, setgid, or sticky bit boxes. A leading '1', '2', or '4' digit appears in the octal representation when these are set (e.g., 1755 for a directory with sticky bit).
- 4
Copy the chmod command
The ready-to-run chmod command (e.g., 'chmod 755 filename') appears in the command output field. Click Copy and paste it directly into your terminal.
Common Use Cases
Correct file permissions are essential for security and functionality across many server and development scenarios:
- Setting web server document root permissions (typically 755 for directories, 644 for files) to allow nginx or Apache to read content without granting write access
- Making shell scripts and deployment scripts executable ('chmod +x deploy.sh') so they can be run directly
- Securing SSH private key files ('chmod 600 ~/.ssh/id_rsa') which must not be readable by group or other users for SSH to accept them
- Configuring application log directories to be writable by the service user but not world-writable, preventing log injection by other system users
- Setting the sticky bit on shared directories (like /tmp) so users can only delete their own files even when they have write permission to the directory
Tips and Best Practices
File permissions are a first line of defense for system security. These practices help you apply them correctly:
- Apply the principle of least privilege: give files only the permissions actually required. Start with 600 (owner read/write only) and expand only when needed.
- Never use 777 (world-readable, world-writable, world-executable) on a production server. It grants all users full access and is almost always a misconfiguration or a lazy workaround for a permission issue.
- Use 'chmod -R' to apply permissions recursively, but be careful to use different values for files and directories (files rarely need execute permission). The 'find' command combined with chmod is safer: find . -type f -exec chmod 644 {} +
- Check the umask value on your system ('umask' command) as it subtracts permissions from the default for newly created files. A umask of 022 gives new files 644 and new directories 755.
- Use 'ls -la' to inspect the current permissions of files and directories. The first column shows the permission string in symbolic format (e.g., '-rwxr-xr-x') which you can cross-reference with this calculator.
Frequently Asked Questions
What do the three numbers in a chmod value like 755 represent?
Each digit represents the permissions for one category: the first digit is the owner, the second is the group, and the third is all other users. Each digit is the sum of the active bits: read (4) + write (2) + execute (1). So 7=rwx, 5=r-x, 5=r-x means the owner can read, write, and execute; the group and others can only read and execute.
What is the difference between chmod 644 and chmod 755?
chmod 644 (rw-r--r--) means the owner can read and write but not execute; group and others can only read. This is typical for text files, configuration files, and web page content. chmod 755 (rwxr-xr-x) adds execute permission for the owner and traverse permission for group and others, typical for directories and executable scripts.
What are setuid, setgid, and the sticky bit?
The setuid bit on an executable causes it to run with the file owner's privileges rather than the caller's (used by commands like sudo and passwd). The setgid bit on a directory causes new files created inside to inherit the directory's group. The sticky bit on a directory (like /tmp) prevents users from deleting files they do not own, even with write permission to the directory.
Why does SSH reject my private key even though I can read it?
SSH intentionally refuses to use private key files that are readable by users other than the owner. The required permission is 600 (owner read/write only, no group or other access). Run 'chmod 600 ~/.ssh/id_rsa' to fix this. SSH also requires that the ~/.ssh directory itself is 700.
What is the difference between symbolic and octal chmod syntax?
Octal syntax ('chmod 755 file') sets absolute permissions by specifying all nine bits at once. Symbolic syntax ('chmod u+x file', 'chmod go-w file') modifies permissions relatively using + to add and - to remove specific bits for specific user categories (u=user/owner, g=group, o=others, a=all). Symbolic syntax is safer when you only want to change one bit without affecting others.
How do I find all files with a specific permission on a server?
Use the find command with the -perm flag: 'find /var/www -perm 777' finds files with exactly 777 permissions. Use '-perm /222' to find files writable by anyone, or '-perm -u+s' to find setuid files. This is a standard first step in a server security audit.
Ready to use this tool?
Free, instant, no account required. Runs entirely in your browser.