{ }DevToolBox

Chmod Calculator

Calculate Linux/Unix file permissions with an interactive grid. Toggle permissions visually or enter an octal number directly. Copy the generated chmod command with one click. Everything runs in your browser — no data is sent to any server.

Permission Settings
Read (4)Write (2)Execute (1)
Owner
Group
Others
Result

Type a 3-digit octal number (0-7) to update the permission grid above.

rwxr-xr-x
chmod 755 filename
Owner: read, write, execute | Group: read, execute | Others: read, execute
Common Presets

Linux File Permissions Explained

Every file and directory on a Linux or Unix system has an associated set of permissions that control who can read, write, or execute it. These permissions are a cornerstone of the Unix security model and determine how users and processes interact with the filesystem. A clear understanding of file permissions is essential for system administrators, developers, and anyone working with Linux servers.

When you run ls -l in a terminal, the first column of output displays the permission string, such as -rwxr-xr-x. This 10-character string encodes the file type (the first character) and three groups of three permissions: one group each for the file’s owner, group, and others(sometimes called “world”).

Owner, Group, and Others

Linux organizes access control around three categories of users:

  • Owner (User) — The user who owns the file. Typically the user who created it, though ownership can be changed with chown.
  • Group — A named collection of users. Every file belongs to one group. Members of that group receive the group-level permissions.
  • Others — All other users on the system who are neither the owner nor members of the file’s group.

Each category has its own independent set of read, write, and execute permissions, allowing fine-grained control over who can do what with each file.

Read, Write, and Execute Bits

Each permission category carries three permission bits:

  • Read (r, value 4) — For files, allows reading the file contents. For directories, allows listing the directory entries.
  • Write (w, value 2) — For files, allows modifying the file. For directories, allows creating, deleting, or renaming files within the directory.
  • Execute (x, value 1) — For files, allows running the file as a program or script. For directories, allows entering (traversing) the directory with cd.

A hyphen (-) in the permission string indicates that the corresponding permission is not granted. For example, r-x means read and execute are granted, but write is not.

Octal (Numeric) Notation

The most common shorthand for file permissions is octal notation, which represents each category’s permissions as a single digit from 0 to 7. The digit is the sum of the permission values: read (4) + write (2) + execute (1). For example:

  • 7 = read + write + execute (4 + 2 + 1)
  • 6 = read + write (4 + 2)
  • 5 = read + execute (4 + 1)
  • 4 = read only
  • 0 = no permissions

A three-digit octal number like 755 encodes the full permission set: owner gets 7 (rwx), group gets 5 (r-x), and others get 5 (r-x). This is the default permission for most executable files and directories.

Symbolic Notation

Symbolic notation uses the letters r, w, and x to represent permissions. The full symbolic string for a regular file looks like -rwxr-xr-x, where the first character indicates the file type (- for regular file, d for directory, l for symlink) and the remaining nine characters are three groups of rwx for owner, group, and others respectively.

The chmod command also accepts symbolic arguments for modifying permissions incrementally. For example, chmod u+x file adds execute permission for the owner, and chmod go-w file removes write permission from group and others.

The chmod Command

chmod (short for “change mode”) is the command used to change file permissions on Linux and Unix systems. Its basic syntax is:

chmod [options] mode file

Where mode can be either an octal number or a symbolic expression. Common options include -R for recursive application to all files in a directory tree, and -v for verbose output showing each file changed.

Examples:

  • chmod 755 script.sh — Owner can read/write/execute; group and others can read/execute.
  • chmod 644 document.txt — Owner can read/write; group and others can only read.
  • chmod 600 secret.key — Only the owner can read/write; no access for anyone else.
  • chmod -R 755 /var/www/html — Recursively set permissions for an entire web directory.

Common Permission Patterns

Different use cases call for different permission sets. Here are the most frequently used patterns:

  • 644 (rw-r--r--) — Standard permission for regular files. The owner can read and write; everyone else can only read.
  • 755 (rwxr-xr-x) — Standard permission for directories and executable scripts. The owner has full access; everyone else can read and execute but not modify.
  • 600 (rw-------) — Private file. Only the owner can read and write. Common for SSH private keys and sensitive configuration files.
  • 700 (rwx------) — Private directory. Only the owner can access it in any way.
  • 400 (r--------) — Read-only for the owner, no access for anyone else. Used for highly sensitive files that should not be accidentally modified.
  • 777 (rwxrwxrwx) — Full access for everyone. Avoid this in production as it allows any user to read, modify, and execute the file.

Setuid, Setgid, and Sticky Bit

Beyond the standard nine permission bits, Linux supports three special permission bits:

  • Setuid (SUID, 4000) — When set on an executable file, the program runs with the permissions of the file’s owner rather than the user who launched it. The classic example is /usr/bin/passwd, which needs root privileges to modify /etc/shadow but must be runnable by regular users.
  • Setgid (SGID, 2000) — On an executable, the program runs with the group of the file. On a directory, new files created within inherit the directory’s group instead of the creating user’s primary group. This is commonly used for shared project directories.
  • Sticky Bit (1000) — When set on a directory, only the file owner (or root) can delete or rename files within it, even if others have write permission on the directory. The /tmp directory on most systems has the sticky bit set (drwxrwxrwt) to prevent users from deleting each other’s temporary files.

These special bits are represented as a fourth leading digit in octal notation (e.g., 4755 for setuid with 755 permissions) or by replacing the x in the symbolic notation with s (setuid/setgid) or t (sticky).

Understanding umask

The umask (user file-creation mask) determines the default permissions for newly created files and directories. It works by subtracting bits from the maximum default permissions (typically 666 for files and 777 for directories). For example, a umask of 022 means new files get 644 (666 - 022) and new directories get 755 (777 - 022). You can view your current umask by running the umask command and change it by editing your shell profile (e.g., ~/.bashrc).

Security Implications of 777

Setting permissions to 777 grants every user on the system full read, write, and execute access to a file or directory. While this may seem like a quick fix for permission-denied errors during development, it is a serious security risk in production. Any user or compromised process can modify or delete the file, inject malicious code into scripts, or access sensitive data. Instead of using 777, identify the specific user or group that needs access and grant only the necessary permissions.

File vs Directory Permissions

The read, write, and execute bits have subtly different meanings for files and directories:

  • Read — File: view contents; Directory: list entries (file names).
  • Write — File: modify contents; Directory: create, delete, or rename entries.
  • Execute — File: run as program; Directory: traverse (access files within, requires knowing the file name).

A common source of confusion is a directory with read but not execute permission: you can list file names inside it but cannot access any of the files (you get “Permission denied” when trying to read them). Conversely, execute without read allows accessing files by name but prevents listing the directory contents.

Frequently Asked Questions

What is the difference between 755 and 644?

755 grants the owner full access (read, write, execute) and gives group and others read and execute access. 644 grants the owner read and write access while giving group and others read-only access. Use 755 for directories and executable files, and 644 for regular non-executable files.

Why can’t I run a script even though I own it?

The file likely does not have the execute bit set. Run chmod +x script.sh to add execute permission. Alternatively, you can invoke the interpreter directly: bash script.sh does not require execute permission on the script file itself.

What does “Permission denied” mean?

This error means your user account does not have the required permission (read, write, or execute) for the operation you are attempting. Check the file’s permissions with ls -l, verify your user and group membership, and adjust permissions with chmod or ownership with chown as needed.

How do I check my current permissions on a file?

Run ls -l filename to see the symbolic permission string, owner, group, size, and modification date. To see the octal representation, use stat -c "%a %n" filename on Linux or stat -f "%Lp %N" filename on macOS.

Can I set different permissions for individual users?

The basic Unix permission model only supports owner, group, and others. For more granular control, use Access Control Lists (ACLs) with the setfacl and getfacl commands. ACLs allow you to grant specific permissions to individual users or groups beyond the three standard categories.

Related Tools

.*
Regex Tester
±
Diff Checker
Cron Expression Parser
Wc
Word & Character Counter
HTTP
HTTP Status Codes
OG
Open Graph Preview