Chmod Calculator

Calculate Unix/Linux file permissions in octal and symbolic notation for chmod command.

Set Permissions

Owner (u)= 6
Group (g)= 4
Others (o)= 4

Or Enter Octal Value

Octal

644

Symbolic

-rw-r--r--

Commands

Octal notation
chmod 644 filename
Symbolic notation
chmod u=rw,g=r,o=r filename

Permission Reference

r (4): Read - View file contents or list directory

w (2): Write - Modify file or directory contents

x (1): Execute - Run file or access directory

Security Tips

  • - Avoid 777 permissions in production
  • - Use 755 for directories, 644 for files
  • - Sensitive files should be 600 or 640

What Is chmod and Unix File Permissions?

The chmod command (short for change mode) is a foundational Unix and Linux utility that controls who can read, write, or execute a file or directory. Every file on a Unix-like system carries a set of permission bits that determine access for three distinct classes of users: the file's owner, members of the file's associated group, and others (everyone else on the system). Understanding and correctly setting these permissions is one of the most important skills for system administrators, web developers, and DevOps engineers alike.

Unix file permissions have existed since the earliest days of the operating system, dating back to the 1960s and 1970s. The model is elegantly simple: nine permission bits arranged in three groups of three. Each group controls Read (r), Write (w), and Execute (x) access for one of the three user classes. This design has proven remarkably durable — it powers billions of Linux servers, macOS machines, Android devices, and embedded systems today.

A chmod calculator removes the mental arithmetic required to convert between permission descriptions and the numeric codes that the chmod command actually uses. Instead of remembering that "owner can read and write, group can read, others can read" translates to the octal value 644, you simply check the boxes and let the calculator generate both the octal code and the ready-to-paste terminal command for you.

Whether you are deploying a web application, writing a shell script, securing a configuration file, or troubleshooting a "permission denied" error, this chmod permission calculator gives you the exact command you need in seconds.

How the Chmod Calculator Works

The chmod calculator converts your checkbox selections into an octal number and a symbolic notation string by assigning a fixed numeric weight to each permission type. Read access is worth 4, Write access is worth 2, and Execute access is worth 1. For each of the three user classes — Owner, Group, and Others — the calculator sums whichever weights are enabled.

The three resulting digits (each between 0 and 7) are then concatenated left-to-right to form the familiar three-digit octal permission code. For example, if the owner has read and write (4 + 2 = 6), the group has read only (4), and others have read only (4), the octal result is 644. The calculator simultaneously builds the symbolic representation, replacing each enabled bit with its letter and each disabled bit with a dash, then prepends a hyphen for regular files — giving -rw-r--r-- for the same example.

You can also work in reverse: type any three-digit octal value (such as 755) into the octal input field, click Apply, and the checkboxes will update to reflect the corresponding permissions. The calculator uses a bitwise AND operation to extract each bit: val & 4 for read, val & 2 for write, and val & 1 for execute.

Permission Digit Formula

digit = (read ? 4 : 0) + (write ? 2 : 0) + (execute ? 1 : 0)

Where:

  • digit= Octal digit for one user class (0–7)
  • read= Boolean — true if Read permission is enabled
  • write= Boolean — true if Write permission is enabled
  • execute= Boolean — true if Execute permission is enabled

Understanding Octal Notation

Octal (base-8) notation is the standard way to represent Unix file permissions numerically. Because each permission group has exactly three bits (read, write, execute), and three binary bits can represent values from 0 to 7, a single octal digit perfectly encodes all possible states for one user class. Stringing three such digits together covers owner, group, and others in nine bits total — exactly matching the nine permission slots in Unix's permission model.

The table below shows every possible octal digit and its meaning:

Octal Digit Binary Symbolic Permissions Granted
0000---None
1001--xExecute only
2010-w-Write only
3011-wxWrite and execute
4100r--Read only
5101r-xRead and execute
6110rw-Read and write
7111rwxRead, write, and execute

When you see a permission like 755, you read it as: owner = 7 (rwx), group = 5 (r-x), others = 5 (r-x). This is the standard permission for publicly accessible directories and executable scripts on web servers worldwide.

Symbolic Notation and chmod Commands

Besides octal numbers, chmod accepts a human-readable symbolic notation that spells out permissions using letters and operators. The symbolic form uses u for user (owner), g for group, and o for others, combined with = (set exactly), + (add), or - (remove) and the permission letters r, w, x.

For example, the octal command chmod 755 filename has an equivalent symbolic form: chmod u=rwx,g=rx,o=rx filename. Both commands produce the same result — they just express it differently. The octal form is more compact and common in scripts and documentation; the symbolic form is often preferred when you want to make incremental changes (like chmod +x script.sh to add execute permission without touching anything else).

The chmod calculator generates both forms automatically. The octal command is the most broadly recognized and fastest to type; the symbolic command is more self-documenting and safer when you want to add or remove a single bit without accidentally resetting the others.

On most Linux distributions and macOS, you can also apply permissions recursively using the -R flag: chmod -R 755 /var/www/html. Be cautious with recursive chmod — it applies the same permissions to every file and subdirectory, which can break things if files and directories need different permissions (directories typically need execute to be traversable, while regular files usually should not be executable).

Common Permission Patterns and When to Use Them

After years of Unix and Linux convention, a handful of permission patterns have become standard defaults for specific types of files and directories. Knowing these patterns by heart — and understanding why each one is recommended — will help you make better security decisions.

Octal Symbolic Typical Use Case
644-rw-r--r--Standard web files, HTML, CSS, images
755-rwxr-xr-xDirectories and executable scripts
600-rw-------SSH private keys, secrets, .env files
640-rw-r-----Config files readable by a service group
700-rwx------Private scripts and personal directories
750-rwxr-x---Group-accessible directories
444-r--r--r--Read-only reference files
777-rwxrwxrwxTemporary or development use only — never in production

The key principle is least privilege: grant only the permissions that are genuinely required for the file's purpose. If a file does not need to be executed, remove execute bits. If a file contains sensitive data, remove group and others read bits. This approach limits the blast radius of any security breach or misconfiguration.

Security Considerations for File Permissions

File permissions are the first line of defense in Unix security. Incorrect permissions are among the most common causes of both accidental data exposure and deliberate exploitation. Understanding the security implications of each permission setting is critical for anyone deploying applications or managing servers.

World-writable files (777 or any octal ending in 7) are a serious risk in multi-user or web-hosting environments. Any process running on the system — including a compromised web application — can overwrite these files. Attackers who gain limited access to a server frequently look for world-writable directories to plant malicious scripts.

SUID and SGID bits (represented by an s in the symbolic notation) are advanced permission features not covered by a basic three-digit chmod but worth knowing. An SUID executable runs with the file owner's privileges rather than the caller's. These bits require extra scrutiny and should never be set unnecessarily.

Web server files typically follow the pattern of 644 for files and 755 for directories. The web server process (often running as www-data or nginx) belongs to the file's group, so it can read files without being the owner. Config files holding database credentials or API keys should always be 600 or 640 — never readable by others.

SSH keys have strict requirements: OpenSSH refuses to use private keys unless they are set to 600 (owner read/write only). The .ssh directory itself should be 700. This is one of the most common permission mistakes new Linux users make, and it causes authentication failures that look cryptic until you check the permissions.

Worked Examples

Standard Web File (644)

Problem:

You are deploying HTML, CSS, and image files to a web server. The web server process should be able to read the files, but only the owner should be able to modify them. No one needs execute permission.

Solution Steps:

  1. 1Owner needs Read + Write: (4 + 2 + 0) = 6
  2. 2Group needs Read only: (4 + 0 + 0) = 4
  3. 3Others need Read only: (4 + 0 + 0) = 4
  4. 4Octal result: 644 → symbolic: -rw-r--r--
  5. 5Command: chmod 644 index.html

Result:

chmod 644 index.html — The owner can read and modify the file. The web server group and all other users can read it but cannot make changes.

Executable Shell Script (755)

Problem:

You have written a deployment script that any team member should be able to run, but only you (the owner) should be allowed to edit it. The script directory also needs these permissions so it is traversable.

Solution Steps:

  1. 1Owner needs Read + Write + Execute: (4 + 2 + 1) = 7
  2. 2Group needs Read + Execute: (4 + 0 + 1) = 5
  3. 3Others need Read + Execute: (4 + 0 + 1) = 5
  4. 4Octal result: 755 → symbolic: -rwxr-xr-x
  5. 5Command: chmod 755 deploy.sh

Result:

chmod 755 deploy.sh — The owner can read, edit, and run the script. Group members and all other users can read and execute it but cannot modify it.

Private Configuration File (600)

Problem:

You have a .env file containing database passwords and API secret keys. Only the application owner process should be able to read or write this file. No group or public access should exist.

Solution Steps:

  1. 1Owner needs Read + Write: (4 + 2 + 0) = 6
  2. 2Group needs no access: (0 + 0 + 0) = 0
  3. 3Others need no access: (0 + 0 + 0) = 0
  4. 4Octal result: 600 → symbolic: -rw-------
  5. 5Command: chmod 600 .env

Result:

chmod 600 .env — Only the file owner can read or write the file. Group members and all other users have zero access, protecting sensitive credentials.

Group-Readable Log File (640)

Problem:

A web application writes log files that a monitoring group needs to read for analysis, but public users should have no access and the logs should not be executable.

Solution Steps:

  1. 1Owner needs Read + Write: (4 + 2 + 0) = 6
  2. 2Group needs Read only: (4 + 0 + 0) = 4
  3. 3Others need no access: (0 + 0 + 0) = 0
  4. 4Octal result: 640 → symbolic: -rw-r-----
  5. 5Command: chmod 640 app.log

Result:

chmod 640 app.log — The owner can read and write the log file. Members of the associated group can read it. All other users are denied access entirely.

Tips & Best Practices

  • Use 644 for web-served files and 755 for directories as your baseline on shared hosting or web servers.
  • Never set 777 in a production environment — even temporarily. Use 755 or 775 if a group needs write access.
  • Protect .env, credentials.json, and private key files with 600 (owner read/write only).
  • Apply chmod recursively with care; use find with -type f and -type d to apply different permissions to files vs directories.
  • Add execute permission only to files that are actually scripts or binaries — not to config files, HTML, or data files.
  • After uploading files via FTP or SFTP, verify permissions with ls -la — some transfer tools default to 777.
  • SSH private keys must be 600 or OpenSSH will refuse to use them; the .ssh directory should be 700.
  • Use chmod u+x script.sh (symbolic add) when you just want to add execute without resetting other bits.
  • Remember that group members of a web server (like www-data) need at least read (r) on files and traverse (x) on directories to serve content.

Frequently Asked Questions

chmod 777 grants Read, Write, and Execute permission to the owner (7 = 4+2+1), the group (7), and all other users (7). In symbolic form this is -rwxrwxrwx. It is dangerous because any user or process on the system — including a compromised web application — can read, overwrite, or execute the file. This is a common vector for attackers to plant backdoors or deface websites. Only use 777 in completely isolated development environments, and never in production.
Octal notation (e.g., chmod 644 file) uses three digits to set permissions for all three user classes at once by encoding the bits as numbers. Symbolic notation (e.g., chmod u=rw,g=r,o=r file) uses letters to name the user class and permissions explicitly. Octal sets absolute permissions and is compact; symbolic is more readable and supports relative changes (like chmod +x to add execute without touching other bits). Both notations are fully supported by the chmod command on Linux and macOS.
For directories, the execute bit (x) means "traverse" or "search" permission rather than literally running the directory. A user needs execute permission on a directory to enter it (cd into it), access files inside it by path, or list its contents. Without execute permission on a directory, a user cannot access anything inside — even if they have read permission on the individual files. This is why directories should almost always have their execute bits set wherever read access is granted.
Use the -R (recursive) flag: chmod -R 755 /path/to/directory. However, be careful because this applies the same permissions to every file and subdirectory. Directories typically need execute permission (755) to be traversable, but regular files usually should not be executable (644 is safer). A common pattern is to set directories to 755 and files to 644 separately using find: find /path -type d -exec chmod 755 {} + and find /path -type f -exec chmod 644 {} +.
OpenSSH deliberately refuses to use private key files that are accessible to other users because it would be a security risk. The fix is chmod 600 ~/.ssh/id_rsa (or whatever your key file is named), which restricts access to the owner read/write only. The .ssh directory itself should be chmod 700 (owner access only). After correcting the permissions, SSH will accept the key without warnings.
The umask (user file-creation mask) is a bitmask that subtracts from default permissions when new files and directories are created. A common umask of 022 means new files get 644 (666 minus 022) and new directories get 755 (777 minus 022) by default. chmod is used to change existing file permissions, while umask controls the starting permissions for newly created files. You can view your current umask by typing umask in the terminal.
Yes. The chmod command and the underlying Unix permission model work identically on macOS (which is a certified Unix system based on BSD) and on Linux distributions. The same octal codes and symbolic notations apply on both platforms. The only notable difference is that macOS's ls command uses a slightly extended symbolic notation for special bits like ACLs, but standard chmod 644, 755, and 600 commands work exactly the same way on both.

Sources & References

Last updated: 2026-06-05

💡

Help us improve!

How would you rate the Chmod Calculator?

<>

Editorial Note

MyCalcBuddy Editorial Team

This page is maintained as an educational calculator reference.

Source

Formula Source: Standard Mathematical References

by Various

UpdatedLast reviewed: May 2026
CheckedFormula checks are based on standard references and internal QA review.