Chmod Calculator
Calculate Unix/Linux file permissions in octal and symbolic notation for chmod command.
Set Permissions
Or Enter Octal Value
Octal
644
Symbolic
-rw-r--r--
Commands
chmod 644 filenamechmod u=rw,g=r,o=r filenamePermission Reference
r (4): Read - View file contents or list directory
w (2): Write - Modify file or directory contents
x (1): Execute - Run file or access directory
Security Tips
- - Avoid 777 permissions in production
- - Use 755 for directories, 644 for files
- - Sensitive files should be 600 or 640
What Is chmod and Unix File Permissions?
The chmod command (short for change mode) is a foundational Unix and Linux utility that controls who can read, write, or execute a file or directory. Every file on a Unix-like system carries a set of permission bits that determine access for three distinct classes of users: the file's owner, members of the file's associated group, and others (everyone else on the system). Understanding and correctly setting these permissions is one of the most important skills for system administrators, web developers, and DevOps engineers alike.
Unix file permissions have existed since the earliest days of the operating system, dating back to the 1960s and 1970s. The model is elegantly simple: nine permission bits arranged in three groups of three. Each group controls Read (r), Write (w), and Execute (x) access for one of the three user classes. This design has proven remarkably durable — it powers billions of Linux servers, macOS machines, Android devices, and embedded systems today.
A chmod calculator removes the mental arithmetic required to convert between permission descriptions and the numeric codes that the chmod command actually uses. Instead of remembering that "owner can read and write, group can read, others can read" translates to the octal value 644, you simply check the boxes and let the calculator generate both the octal code and the ready-to-paste terminal command for you.
Whether you are deploying a web application, writing a shell script, securing a configuration file, or troubleshooting a "permission denied" error, this chmod permission calculator gives you the exact command you need in seconds.
How the Chmod Calculator Works
The chmod calculator converts your checkbox selections into an octal number and a symbolic notation string by assigning a fixed numeric weight to each permission type. Read access is worth 4, Write access is worth 2, and Execute access is worth 1. For each of the three user classes — Owner, Group, and Others — the calculator sums whichever weights are enabled.
The three resulting digits (each between 0 and 7) are then concatenated left-to-right to form the familiar three-digit octal permission code. For example, if the owner has read and write (4 + 2 = 6), the group has read only (4), and others have read only (4), the octal result is 644. The calculator simultaneously builds the symbolic representation, replacing each enabled bit with its letter and each disabled bit with a dash, then prepends a hyphen for regular files — giving -rw-r--r-- for the same example.
You can also work in reverse: type any three-digit octal value (such as 755) into the octal input field, click Apply, and the checkboxes will update to reflect the corresponding permissions. The calculator uses a bitwise AND operation to extract each bit: val & 4 for read, val & 2 for write, and val & 1 for execute.
Permission Digit Formula
Where:
- digit= Octal digit for one user class (0–7)
- read= Boolean — true if Read permission is enabled
- write= Boolean — true if Write permission is enabled
- execute= Boolean — true if Execute permission is enabled
Understanding Octal Notation
Octal (base-8) notation is the standard way to represent Unix file permissions numerically. Because each permission group has exactly three bits (read, write, execute), and three binary bits can represent values from 0 to 7, a single octal digit perfectly encodes all possible states for one user class. Stringing three such digits together covers owner, group, and others in nine bits total — exactly matching the nine permission slots in Unix's permission model.
The table below shows every possible octal digit and its meaning:
| Octal Digit | Binary | Symbolic | Permissions Granted |
|---|---|---|---|
| 0 | 000 | --- | None |
| 1 | 001 | --x | Execute only |
| 2 | 010 | -w- | Write only |
| 3 | 011 | -wx | Write and execute |
| 4 | 100 | r-- | Read only |
| 5 | 101 | r-x | Read and execute |
| 6 | 110 | rw- | Read and write |
| 7 | 111 | rwx | Read, write, and execute |
When you see a permission like 755, you read it as: owner = 7 (rwx), group = 5 (r-x), others = 5 (r-x). This is the standard permission for publicly accessible directories and executable scripts on web servers worldwide.
Symbolic Notation and chmod Commands
Besides octal numbers, chmod accepts a human-readable symbolic notation that spells out permissions using letters and operators. The symbolic form uses u for user (owner), g for group, and o for others, combined with = (set exactly), + (add), or - (remove) and the permission letters r, w, x.
For example, the octal command chmod 755 filename has an equivalent symbolic form: chmod u=rwx,g=rx,o=rx filename. Both commands produce the same result — they just express it differently. The octal form is more compact and common in scripts and documentation; the symbolic form is often preferred when you want to make incremental changes (like chmod +x script.sh to add execute permission without touching anything else).
The chmod calculator generates both forms automatically. The octal command is the most broadly recognized and fastest to type; the symbolic command is more self-documenting and safer when you want to add or remove a single bit without accidentally resetting the others.
On most Linux distributions and macOS, you can also apply permissions recursively using the -R flag: chmod -R 755 /var/www/html. Be cautious with recursive chmod — it applies the same permissions to every file and subdirectory, which can break things if files and directories need different permissions (directories typically need execute to be traversable, while regular files usually should not be executable).
Common Permission Patterns and When to Use Them
After years of Unix and Linux convention, a handful of permission patterns have become standard defaults for specific types of files and directories. Knowing these patterns by heart — and understanding why each one is recommended — will help you make better security decisions.
| Octal | Symbolic | Typical Use Case |
|---|---|---|
| 644 | -rw-r--r-- | Standard web files, HTML, CSS, images |
| 755 | -rwxr-xr-x | Directories and executable scripts |
| 600 | -rw------- | SSH private keys, secrets, .env files |
| 640 | -rw-r----- | Config files readable by a service group |
| 700 | -rwx------ | Private scripts and personal directories |
| 750 | -rwxr-x--- | Group-accessible directories |
| 444 | -r--r--r-- | Read-only reference files |
| 777 | -rwxrwxrwx | Temporary or development use only — never in production |
The key principle is least privilege: grant only the permissions that are genuinely required for the file's purpose. If a file does not need to be executed, remove execute bits. If a file contains sensitive data, remove group and others read bits. This approach limits the blast radius of any security breach or misconfiguration.
Security Considerations for File Permissions
File permissions are the first line of defense in Unix security. Incorrect permissions are among the most common causes of both accidental data exposure and deliberate exploitation. Understanding the security implications of each permission setting is critical for anyone deploying applications or managing servers.
World-writable files (777 or any octal ending in 7) are a serious risk in multi-user or web-hosting environments. Any process running on the system — including a compromised web application — can overwrite these files. Attackers who gain limited access to a server frequently look for world-writable directories to plant malicious scripts.
SUID and SGID bits (represented by an s in the symbolic notation) are advanced permission features not covered by a basic three-digit chmod but worth knowing. An SUID executable runs with the file owner's privileges rather than the caller's. These bits require extra scrutiny and should never be set unnecessarily.
Web server files typically follow the pattern of 644 for files and 755 for directories. The web server process (often running as www-data or nginx) belongs to the file's group, so it can read files without being the owner. Config files holding database credentials or API keys should always be 600 or 640 — never readable by others.
SSH keys have strict requirements: OpenSSH refuses to use private keys unless they are set to 600 (owner read/write only). The .ssh directory itself should be 700. This is one of the most common permission mistakes new Linux users make, and it causes authentication failures that look cryptic until you check the permissions.
Worked Examples
Standard Web File (644)
Problem:
You are deploying HTML, CSS, and image files to a web server. The web server process should be able to read the files, but only the owner should be able to modify them. No one needs execute permission.
Solution Steps:
- 1Owner needs Read + Write: (4 + 2 + 0) = 6
- 2Group needs Read only: (4 + 0 + 0) = 4
- 3Others need Read only: (4 + 0 + 0) = 4
- 4Octal result: 644 → symbolic: -rw-r--r--
- 5Command: chmod 644 index.html
Result:
chmod 644 index.html — The owner can read and modify the file. The web server group and all other users can read it but cannot make changes.
Executable Shell Script (755)
Problem:
You have written a deployment script that any team member should be able to run, but only you (the owner) should be allowed to edit it. The script directory also needs these permissions so it is traversable.
Solution Steps:
- 1Owner needs Read + Write + Execute: (4 + 2 + 1) = 7
- 2Group needs Read + Execute: (4 + 0 + 1) = 5
- 3Others need Read + Execute: (4 + 0 + 1) = 5
- 4Octal result: 755 → symbolic: -rwxr-xr-x
- 5Command: chmod 755 deploy.sh
Result:
chmod 755 deploy.sh — The owner can read, edit, and run the script. Group members and all other users can read and execute it but cannot modify it.
Private Configuration File (600)
Problem:
You have a .env file containing database passwords and API secret keys. Only the application owner process should be able to read or write this file. No group or public access should exist.
Solution Steps:
- 1Owner needs Read + Write: (4 + 2 + 0) = 6
- 2Group needs no access: (0 + 0 + 0) = 0
- 3Others need no access: (0 + 0 + 0) = 0
- 4Octal result: 600 → symbolic: -rw-------
- 5Command: chmod 600 .env
Result:
chmod 600 .env — Only the file owner can read or write the file. Group members and all other users have zero access, protecting sensitive credentials.
Group-Readable Log File (640)
Problem:
A web application writes log files that a monitoring group needs to read for analysis, but public users should have no access and the logs should not be executable.
Solution Steps:
- 1Owner needs Read + Write: (4 + 2 + 0) = 6
- 2Group needs Read only: (4 + 0 + 0) = 4
- 3Others need no access: (0 + 0 + 0) = 0
- 4Octal result: 640 → symbolic: -rw-r-----
- 5Command: chmod 640 app.log
Result:
chmod 640 app.log — The owner can read and write the log file. Members of the associated group can read it. All other users are denied access entirely.
Tips & Best Practices
- ✓Use 644 for web-served files and 755 for directories as your baseline on shared hosting or web servers.
- ✓Never set 777 in a production environment — even temporarily. Use 755 or 775 if a group needs write access.
- ✓Protect .env, credentials.json, and private key files with 600 (owner read/write only).
- ✓Apply chmod recursively with care; use find with -type f and -type d to apply different permissions to files vs directories.
- ✓Add execute permission only to files that are actually scripts or binaries — not to config files, HTML, or data files.
- ✓After uploading files via FTP or SFTP, verify permissions with ls -la — some transfer tools default to 777.
- ✓SSH private keys must be 600 or OpenSSH will refuse to use them; the .ssh directory should be 700.
- ✓Use chmod u+x script.sh (symbolic add) when you just want to add execute without resetting other bits.
- ✓Remember that group members of a web server (like www-data) need at least read (r) on files and traverse (x) on directories to serve content.
Frequently Asked Questions
Sources & References
Last updated: 2026-06-05
Help us improve!
How would you rate the Chmod Calculator?
Editorial Note
MyCalcBuddy Editorial Team
This page is maintained as an educational calculator reference.
Formula Source: Standard Mathematical References
by Various