Convert between chmod numeric and symbolic notation. Visualize Unix file permissions for owner, group, and others with an interactive permission builder.
File permissions in Unix and Linux systems control who can read, write, and execute files and directories. The chmod command sets these permissions using either numeric (octal) notation like 755 or symbolic notation like rwxr-xr-x. Understanding both formats is essential for system administrators, developers, and anyone working with Linux servers.
Our Chmod Calculator provides an interactive way to build and understand Unix file permissions. Toggle individual read, write, and execute bits for owner, group, and others, and instantly see the corresponding numeric code and symbolic representation. The calculator also explains what each permission combination means in practice and shows the full chmod command you need to run.
Whether you're setting up web server file permissions, configuring deployment scripts, or troubleshooting access denied errors, this calculator eliminates the mental math of converting between octal and symbolic notation. It includes common permission presets (644 for files, 755 for directories, 600 for private files) and warnings about security-sensitive combinations like 777 (world-writable).
Stop guessing permission numbers. Visually build the exact chmod command you need and understand what each bit means. Includes security warnings to prevent common permission mistakes. Keep these notes focused on your operational context. Tie the context to the calculator’s intended domain. Use this clarification to avoid ambiguous interpretation. Align this note with review checkpoints.
Permission Octal = Owner×64 + Group×8 + Others×1 Each digit: Read(4) + Write(2) + Execute(1) Example: rwxr-xr-x = (4+2+1)(4+0+1)(4+0+1) = 755
Result: 755 (rwxr-xr-x)
Owner has full access (rwx=7), group can read and execute (r-x=5), others can read and execute (r-x=5). This is the standard permission for executable files and directories.
The Unix permission model divides access control into three categories: the file owner (user), the group, and everyone else (others). Each category independently gets three permission bits: read (r=4), write (w=2), and execute (x=1). This creates a 9-bit permission field typically displayed as three octal digits or nine symbolic characters.
The owner is the user who created the file (changeable with chown). The group is a named collection of users (changeable with chgrp). Others means every user on the system who isn't the owner and isn't in the group. Permissions are checked in order: if you're the owner, owner permissions apply; if you're in the group, group permissions apply; otherwise, others permissions apply.
644 (rw-r--r--) is the standard for regular files — the owner can edit, everyone else can read. 755 (rwxr-xr-x) is standard for directories and executables — the owner has full access, others can read and execute. 600 (rw-------) is for private files like SSH keys and passwords — only the owner can access them. 700 (rwx------) is for private directories. 666 and 777 should almost never be used as they grant write access to everyone.
Web server files typically need 644 (owner=webserver user), and web directories need 755. Upload directories sometimes need 775 if the web server and deployment user share a group. Configuration files containing passwords should be 600 or 640.
Beyond the basic 9 permission bits, Unix has three special bits. The setuid bit (4xxx) on an executable makes it run with the file owner's privileges — /usr/bin/passwd uses this to allow regular users to change their password in the shadow file. The setgid bit (2xxx) on a directory makes new files inherit the directory's group instead of the creator's primary group — useful for shared project directories. The sticky bit (1xxx) on a directory prevents users from deleting files they don't own — /tmp uses 1777 so all users can create temporary files but can't delete each other's files.
Owner can read, write, and execute (7). Group members can read and execute (5). Others can read and execute (5). This is the standard permission for directories and executable scripts.
Owner can read and write (6). Group and others can only read (4). This is the standard permission for regular non-executable files like HTML, CSS, and configuration files.
chmod 777 gives everyone full read, write, and execute access. Any user on the system can modify or delete the file. This is almost never appropriate and is a significant security risk.
For files: read=view contents, write=modify, execute=run as program. For directories: read=list contents, write=create/delete files inside, execute=access (cd into) the directory.
The sticky bit (chmod +t or 1xxx) on a directory prevents users from deleting other users' files, even if they have write permission. /tmp uses this (1777) so anyone can create files but only the owner can delete them.
Setuid (4xxx) makes a file execute as its owner, not the user running it. Setgid (2xxx) makes it execute as its group. These are used for programs like passwd that need elevated privileges.