Unix File Permissions Calculator (chmod)
Interactive chmod calculator. Check or uncheck permission bits for owner, group, and other, then read the octal number and symbolic notation in real time. Or type an octal number to decode it back into individual bits.
| tools.unix-permissions-calculator.label.read | tools.unix-permissions-calculator.label.write | tools.unix-permissions-calculator.label.execute | Oct | |
|---|---|---|---|---|
| tools.unix-permissions-calculator.label.owner | 7 | |||
| tools.unix-permissions-calculator.label.group | 5 | |||
| tools.unix-permissions-calculator.label.other | 5 |
Common Presets
chmod 755 filenameHow it works
The origin of octal notation in Unix permissions
Unix file permissions were designed by Ken Thompson in 1969 as part of the original Unix on a PDP-7. Each file stores nine permission bits โ three for the owner, three for the group, and three for everyone else โ packed into a 16-bit inode field alongside the file type. Grouping each trio of bits into a single octal digit (0โ7) was the natural choice: one digit per entity, three digits total. The octal convention was codified in POSIX.1-1988 and has remained unchanged in every Linux, macOS, BSD, and Unix-like system ever since.
The symbolic form (rwxr-xr-x) appeared in `ls -l` output from the earliest Unix distributions and became the human-readable complement to the octal number. POSIX defines both representations as normative, meaning any conforming system must support them. When you run `chmod u+x file` you're using the symbolic form; `chmod 755 file` uses the octal form. Both arrive at the exact same kernel operation: setting specific bits in the inode's mode field.
What read, write, and execute each mean
For a regular file: read (r=4) lets the entity open and read the file's contents. Write (w=2) lets it modify or truncate the file. Execute (x=1) lets it run the file as a program. Each is independent โ you can have a file that is read-only (r--) or write-only (-w-), though that last combination is unusual. The octal digit for each entity is the sum of the bits that are set: rwx = 4+2+1 = 7, r-x = 4+0+1 = 5, r-- = 4+0+0 = 4.
For a directory, the meanings shift. Read (r) lets you list the directory with `ls`. Execute (x) โ sometimes called the search bit โ lets you enter the directory with `cd` and access files inside it by name. Write (w) lets you create, delete, or rename files inside the directory. A directory with r but without x is nearly useless: you can see the filenames but cannot open any of them. Typical directories are 755 (owner can create files; group and others can only traverse and read).
Common permission patterns and security considerations
644 (rw-r--r--) is the standard for regular files like configs, HTML, and text: the owner can edit, everyone else can read. 755 (rwxr-xr-x) is standard for directories and executable scripts: the owner controls the contents, everyone else can traverse and read. 600 (rw-------) and 700 (rwx------) restrict access entirely to the owner โ appropriate for SSH private keys, password files, and personal scripts. Never use 777 on anything exposed to the web; giving write access to "other" means any process on the system can overwrite the file.
The umask setting determines the default permissions applied to newly created files and directories. A umask of 022 (common on most systems) means new files get 644 and new directories get 755, because the umask bits are subtracted from 666 (file default) and 777 (directory default). Security-hardened systems often use umask 027 or 077, making new files readable only by the owner or not readable at all by group/others. Understanding both chmod values and umask together gives full control over your system's permission baseline.
Frequently asked questions
โบWhat does 755 mean?
755 means the owner has read+write+execute (7=4+2+1), group has read+execute (5=4+1), and others have read+execute (5=4+1). It is the standard permission for directories and executable scripts: the owner can modify, everyone else can read and traverse.
โบWhat does 644 mean?
644 means the owner has read+write (6=4+2), group has read-only (4), and others have read-only (4). It is the default for regular files like config files, web pages, and text documents.
โบWhy does a directory need execute permission?
For directories, the execute bit is the 'search' bit. Without it you cannot cd into the directory or open files inside it by path, even if you can list its contents with the read bit. A directory with read but not execute is nearly useless in practice.
โบWhat is the difference between owner, group, and other?
Owner is the user account that owns the file (set at creation or changed with chown). Group is the group assigned to the file (changed with chgrp); any user in that group gets the group permissions. Other covers every user on the system who is neither the owner nor in the group.
โบWhat are SUID and SGID?
SUID (Set User ID) and SGID (Set Group ID) are special permission bits beyond the standard nine. When SUID is set on an executable, it runs with the file owner's privileges rather than the caller's โ used by commands like passwd and sudo. SGID on a directory makes new files inherit the directory's group. These are represented by an 's' in the symbolic form (e.g., rwsr-xr-x) and add 4000 or 2000 to the octal value (e.g., 4755).
โบIs chmod 777 dangerous?
Yes, especially on a shared system or web server. 777 grants full read, write, and execute to every user on the machine. Any other process โ including compromised web applications โ can overwrite or execute the file. On web servers this often enables arbitrary code execution. Limit permissions to only what is necessary.
โบHow do I use the chmod command?
Use `chmod OCTAL path` for a single file, or `chmod -R OCTAL directory` to recursively apply to all files inside a directory. For example: `chmod 644 index.html` or `chmod 755 /var/www`. You can also use symbolic syntax: `chmod u+x script.sh` adds execute permission for the owner without touching the other bits.
โบWhat is umask and how does it relate to permissions?
umask is a mask applied to the default permissions whenever a new file or directory is created. A umask of 022 removes write permission from group and other, so new files get 644 and new directories get 755. Run `umask` in your shell to see the current setting, and `umask VALUE` to change it for the current session.
Related tools
Last updated: