Chmod Calculator - Unix File Permissions
Calculate Unix/Linux file permissions interactively. Click checkboxes to set permissions or enter a numeric value. See numeric, symbolic, and command formats updated in real time.
| Read | Write | Execute | |
|---|---|---|---|
| Owner | |||
| Group | |||
| Others |
Permission Breakdown
How Unix File Permissions Work
Every file and directory on a Unix/Linux system has three sets of permissions controlling who can access it: the owner (the user who created the file), the group (users belonging to the file's group), and others (everyone else on the system). Each set has three permission types:
- Read (r = 4): View the file contents or list directory contents.
- Write (w = 2): Modify the file or add/remove files in a directory.
- Execute (x = 1): Run the file as a program or enter (cd into) a directory.
The numeric (octal) representation sums the permission values. Read (4) + Write (2) + Execute (1) = 7. Read (4) + Execute (1) = 5. Read (4) alone = 4. Each digit in a three-digit chmod value represents one set: owner, group, others.
Common Permission Values
| Numeric | Symbolic | Meaning | Use Case |
|---|---|---|---|
| 755 | rwxr-xr-x | Owner: all; Group/Others: read+execute | Directories, executable scripts, web server folders |
| 644 | rw-r--r-- | Owner: read+write; Group/Others: read only | Regular files, HTML, CSS, images, config files |
| 700 | rwx------ | Owner: all; Group/Others: none | Private scripts, SSH keys directory (~/.ssh) |
| 600 | rw------- | Owner: read+write; Group/Others: none | Private key files, .env files, passwords |
| 775 | rwxrwxr-x | Owner+Group: all; Others: read+execute | Shared project directories, team workspaces |
| 666 | rw-rw-rw- | All: read+write, no execute | Rarely used; allows everyone to edit |
| 777 | rwxrwxrwx | All: full access | Temporary debugging only; never in production |
| 444 | r--r--r-- | All: read only | Read-only config files, public certificates |
Symbolic vs Numeric Notation
The chmod command accepts both numeric (octal) and symbolic notation. Numeric notation sets all permissions at once: chmod 755 file. Symbolic notation modifies specific permissions: chmod u+x file (add execute for owner) or chmod g-w file (remove write for group).
# Numeric: set all at once
chmod 755 script.sh
# Symbolic: add execute for owner
chmod u+x script.sh
# Symbolic: remove write for group and others
chmod go-w config.json
# Symbolic: set exact permissions
chmod u=rwx,g=rx,o=rx script.shThe Symbolic Characters
| Character | Position | Meaning |
|---|---|---|
| r | 1st, 4th, 7th | Read permission granted |
| w | 2nd, 5th, 8th | Write permission granted |
| x | 3rd, 6th, 9th | Execute permission granted |
| - | any | Permission not granted |
The full symbolic string has 9 characters grouped in threes: rwxr-xr-x = owner (rwx), group (r-x), others (r-x).
Security Best Practices
- Never use 777 in production. It grants full access to every user on the system. If a web application or service needs write access, grant it only to the specific user or group that runs the process.
- SSH keys must be 600 or 400. OpenSSH refuses to use a private key if other users can read it. Use
chmod 600 ~/.ssh/id_rsa. - Web server files: Use 644 for static files and 755 for directories. The web server user needs read access, and the directory execute bit allows traversal.
- Scripts: Make scripts executable with
chmod +x script.shrather than 777. This adds execute permission without opening write access. - Sensitive config files: Database credentials, API keys, and .env files should be 600 — readable and writable only by the owner.
- Check current permissions with
ls -labefore changing them. The output shows the symbolic notation for each file.
chmod in Different Contexts
Docker Containers
In Dockerfiles, use RUN chmod +x entrypoint.sh to make scripts executable. Permission issues are a common source of container startup failures.
Git
Git tracks the executable bit. If you add chmod +x to a file, that change appears in git diff and is preserved across clones. Use git update-index --chmod=+x script.sh to set it without modifying the working tree.
CI/CD Pipelines
If a deploy script fails with "Permission denied," add chmod +x deploy.sh before execution, or ensure the file's executable bit is tracked in Git.
Frequently Asked Questions
What does chmod 755 mean?
chmod 755 sets the file so the owner has read, write, and execute permissions (7 = 4+2+1), while the group and others have read and execute permissions (5 = 4+0+1). The symbolic notation is rwxr-xr-x. This is the standard permission for directories, executable scripts, and web server folders.
What is the difference between chmod 644 and chmod 755?
chmod 644 (rw-r--r--) gives the owner read and write permissions; group and others get read-only. chmod 755 (rwxr-xr-x) adds execute permission for all three categories. Use 644 for regular files (documents, images, configs) and 755 for directories and scripts that need to be executed.
How do Unix file permissions work?
Every file has three permission sets: owner, group, and others. Each set controls three access types: read (4), write (2), and execute (1). The numeric chmod value sums the granted permissions for each set. For example, 7 = read+write+execute, 5 = read+execute, 4 = read-only, 0 = no access. The three digits represent owner, group, and others in order.
What does chmod 777 mean and is it safe?
chmod 777 grants read, write, and execute permissions to everyone on the system. This is almost never safe in production because any user or process can modify or execute the file. Use it only for temporary debugging on isolated development machines. For production, use 755 for directories/executables and 644 for regular files.