chmod Calculator

Interactive Linux file permissions calculator. Toggle permissions, see octal and symbolic notation live. Everything runs in your browser.

Permissions

Read (4)

Write (2)

Execute (1)

Owner

Group

Other

Special Bits

Octal

Symbolic

-rwxr-xr-x

Command

chmod 755 /path/to/file

ls -l Preview-rwxr-xr-x 1 user group 4096 Feb 9 12:00 file

Common Permissions

Octal	Symbolic	Description
	rwxr-xr-x	Default for directories and executables
	rw-r--r--	Default for regular files
	rwxrwxrwx	Full access for everyone (avoid!)
	rwx------	Owner only — private scripts/dirs
	rw-------	Owner only — private files (SSH keys)
	r--------	Owner read-only (certificates, secrets)
	rwxr-x---	Owner full, group read+exec
	rw-r-----	Owner read/write, group read
	rwxrwxrwt	/tmp — sticky bit, everyone writes
	rwxr-sr-x	setgid — new files inherit group
	rwsr-xr-x	setuid — run as file owner

Umask Calculator

The umask defines which permissions are removed from new files and directories. Result = base mode AND NOT umask.

Umask

New Files (base 666)

644(rw-r--r--)

New Directories (base 777)

755(rwxr-xr-x)

Files	Dirs	Description
644	755	Default — owner rw, group/other read
640	750	No other access
600	700	Owner only — private
664	775	Group writable (shared projects)
660	770	No other access, group full
666	777	No restrictions (avoid!)

What is chmod?

chmod (change mode) is a Unix/Linux command that sets file and directory permissions. Every file has three permission sets: owner (u), group (g), and other (o). Each set can have read (r=4), write (w=2), and execute (x=1) permissions.

Octal vs Symbolic Notation

Octal: Three digits (0-7), each the sum of read (4) + write (2) + execute (1). Example: 755 = owner rwx (7), group r-x (5), other r-x (5).

Symbolic: Nine characters representing rwx for each role. Example: rwxr-xr-x = same as 755.

Special Bits

setuid (4xxx) — When set on an executable, it runs with the file owner's permissions (e.g., /usr/bin/passwd).
setgid (2xxx) — On executables: runs with group permissions. On directories: new files inherit the directory's group.
sticky bit (1xxx) — On directories: only file owners can delete their own files (e.g., /tmp).

Security Best Practices

Never use 777 in production — it allows anyone to read, write, and execute.
SSH keys should be 600 (private) or 644 (public).
Web directories: 755 for dirs, 644 for files.
Scripts: 755 or 700 (if private).
Avoid setuid/setgid unless absolutely necessary — they're common privilege escalation vectors.

Common Commands

# Set permissions (octal)
chmod 755 script.sh
chmod 600 ~/.ssh/id_rsa

# Set permissions (symbolic)
chmod u+x script.sh        # Add execute for owner
chmod g-w file.txt          # Remove write for group
chmod o=r file.txt          # Set other to read-only
chmod a+r file.txt          # Add read for all

# Recursive
chmod -R 755 /var/www/html/

# Find and fix permissions
find /var/www -type d -exec chmod 755 {} \;
find /var/www -type f -exec chmod 644 {} \;

# Show permissions
ls -la file.txt
stat -c "%a %n" file.txt    # Linux (octal)
stat -f "%Lp %N" file.txt   # macOS (octal)

Related Tools & Resources

Systemd Service & Timer Generator

Set file permissions for service files

SSH Config Generator

SSH key files need chmod 600

Runbook: Fix permission-related service failures

Step-by-step troubleshooting guide