Chmod Calculator
Calculate Unix/Linux file permissions. Toggle read, write, execute for owner, group, and others.
Set file permissions by toggling checkboxes or entering an octal number like 755.
Use it to turn read, write, and execute choices into the exact chmod command you need.
Octal
755
Symbolic
-rwxr-xr-x
Command
chmod 755 filename
Unix File Permissions: How They Work
Every file and directory on a Unix/Linux system has three sets of permissions: one for the owner, one for the group, and one for everyone else. Each set controls three actions: read (r), write (w), and execute (x). That's 9 permission bits total, which is why chmod uses 3-digit octal numbers, each digit encodes one set.
The number system is elegant: read = 4, write = 2, execute = 1. Add them up for each group. So 7 (4+2+1) means full access, 5 (4+1) means read and execute, 6 (4+2) means read and write. chmod 755 gives the owner full access and everyone else read/execute, the most common permission for web directories and scripts.
Getting permissions wrong causes two kinds of problems: too restrictive (users can't access what they need) or too permissive (security vulnerability). This calculator helps you find the exact permission set for your use case.
Common Permission Patterns
| Octal | Symbolic | Use Case |
|---|---|---|
| 644 | -rw-r--r-- | Standard files (HTML, CSS, images, configs) |
| 755 | -rwxr-xr-x | Directories, executable scripts, web root folders |
| 600 | -rw------- | SSH keys, .env files, private credentials |
| 700 | -rwx------ | Private scripts, .ssh directory |
| 775 | -rwxrwxr-x | Shared group directories, deployment folders |
| 444 | -r--r--r-- | Read-only files, system configs you don't want modified |
| 777 | -rwxrwxrwx | AVOID, full access for everyone (security risk) |
What this means for you: 99% of the time you need either 644 (files) or 755 (directories/scripts). If you're reaching for 777, stop, there's almost always a better solution involving group permissions or ACLs.
Permission Mistakes That Cause Real Problems
SSH key too permissive
SSH refuses to use keys with permissions other than 600 or 400. "Permissions 0644 for 'id_rsa' are too open" is one of the most common SSH errors. Fix: chmod 600 ~/.ssh/id_rsa
Web server 403 errors
Nginx/Apache return 403 Forbidden when they can't read files. Usually the web server user needs read access (644 for files, 755 for directories). Check both the file AND every parent directory in the path.
Script won't execute
"Permission denied" when running a script usually means it lacks the execute bit. Fix: chmod +x script.sh (adds execute for everyone) or chmod 755 script.sh (explicit full permission set).
chmod 777 on production
Giving everyone write access to web files means any compromised process can modify your site. This is how many web defacement attacks succeed. Use proper group permissions instead of 777.
Permission Number Quick Reference
| Number | Permission | Binary |
|---|---|---|
| 0 | No access | 000 |
| 1 | Execute only | 001 |
| 2 | Write only | 010 |
| 3 | Write + execute | 011 |
| 4 | Read only | 100 |
| 5 | Read + execute | 101 |
| 6 | Read + write | 110 |
| 7 | Read + write + execute | 111 |
Each digit in a chmod number (e.g., 755) maps to one of these values. The first digit is the owner, second is the group, third is everyone else. So 755 = owner gets 7 (rwx), group gets 5 (r-x), others get 5 (r-x).
Worked Example: Fixing a Static Site Deploy
Aisha deploys a small React site to a Linux server. The browser shows a 403 error for the homepage, while SSH access still works. The web root is /var/www/site.
1. Check the directory path
The web server needs execute permission on every directory it traverses. For public static assets, 755 is usually right for directories.
2. Check ordinary files
HTML, CSS, JS, and images need read permission. They do not need execute permission, so 644 is the usual file value.
3. Avoid the 777 shortcut
777 would hide the symptom but give every local account write access. Fix the owner or group instead.
4. Apply targeted commands
One safe pattern is find /var/www/site -type d -exec chmod 755 {} \;and find /var/www/site -type f -exec chmod 644 {} \;.
Commands to Inspect Permissions
chmod changes permissions, but it is rarely the first command you should run. Inspect the current owner, group, and mode before changing anything, especially on shared servers.
| Command | What it shows | Use it when |
|---|---|---|
| ls -l file | Symbolic mode, owner, group, and size | You need a quick read of one file |
| stat file | Numeric mode such as 0644 plus metadata | You need the exact octal value |
| namei -l path | Permissions for each directory in a path | A web server can read the file but not reach it |
| getfacl file | Access control lists beyond standard chmod bits | Permissions look correct but access still fails |
Special Bits, Umask, and Sticky Directories
setuid, leading 4
On executables, setuid runs the program as the file owner. This is sensitive because a bug in the program may become a privilege escalation. Do not set it unless you know why.
setgid, leading 2
On directories, setgid makes new files inherit the directory group. It is useful for shared deploy folders where several users should write into the same group-owned tree.
sticky bit, leading 1
The sticky bit lets many users write to a directory while stopping them from deleting each other's files. /tmp commonly uses it.
umask defaults
umask decides the default permissions for new files and directories. If new files keep appearing as 600 or 664, check the shell, service, or deployment umask before changing every file after the fact.
Safer chmod Troubleshooting Checklist
- Start with ownership. If the wrong user owns the file, chmod may only mask the real issue. Check
ls -lbefore changing modes. - Separate files from directories. Directories need execute permission to be entered. Ordinary files do not need execute permission unless they are scripts or binaries.
- Keep secrets tighter than web assets. Use 600 for private keys and sensitive config files. Do not copy public web-file defaults onto secrets.
- Be careful with recursive changes.
chmod -Rchanges every nested item. Usefind -type fandfind -type dwhen files and folders need different modes. - Check ACLs and mounts. Network drives, Docker volumes, and ACLs can override what chmod appears to say. If a mode looks right but access still fails, inspect the filesystem context.
Related Tools
How to use this tool
Toggle read, write, execute checkboxes for owner, group, and others
Or enter a 3-digit octal number and click Apply
Copy the chmod command to use in your terminal
Common uses
- Setting correct permissions for web server files
- Fixing SSH key permission errors
- Configuring deployment script permissions
- Understanding and debugging Unix permission issues
Share this tool
Frequently Asked Questions
What is chmod?
What do the numbers mean?
What is a common chmod value?
What does chmod 777 mean?
What's the difference between chmod 644 and 755?
How do I apply chmod recursively to a directory?
What are special permission bits (setuid, setgid, sticky)?
Should directories and files use the same chmod value?
Why does SSH reject my private key?
What should I use instead of chmod 777?
Why can a directory need execute permission?
Results are for general informational purposes only and should be checked before use. They are not professional advice. See our Disclaimer and Terms of Service.