DevKraken

chmod Calculator

By · Updated

Toggle the boxes, or type an octal (e.g. 755) or symbolic value (e.g. rwxr-xr-x). The three views stay in sync. No data leaves your browser.

Calculator

Permission bits
Who Read (r) Write (w) Execute (x)
Owner (user)
Group
Public (others)

Quick presets

$ chmod 755 path/to/file

Common chmod values

The handful of values you'll actually type at the command line. Click a row to load it above.

Octal Symbolic Use case
rwxr-xr-x Executables & directories Owner can read, write, and execute. Group and others can read and execute. The standard for binaries, scripts, and traversable directories.
rw-r--r-- Regular files Owner can read and write. Group and others can only read. The default for source files, configs, and static assets in most deployments.
rw------- Private files Only the owner can read and write. Required for SSH private keys (~/.ssh/id_*) — sshd refuses to use keys with looser permissions.
rwx------ Private directories Only the owner can read, write, and enter. Used for ~/.ssh, ~/.gnupg, and other directories holding sensitive material.
rwxrwxrwx World-writable (avoid) Everyone can read, write, and execute. Almost always a bug — a hint that the underlying user/group setup is wrong. Real fix is usually 775 with the right group ownership.
rwxrwxr-x Group-collaborative Owner and group can read, write, and execute; others can read and execute. Useful for shared directories where a Unix group represents the team.

How chmod permissions work

Every file on a Unix-like system has three permission bits — read, write, and execute — set separately for three audiences: the file's owner, members of its group, and everyone else (public). That's nine bits total.

The octal form packs each audience's three bits into a single digit using read = 4, write = 2, execute = 1. Sum the bits you want and you get the digit: read + write + execute = 7, read + execute = 5, read + write = 6, and so on. Three digits give you the full mode — 755 is owner=7, group=5, public=5.

The symbolic form spells out the same nine bits as rwxr-xr-x — a dash means the bit is off. It is easier to read for humans; the octal form is shorter to type. Both produce the same chmod command and the same on-disk permissions.

Permissions describe what can be done; ownership decides who the rules apply to. For finer control beyond the three audiences covered here, see my notes on POSIX ACLs on Arch Linux, which let you grant per-user permissions without resorting to chmod 777.

Symbolic operator form

The u+x, g-w, o=r form is great when you only want to flip one bit and don't feel like recalculating the full octal. Audience letters: u = user/owner, g = group, o = others, a = all. Operators: + adds, - removes, = sets exactly.

Command What it does
chmod u+x file.sh Give the owner execute permission, leave everything else unchanged.
chmod g-w file.txt Remove write permission from the group.
chmod o=r file.txt Set 'others' to exactly read (clears write and execute for them).
chmod a+x file.sh Add execute for all three audiences (owner, group, others). Equivalent to +x.
chmod -R u+rwX,go+rX dir/ Recursive: owner gets rw on files plus x on directories (capital X), group/others get read plus x on directories.

Recursive chmod (chmod -R)

The -R flag walks the tree and applies the same mode to every file and directory. That's a problem when the tree contains both — files generally want 644, directories want 755 (the execute bit on a directory means "you can enter me", not "executable file"). Two safer patterns: 

$ find . -type d -exec chmod 755  +
$ find . -type f -exec chmod 644  +

Or use chmod's capital-X "execute only where it makes sense": 

$ chmod -R u=rwX,go=rX path/

Capital X means "add execute only on directories or files that already have execute somewhere" — the precise rule you want when mixing files and directories under -R.

Special permissions: setuid, setgid, sticky bit

Beyond the nine standard bits, chmod accepts a fourth leading octal digit for three extended modes. You'll see these on system binaries and shared temp directories.

Octal Name What it does
4755 setuid Runs the executable with the file owner's privileges instead of the caller's. Used by /usr/bin/passwd and /usr/bin/sudo. The 4 in the leading position sets the setuid bit; symbolic form is chmod u+s.
2755 setgid (file) On an executable, runs the program with the group's privileges. On a directory, forces new files inside to inherit the directory's group — useful for shared team folders. Symbolic form is chmod g+s.
1777 sticky bit On a world-writable directory (like /tmp), the sticky bit means only the file's owner can delete or rename it, even though everyone can write into the directory. Symbolic form is chmod +t.

Less-common chmod values

Values you'll hit occasionally that aren't worth a quick-set button.

Octal Symbolic Use case
r--r--r-- Read-only for everyone — shared reference files you don't want modified.
rwxr-x--- Owner full access, group can read/execute, public locked out. Common for group-restricted scripts.
rwx--x--x Owner full access; others can traverse the directory but cannot list its contents.
rw-r----- Owner read/write, group read-only, public none. Used for /etc/shadow-style sensitive configs.

Frequently asked

What does chmod 755 mean?
chmod 755 grants the file's owner read, write, and execute permission (7 = 4+2+1), while the group and everyone else get read and execute only (5 = 4+0+1). It is the default for executable scripts, binaries, and directories that everyone needs to traverse.
What is the difference between chmod 644 and chmod 755?
chmod 644 leaves out the execute bit for everyone: owner read/write, group and others read-only. Use 644 for regular files (HTML, source code, configs) where execution makes no sense. Use 755 for things that need to be run or entered — scripts, binaries, and directories.
Why does SSH require chmod 600 on private keys?
OpenSSH refuses to use a private key that other users on the host can read, because anyone who reads the key can impersonate you. chmod 600 (owner read/write, nobody else) is the loosest permission the SSH client will accept on ~/.ssh/id_* files.
How are octal and symbolic chmod modes related?
Each octal digit is the sum of three bits: read = 4, write = 2, execute = 1. The symbolic form spells out the same nine bits as rwx triplets for owner, group, and others. 755 = rwxr-xr-x, 644 = rw-r--r--, 600 = rw-------.
Is chmod 777 ever the right answer?
Almost never on a real system. 777 means anyone with shell access can rewrite or replace the file, which is rarely what you want. If a process can't read a file, the fix is usually to change the owner/group with chown or to use 775 with a shared Unix group — not to open it to the world.
How do I make a file executable in Linux?
Run chmod +x file to grant execute permission to owner, group, and others, or chmod u+x file to grant it only to the file's owner. Both forms are equivalent to flipping the execute bit in the octal form (for example, 644 becomes 755 with chmod +x).
What does chmod -R do?
The -R (recursive) flag applies the new mode to a directory and every file and subdirectory inside it. Use it carefully — chmod -R 755 mixes file modes with directory modes. The safer pattern for trees with both is find . -type d -exec chmod 755 {} + and find . -type f -exec chmod 644 {} +.
What are setuid, setgid, and the sticky bit?
Special permission bits added as a fourth leading octal digit. Setuid (4xxx, e.g. 4755) runs an executable with the file owner's privileges. Setgid (2xxx) runs with the group's, and on directories forces new files to inherit the directory's group. The sticky bit (1xxx, e.g. 1777 on /tmp) lets users write into a shared directory but only delete their own files.
What is the difference between chmod and chown?
chmod changes a file's permission bits (who can read, write, or execute). chown changes the file's owner and group — the identities the chmod bits apply to. They're complementary: chown decides who you are to the file, chmod decides what you're allowed to do.

Related tools

All tools →