{ sniptools }
Utilities

Chmod Calculator

Calculate Unix file permissions with an interactive grid

ReadWriteExecute
Owner
Group
Other
Numeric 511
Symbolic r-x--x--x
Common presets

What is Chmod?

chmod (change mode) is a Unix command that sets the access permissions on files and directories, controlling who can read, write, or execute them. The Unix permission model divides access into three scopes: the file owner (user), the file group, and everyone else (others). For each scope, three permission bits determine access: read (r) allows viewing the contents, write (w) allows modifying them, and execute (x) allows running the file as a program or entering a directory.

These nine permission bits (3 scopes x 3 permissions) are most commonly represented as a three-digit octal number, where each digit encodes the permissions for one scope. Read is worth 4, write is worth 2, and execute is worth 1, so a digit of 7 (4+2+1) grants full access while 0 grants none. The number 755 therefore means the owner has full access (7), while group and others can only read and execute (5 each). This compact representation is why you see chmod 644, chmod 755, and chmod 600 throughout deployment scripts, Dockerfiles, and server administration guides.

The alternative symbolic notation (rwxr-xr-x) spells out each permission explicitly and is used in ls -l output. While more readable, most developers and scripts use the numeric form because it sets all permissions in a single, unambiguous value. Understanding both notations is essential for any developer who deploys to Unix-based servers, writes Dockerfiles, or configures CI/CD pipelines.

How it works

The Unix kernel stores file permissions as a bitmask in the file inode metadata. The nine standard permission bits occupy positions 0 through 8 of this mask, with bits 0-2 controlling others, 3-5 controlling group, and 6-8 controlling owner. When a process attempts to access a file, the kernel checks the process effective user ID and group memberships against the file owner and group, selects the appropriate scope (owner, group, or others), and tests the relevant permission bits.

The octal representation maps directly to this binary structure. Each octal digit represents exactly three bits: the digit 7 is binary 111 (all permissions on), 5 is 101 (read and execute), 4 is 100 (read only), and 0 is 000 (no access). This is why the numeric form is always three digits for standard permissions — each digit independently encodes one scope with no ambiguity. An optional leading digit (e.g., 1755 or 4755) encodes the special permission bits: setuid (4), setgid (2), and sticky bit (1).

The interactive calculator in this tool lets you toggle individual permission checkboxes in a 3x3 grid (owner/group/others rows by read/write/execute columns) and instantly see both the numeric and symbolic representations update. Conversely, typing a numeric mode like 644 sets the checkboxes to match, making it easy to visualize what any given permission value actually permits. Common presets are provided for frequently used configurations so you do not need to memorize the numbers.

How to use this tool

  1. Use the interactive permission grid to click checkboxes for each combination of scope (owner, group, others) and permission (read, write, execute). The numeric and symbolic representations update immediately as you toggle each box.
  2. Alternatively, type a numeric mode (e.g., 755) into the octal input field and the grid checkboxes will update to reflect that permission set visually.
  3. Use the quick preset buttons (644, 755, 600, 777, etc.) to instantly load common permission configurations without clicking individual checkboxes.
  4. Review both the numeric output (for use in chmod commands and scripts) and the symbolic output (to verify the permissions match your intent in human-readable form).
  5. Copy the generated chmod command (e.g., chmod 755 filename) and run it in your terminal, or use the numeric value directly in Dockerfile RUN instructions, Ansible playbooks, or CI/CD scripts.

Examples

Setting permissions for a web server deployment

Web server files typically need 644 (owner reads and writes, everyone else reads only) for static assets like HTML, CSS, and images, and 755 for directories (execute on a directory means the ability to list its contents and traverse into it). The web server process usually runs as the file owner or a member of the file group.

Securing SSH private keys

SSH requires private keys to have mode 600 (owner can read and write, no access for anyone else) or 400 (owner read-only). Use the calculator to confirm 600 is rw------- — the key file is completely invisible to other system users, which prevents SSH from refusing to use the key due to overly permissive access.

Making a deployment script executable

After writing a deploy.sh script, you need to make it executable. Set permissions to 755 (rwxr-xr-x) so the owner can run and modify it while team members (group) and CI runners (others) can execute but not alter the script. The calculator confirms exactly which scope can do what before you apply the change.

Dockerfile COPY with explicit permissions

In a Dockerfile, COPY --chmod=644 config.json /app/ sets permissions at build time. Use the calculator to verify 644 means the application user (owner) can read and write the config, while the container runtime group and other processes can only read it — no write access that could allow config tampering.

About this tool

Use the interactive permission grid to set owner, group, and other permissions, and see the numeric (e.g. 755) and symbolic (e.g. rwxr-xr-x) representations update in real time. Enter a numeric mode to set checkboxes, or use common presets.

Common use cases

  • Setting correct permissions for deployment scripts, SSH keys, or web server files
  • Understanding what an existing numeric permission (like 755 or 644) actually means
  • Generating chmod commands for Dockerfiles, CI scripts, or setup documentation
  • Learning Unix file permission concepts with interactive visual feedback

Frequently asked questions

What does chmod 755 mean?
The number 755 breaks down as: owner can read, write, and execute (7 = 4+2+1); group can read and execute (5 = 4+1); others can read and execute (5 = 4+1). This is the standard permission for executable scripts and public directories.
What is the difference between numeric and symbolic chmod notation?
Numeric notation (e.g., 755) sets all permissions at once using octal numbers. Symbolic notation (e.g., u+x, g-w) modifies specific permissions relative to the current state. This tool shows both so you can use whichever is more convenient.
What permissions should I use for common files?
644 (rw-r--r--) is standard for regular files. 755 (rwxr-xr-x) is for executable scripts and directories. 600 (rw-------) is for private files like SSH keys. 400 (r--------) is for read-only sensitive files.
What is the sticky bit, setuid, and setgid?
These are special permission bits beyond the standard rwx. Setuid (4xxx) runs a file as the file owner rather than the calling user — used by programs like passwd. Setgid (2xxx) runs as the file group or makes new files in a directory inherit the directory group. Sticky bit (1xxx) on a directory prevents users from deleting files they do not own — used on /tmp. This tool focuses on the standard 3-digit permissions that cover most everyday use cases.
Why does SSH reject my key file even though I can read it?
SSH requires private key files to have permissions 600 (rw-------) or 400 (r--------). If group or others have any access, SSH refuses the key with "Permissions 0644 for id_rsa are too open." Use chmod 600 ~/.ssh/id_rsa to fix it. This is a deliberate security measure to prevent other users on the system from reading your private key.
Do chmod permissions work the same on macOS and Linux?
The basic numeric and symbolic chmod syntax works identically on both macOS (BSD-based) and Linux. However, macOS also has extended attributes (xattr) and ACLs that can override POSIX permissions. Linux supports ACLs and SELinux or AppArmor contexts as additional permission layers. For most development tasks, the standard chmod values behave the same on both platforms.