Chmod Calculator,
Linux file permissions made visual.

Field guide

How Linux file permissions work.

Every file and directory on a Linux or Unix system has a set of permission bits that control who can read, write to, or execute it. These permissions are split across three categories of users: the owner (the user who created the file), thegroup (a named group of users the owner assigns), andothers (everyone else on the system).

For each category, there are three independent permission bits:

• Read (r = 4) — For files: can open and view the contents. For directories: can list the directory contents withls.
• Write (w = 2) — For files: can modify or delete the file. For directories: can create, rename, and delete files within that directory (requires execute too).
• Execute (x = 1) — For files: can run the file as a program. For directories: can enter the directory withcd and access files inside it.

Octal notation

The numeric (octal) mode represents each category as a single digit from 0 to 7. The digit is computed by summing the bit values for the active permissions:

The three-digit octal mode (e.g., 755) represents owner, group, and others in that order. So 755 means: owner can read, write, and execute (7); group and others can read and execute (5 and 5).

Symbolic notation

Symbolic notation shows the full permission string as 10 characters: the first character is the file type (- for file,d for directory, l for symbolic link), followed by three groups of three characters for owner, group, and others.

Each position shows the permission letter if granted, or a dash if not. rwx = all three, r-x = read and execute but not write, --- = no permissions at all.

The chmod command

The chmod command (short for "change mode") sets the permission bits on a file or directory. It accepts either numeric or symbolic format:

The -R flag applies the change recursively to all files and subdirectories. Be careful with recursive chmod — it applies the same permission to both files and directories, which is often wrong. Directories typically need the execute bit to be traversable, while regular files usually do not need it.

Common permission patterns

• 755 — The standard for web server files and executables. Owner can do everything; group and others can read and execute but not write.
• 644 — The standard for regular files (HTML, CSS, text). Owner can read and write; everyone else can only read.
• 600 — Private files such as SSH private keys. Only the owner can read and write; no one else has any access.
• 700 — Private directories. Only the owner can enter and modify the directory.
• 775 — Group-writable directories. Useful for collaborative environments where a group needs to share and modify files.
• 777 — All permissions for everyone. Never use this on production servers — it is a serious security risk because any user on the system can modify or execute the file.

The execute bit on directories

The execute bit has a special meaning on directories. Without it, even if a user has read permission for a directory, they cannot access any files inside it. Think of it as the "traverse" or "search" permission: it allows cd, file access, and stat calls within the directory. This is why directories almost always have the execute bit set — 755 instead of 644.

Special permission bits

Beyond the standard nine permission bits, there are three special bits (not covered by this calculator) that have system-level effects:

• Setuid (4000) — When set on an executable file, it runs with the owner's privileges instead of the caller's. Used by /usr/bin/passwd to let ordinary users change their own passwords (which requires writing to a root-owned file).
• Setgid (2000) — On files: runs with the group's privileges. On directories: new files created inside inherit the directory's group instead of the creator's primary group.
• Sticky bit (1000) — On directories (notably/tmp): only the file's owner can delete or rename it, even if others have write permission to the directory.