Complete chmod Calculator Guide: Linux File Permissions Explained (2026)

chmod (short for "change mode") is a Linux and Unix command that modifies the access permissions of files and directories. Every file in a Linux system has three types of permissions assigned to three categories of users, creating a 9-bit permission matrix that controls all file access.

The Three Permission Types

• Read (r): Permission to view the contents of a file, or list the contents of a directory. Represented by the number 4 in octal notation.
• Write (w): Permission to modify or delete a file, or add/remove files within a directory. Represented by the number 2 in octal notation.
• Execute (x): Permission to run a file as a program or script, or access (cd into) a directory. Represented by the number 1 in octal notation.

The Three User Categories

• Owner (u): The user who created the file. Usually has the most permissions.
• Group (g): Users who belong to the file's assigned group. Useful for team access control.
• Others (o): Everyone else on the system who is not the owner and not in the group.

When you run ls -la in a terminal, you see permissions displayed as a 10-character string like -rwxr-xr-x. The first character indicates the file type (- for file, d for directory), followed by three groups of three characters representing owner, group, and others permissions respectively.

The octal (base-8) numbering system is the most common way to express Linux permissions. Each permission type has a numeric value, and you add them together to get a single digit for each user category.

Permission Values

How to Calculate

Add the values of the permissions you want to grant for each user category:

• 7 = Read (4) + Write (2) + Execute (1) = Full access (rwx)
• 6 = Read (4) + Write (2) = Read and write (rw-)
• 5 = Read (4) + Execute (1) = Read and execute (r-x)
• 4 = Read only (r--)
• 3 = Write (2) + Execute (1) = Write and execute (-wx)
• 2 = Write only (-w-)
• 1 = Execute only (--x)
• 0 = No permissions (---)

So chmod 755 means: Owner gets 7 (rwx), Group gets 5 (r-x), Others get 5 (r-x). This is the most common permission for web directories and executable scripts — the owner can do everything, while everyone else can read and execute but not modify.

Here are the most commonly used permission combinations and when to use each one. Bookmark this table for quick reference when managing your servers.

Our interactive chmod calculator makes it easy to determine the right permissions without memorizing octal values. Here is how to use it:

1. Toggle permission checkboxes — Click the read (r), write (w), and execute (x) boxes for Owner, Group, and Others. Each checkbox lights up when active, and the corresponding letter appears.
2. Read the octal value — The three-digit octal number updates in real-time as you toggle permissions. The large display shows the complete value (e.g., 755).
3. Check symbolic notation — Below the octal value, you will see the symbolic representation (e.g., rwxr-xr-x) for verification.
4. Copy the chmod command — Click the copy button next to chmod 755 filename to copy the ready-to-paste terminal command.
5. Use presets for quick setup — Click any common permission preset (755, 644, 700, etc.) in the reference section to instantly set all checkboxes.

Reverse Lookup: Octal to Permissions

You can also type an octal value directly into the input field. The checkboxes will automatically update to show which permissions that value represents. This is useful when you encounter an unfamiliar permission value in a script or configuration file and want to understand what access it grants.

While the same octal numbers are used for both files and directories, the permissions have subtly different effects depending on the target type.

How Permissions Differ

Important Implications

A directory without execute permission is effectively locked — even if a user has read permission, they cannot cd into it or access files within it by path. This is why directories almost always need the execute bit set (e.g., 755) while files usually do not (e.g., 644).

Conversely, a directory with write permission but without the "sticky bit" allows any user with write access to delete other users' files within it. This is why the /tmp directory uses 1777 (the leading 1 is the sticky bit) — everyone can create files, but only the file owner can delete their own files.

• Never use 777 in production: chmod 777 gives everyone full access to read, write, and execute. This is the most common security mistake on Linux servers. If a web application has 777 permissions, any compromised service on the system can modify your files.
• Use the principle of least privilege: Grant only the minimum permissions needed. If a file only needs to be read by the web server, use 644 — not 755. If only the owner needs access, use 600 — not 644.
• Protect sensitive files with 600 or 400: Database credentials, API keys, .env files, and SSH private keys should never be world-readable. Use chmod 600 .env and chmod 400 ~/.ssh/id_rsa.
• Set proper web server ownership: Use chown www-data:www-data (or your web server user) for web files, combined with 755/644 permissions. This ensures the web server can read files without giving write access to others.
• Audit permissions regularly: Run find /var/www -perm -777 -type f to find files with dangerous permissions. Automate this check in your CI/CD pipeline or monitoring system.
• Use groups for team access: Instead of making files world-readable (644), create a group for your team and use 640. This limits access to authorized team members only.
• Be careful with recursive chmod: Running chmod -R 755 / on the root directory can break your entire system. Always double-check the path before using the -R (recursive) flag.

Linux supports two ways to specify permissions with chmod: octal (numeric) and symbolic (letter-based). Both achieve the same result, but each has advantages in different situations.

Octal Notation

Sets all permissions at once with a three-digit number. Best for setting absolute permissions when you know exactly what the final state should be.

chmod 755 myfile.sh     # Set exact permissions
chmod 644 index.html    # Owner rw, others read-only
chmod 600 .env          # Owner only, no one else

Symbolic Notation

Modifies specific permissions using letters and operators (+, -, =). Best for adding or removing individual permissions without affecting others.

chmod u+x script.sh     # Add execute for owner only
chmod g-w config.yml    # Remove write from group
chmod o-rwx secret.key  # Remove all permissions for others
chmod a+r readme.txt    # Add read for all (a = all)
chmod u=rwx,g=rx,o=r file  # Set exact (same as 754)

When to Use Each

Even experienced developers make permission mistakes. Here are the most common ones and how to avoid them:

• Using 777 as a quick fix: When something doesn't work due to permission errors, the temptation is to run chmod 777 and move on. Instead, check which user the process runs as (ps aux | grep process) and grant only the needed permissions to that user.
• Forgetting execute on directories: A directory with 644 (rw-r--r--) is inaccessible because the execute bit is needed to enter directories. Directories should typically be 755, not 644.
• Recursive chmod on wrong path: Running chmod -R 644 /var/www will break all directories (they need execute). Use find to set directories and files separately: find . -type d -exec chmod 755 {} \; and find . -type f -exec chmod 644 {} \;.
• Not setting ownership before permissions: Permissions are meaningless if the wrong user owns the file. Always run chown first, then chmod.
• Ignoring umask defaults: New files inherit permissions from the system umask (usually 022, resulting in 644 for files and 755 for directories). If your files are consistently created with wrong permissions, check your umask setting with umask command.
• Exposing .env and config files: Database passwords, API keys, and secrets in configuration files should always be 600 (owner read/write only). Never leave them at 644 on a shared server.