Team
other

Chmod Calculator

File permissions in Unix and Linux control who can read, write, and execute files. The chmod command modifies these permissions using either symbolic notation (rwx) or octal codes (755). This calculator translates between formats, decodes mysterious permission numbers, and clarifies how setuid, setgid, and sticky bits affect system security and file access.

Last updated:

Creators Jasmine J. Mah, BSc
5,704 people find this calculator helpful

Understanding chmod and File Permissions

Every file and directory in Unix-like systems has three permission layers: owner (the user who created it), group (a set of users), and others (everyone else). Each layer can grant or deny three actions: read (r), write (w), and execute (x).

The chmod commandβ€”short for "change mode"β€”adjusts these permissions. You can express permissions symbolically as rwx or numerically as octal digits (0–7). Octal notation emerges because each permission triplet converts to a single digit: read=4, write=2, execute=1. Adding these values gives the octal digit for that class.

For example, rwx (all permissions) = 4+2+1 = 7. A typical permission like 755 breaks down as:

  • Owner: 7 (rwx β€” full control)
  • Group: 5 (r-x β€” read and execute only)
  • Others: 5 (r-x β€” read and execute only)

Permission Calculation Formula

Each permission class gets a digit based on the sum of its active permissions. The binary breakdown for any class is:

Permission Digit = (Read Γ— 4) + (Write Γ— 2) + (Execute Γ— 1)

Chmod Octal = (Owner Digit Γ— 100) + (Group Digit Γ— 10) + (Others Digit)

  • Read β€” Permission to view or list file content (value: 4)
  • Write β€” Permission to modify or delete a file (value: 2)
  • Execute β€” Permission to run a file or enter a directory (value: 1)
  • Owner Digit β€” Sum of owner permissions (0–7)
  • Group Digit β€” Sum of group permissions (0–7)
  • Others Digit β€” Sum of others permissions (0–7)

Special Permission Modes: Setuid, Setgid, and Sticky Bit

A fourth leading digit in chmod notation (e.g., 4755 instead of 755) activates special modes. This digit itself breaks down as:

  • Setuid (4xxx) β€” When set on an executable file, the program runs with the owner's privileges, not the executor's. Commonly used for password-changing utilities.
  • Setgid (2xxx) β€” An executable runs with the group's privileges. On a directory, newly created files inherit the directory's group.
  • Sticky Bit (1xxx) β€” Typically applied to shared directories like /tmp. Only the file owner (or root) can delete files within it, preventing accidental or malicious removal of others' files.

These modes require careful administration since they bypass normal permission checks and can create security vulnerabilities if misused.

Common Chmod Mistakes and Best Practices

Avoid these frequent pitfalls when setting file permissions:

  1. Over-permissive defaults β€” Using <code>777</code> on files grants execute permission to everyone, which is rarely necessary and creates security gaps. Most files only need <code>644</code> (owner reads/writes, group and others read). Reserve execute only for actual scripts and binaries.
  2. Confusion with symbolic shortcuts β€” Symbols like <code>u+x</code> add permissions incrementally, while octal notation replaces them entirely. <code>chmod u+x file</code> preserves existing group and other permissions; <code>chmod 700 file</code> removes all group and other access. The method you choose depends on whether you're fine-tuning or resetting.
  3. Special bits on regular files β€” Setuid and setgid on non-executable files are ignored by most systems. Ensure you're applying these modes only to scripts or binaries where privilege escalation is intentional. Always test thoroughly in a non-production environment first.
  4. Directory vs. file execute permission β€” Execute permission on a directory means "can enter it," not "can run it." To list directory contents, users need both read (4) and execute (1) permissions, totaling 5. Forgetting execute permission locks users out even if they can technically read.

Common Chmod Examples in Practice

Understanding typical permission schemes helps prevent mistakes:

  • 644 on files β€” Owner can read and write; group and others read only. Standard for documents, config files, and non-executable data.
  • 755 on directories and scripts β€” Owner has full access; everyone else can read and execute (enter the directory or run the script) but cannot modify.
  • 600 on sensitive files β€” Owner only. Used for SSH keys, password files, and private credentials. No group or other access whatsoever.
  • 4755 on setuid binaries β€” The program runs as the owner (usually root), allowing unprivileged users to perform restricted tasks like changing passwords. Example: /usr/bin/passwd.
  • 1777 on shared directories β€” Everyone can create files, but only the owner can delete theirs. Applied to /tmp and similar shared spaces.

Frequently Asked Questions

What does chmod 755 mean exactly?

Chmod 755 grants read, write, and execute to the owner (7), and read and execute only to both group and others (both 5). In symbolic form, this is <code>rwxr-xr-x</code>. It's the standard permission for executable files and directories you want others to use but not modify. The owner maintains full control while group members and outsiders can access and run the file without altering it.

Why should I avoid chmod 777?

Chmod 777 grants full read, write, and execute permissions to everyone. While convenient during testing, it creates serious security risks in production. Any user or malicious process can modify, delete, or corrupt your files. Additionally, making regular files executable (777) is usually unnecessary and increases attack surface. Use the principle of least privilege: grant only the permissions actually needed for your workflow.

What's the difference between symbolic and octal chmod notation?

Octal notation (e.g., <code>755</code>) replaces all permissions at once, while symbolic notation (e.g., <code>u+rwx,g-w,o-w</code>) modifies specific permissions relative to existing ones. Octal is faster for setting known states; symbolic is useful for fine-tuning without knowing current permissions. Both achieve the same result but take different paths.

How do I make a file executable for the owner only?

Use <code>chmod 700 file</code> (octal) or <code>chmod u=rwx,go= file</code> (symbolic). The 7 gives the owner read, write, and execute; the two 0s remove all permissions for group and others. This is ideal for sensitive scripts you want to run yourself without exposing them to other users on the system.

What does the sticky bit do on a directory?

The sticky bit (1xxx) restricts deletion rights within a directory. Only the file owner, directory owner, or root can delete files, even if others have write access. It's essential on shared directories like <code>/tmp</code> to prevent users from accidentally or maliciously removing each other's temporary files. Without it, any user with write permission could delete everything.

Can I use chmod to change file ownership?

No. Chmod only modifies permissions (read, write, execute). To change the owner or group, use <code>chown</code> (change owner) or <code>chgrp</code> (change group). You typically need root or sudo privileges for both commands. Chmod changes who has access; chown and chgrp define who "owns" the file in the first place.

other
Poker Odds Calculator
other
RAID Calculator

More other calculators (see all)

Frames to Timecode Calculator Engagement Rate Calculator Witcher Monster Slayer Calculator Resolution Scale Calculator Carat Weight Calculator Sentence Case Converter Rounds Per Minute Calculator Diamond Carat Calculator