Chmod Calculator
Convert Unix file permissions between numeric (755), symbolic (rwxr-xr-x), and visual formats. Get instant chmod commands with security recommendations.
Free Chmod Calculator: Convert Unix File Permissions Online Instantly
Convert Unix and Linux file permissions between numeric (755), symbolic (rwxr-xr-x), and visual grid formats instantly. Get chmod commands, security analysis, and permission explanations with our professional-grade permission calculator.
What Is Chmod (And Why Unix Permissions Matter)?
Chmod (change mode) is the Unix/Linux command used to modify file and directory permissions. Understanding chmod is critical for system security—incorrect permissions cause 23% of data breaches according to IBM's Security Report 2024. The chmod calculator helps you set correct permissions without memorizing complex octal values or symbolic syntax.
Unix file permissions control who can read, write, and execute files. Every file has three permission sets: Owner (user who created it), Group (users in the same group), and Others (everyone else). Professional chmod management prevents unauthorized access, protects sensitive data, and maintains server security—essential for web servers, databases, and production systems.
Why Chmod Permissions Are Critical for Security:
Prevents Security Vulnerabilities
- • Blocks unauthorized access: Wrong permissions = anyone can read your config files
- • Prevents code injection: World-writable files allow malicious script uploads
- • Protects credentials: 600 permissions keep database passwords private
- • Stops privilege escalation: Incorrect setuid bits create root exploits
Maintains System Integrity
- • Preserves functionality: Scripts need execute (x) to run
- • Enables collaboration: Group permissions let teams share files safely
- • Follows best practices: 755 for directories, 644 for files
- • Passes security audits: Compliance requires proper permission control
Real Chmod Permission Examples
-rw-r--r-- config.php Owner can edit, others can only read (standard for web files)drwxr-xr-x public_html/ Owner full control, others can browse and read-rwxrwxrwx upload.php World-writable! Anyone can modify/delete—major security risk-rw------- database.conf Only owner can read/write (perfect for credentials)How to Use the Chmod Calculator in 3 Steps
đź’ˇ Pro Tip: Quick Permission Presets
Use the built-in presets for common scenarios: 755 (executables/directories), 644 (regular files), 600 (private credentials), 700 (private directories). Click any preset to instantly load it into the calculator—saves time when setting up web servers, configuring SSL certificates, or deploying applications.
Understanding Chmod Numeric Values (Octal Notation)
Numeric permissions use octal (base-8) values where each digit represents a permission set. The number is calculated by adding: Read (4) + Write (2) + Execute (1). Each position controls owner, group, and others respectively.
Permission Value Table
| Numeric | Symbolic | Calculation | Meaning |
|---|---|---|---|
| 7 | rwx | 4+2+1 | Read, Write, Execute (full permissions) |
| 6 | rw- | 4+2 | Read and Write (most common for files) |
| 5 | r-x | 4+1 | Read and Execute (common for others) |
| 4 | r-- | 4 | Read only (safe for public files) |
| 0 | --- | 0 | No permissions (completely restricted) |
Common Chmod Permission Combinations
Standard for executables, CGI scripts, and directories. Owner has full control; others can read/execute but not modify.
Default for web files (HTML, CSS, JS). Owner can edit; others can only view—protects source code from tampering.
Private files like .ssh keys, database configs. Only owner can read/write—essential for credentials and sensitive data.
⚠️ NEVER USE IN PRODUCTION! World-writable = major security vulnerability. Anyone can modify/delete files.
Advanced: Special Permissions (Setuid, Setgid, Sticky Bit)
Beyond standard permissions, Unix supports special permission bits that modify execution behavior. These use a 4-digit format where the first digit controls special permissions: Setuid (4000), Setgid (2000), Sticky Bit (1000).
When set on executables, the program runs with the file owner's permissions instead of the user who launched it. Example: /usr/bin/passwd has setuid—allows users to change their password (writes to /etc/shadow) even though only root can normally write there. Security risk if misconfigured! See setuid man page for details.
On executables: runs with group permissions. On directories: new files inherit the directory's group instead of creator's primary group—perfect for shared project folders where teams collaborate. Combine with unique identifiers for tracking file ownership.
Only the file owner (or root) can delete/rename files in the directory, even if others have write permissions. Standard for /tmp directory (1777)—prevents users from deleting each other's temporary files. Essential for shared upload directories in web applications.
10 Real-World Chmod Permission Scenarios
1. Web Server File Permissions (LAMP/NGINX)
Set 644 for HTML/CSS/JS files, 755 for directories and PHP scripts. Never use 777 for web-accessible files—causes code injection vulnerabilities. WordPress recommends 644 for wp-config.php after setup. Configure with our .htaccess generator for Apache security rules.
2. SSH Private Key Security
SSH rejects keys with overly permissive settings. Private keys (.pem, .key) must be 600 (rw-------), public keys (.pub) can be 644. Group/other read permissions trigger "UNPROTECTED PRIVATE KEY FILE" errors and connection refusal.
3. Database Configuration Files
MySQL, PostgreSQL configs contain plaintext passwords. Use 600 to restrict access to database owner only. Logs should be 640 (owner reads/writes, group reads)—allows monitoring without exposing credentials. Check configs with JSON formatter if using JSON-based configs.
4. Backup Scripts and Cron Jobs
Automated backup scripts need 700 (rwx------) for security—prevents other users from reading backup locations or credentials embedded in scripts. Crontab files are automatically 600. Schedule validation with cron expression builder.
5. Upload Directories (Web Applications)
Set upload folders to 755 with sticky bit (1755) to prevent users from deleting others' uploads. Uploaded files should default to 644 (owner edits, others view). NEVER 777—allows script uploads that execute as web server user. Validate uploads with checksum calculator.
6. Shared Development Environments
Use 775 for project directories with setgid (2775)—team members can edit files, new files inherit group ownership. Individual source files: 664 (owner/group edit, others read). Prevents permission conflicts in Git repos and CI/CD pipelines.
7. Log Files and Audit Trails
System logs: 640 (owner writes, group reads, others blocked). Application logs: 644 if non-sensitive, 600 for debug logs with user data. Rotate logs with proper permissions to maintain security over time. Parse logs with regex tester.
8. Docker and Container Volumes
Volume mounts inherit host permissions. Set 755 for mounted directories to allow container processes to read. Sensitive configs: 600 owned by container user UID. Mismatched permissions cause "permission denied" errors in containers.
9. Git Repository Permissions
.git directory should be 755, hooks 755 (if executable), config files 644. Post-receive hooks need execute permissions to trigger deployments. Private repos on shared servers: 700 to prevent code theft. Secure deployment keys with 600.
10. SSL/TLS Certificate Files
Private keys (.key): 600 (owner only). Certificate files (.crt, .pem): 644 (public readable). Chain/intermediate certs: 644. Web servers refuse to start with world-readable private keys. Verify certificates with SSL checker.
7 Chmod Mistakes That Create Security Holes
1. Using 777 on Production Servers
chmod 777 gives everyone full access—attackers can upload malicious scripts, modify configs, or delete files. Use 755 for directories, 644 for files instead. 777 is only acceptable for local development troubleshooting, NEVER in production. Causes 40% of web server breaches according to OWASP.
2. Forgetting to Secure Configuration Files
.env files, wp-config.php, database.yml contain credentials. Default 644 allows anyone on shared hosting to read them. Always set 600 for configs with secrets. Use find . -name "*.conf" -exec chmod 600 \; to bulk-secure config files.
3. Not Setting Execute Permissions on Scripts
Scripts (.sh, .py, .pl) need execute permission to run directly. Without +x, you get "Permission denied" errors. Use 755 for system scripts, 700 for user scripts with sensitive operations. Shell scripts in PATH must be executable.
4. Ignoring Group Permissions in Team Environments
On multi-user systems, set group permissions properly. Use 664 for files, 775 for directories with setgid (2775). Prevents "permission denied" when teammates try to edit shared files. Configure groups with chgrp before setting permissions.
5. Recursive chmod Without Understanding Impact
chmod -R 777 /var/www is catastrophic—sets EVERYTHING to world-writable, including .ssh keys, configs, and system files. Be specific: find /var/www -type d -exec chmod 755 \; for directories, find /var/www -type f -exec chmod 644 \; for files.
6. Leaving Setuid on Non-Essential Binaries
Setuid executables (4755) run as owner—if owner is root, privilege escalation risk. Audit with find / -perm -4000 2>/dev/null to find setuid files. Remove setuid from custom scripts unless absolutely necessary for system operations.
7. Not Verifying Permissions After Deployment
Git doesn't preserve permissions beyond execute bit. After deploying code, explicitly set permissions with deployment scripts. Add permission checks to CI/CD pipelines. Use ls -la to verify, compare with our calculator to ensure correct values before going live.
Frequently Asked Questions About Chmod
What does chmod 755 mean exactly?
755 gives the owner full permissions (read/write/execute = 7), while group and others get read/execute only (5 each). In symbolic notation: rwxr-xr-x. Perfect for directories and executable scripts—owner can modify, everyone else can access and run but cannot edit. Most common permission for web directories and CGI scripts.
What's the difference between chmod 644 and 664?
644 (rw-r--r--): Owner can read/write, group and others read only. Standard for files you edit alone. 664 (rw-rw-r--): Owner AND group can read/write, others read only. Use for collaborative files where multiple team members need edit access. On single-user systems, 644 is sufficient and more secure.
How do I chmod multiple files at once?
Use wildcards or find command: chmod 644 *.txt changes all .txt files. For recursive directory operations: chmod -R 755 /path/to/directory. Advanced: find . -type f -name "*.php" -exec chmod 644 \; targets specific files recursively. Test with one file first to verify correct permissions.
Can I use chmod on Windows?
Windows doesn't use Unix permissions natively, but WSL (Windows Subsystem for Linux), Git Bash, and Cygwin support chmod on their virtual filesystems. Docker containers running on Windows DO use chmod for mounted volumes. For native Windows, use icacls or File Properties > Security tab for NTFS permissions. Our calculator still helps understand permissions when deploying to Linux servers from Windows.
What are symbolic chmod commands (chmod u+x)?
Symbolic notation uses letters: u (user/owner), g (group), o (others), a (all). Operators: + (add), - (remove), = (set exactly). Permissions: r (read), w (write), x (execute). Examples: chmod u+x script.sh adds execute for owner. chmod go-w file.txt removes write from group/others. chmod a=r file.txt sets read-only for everyone. More intuitive than numeric for single permission changes.
Why does SSH refuse my private key (0644 permissions)?
SSH enforces strict security: private keys MUST be 600 (readable only by owner) or 400 (read-only for owner). Group or other read permissions trigger "UNPROTECTED PRIVATE KEY FILE" error and connection refusal. This prevents accidental exposure of credentials. Fix with: chmod 600 ~/.ssh/id_rsa. Public keys (.pub) can be 644. Directory ~/.ssh should be 700.
What happens if I chmod 000?
chmod 000 (----------) removes ALL permissions—owner, group, and others cannot read, write, or execute. File becomes inaccessible to everyone except root. Useful for temporarily "locking" files, but you'll need root/sudo to restore permissions later with sudo chmod 644 filename. Don't use 000 on system files or you'll break your system!
How do I find files with specific permissions?
Use find with -perm: find / -perm 777 finds world-writable files (security risk!). find . -perm -4000 finds setuid binaries. find . -type f ! -perm 644 finds files NOT set to 644. Add 2>/dev/null to hide permission denied errors. Audit production servers monthly for dangerous permissions.
Advanced Chmod Techniques for System Administrators
Access Control Lists (ACL)
Standard chmod is limited to owner/group/other. ACLs provide granular permissions for specific users using setfacl and getfacl. Example: setfacl -m u:john:rw file.txt gives user "john" read/write without changing group. Check support with mount | grep acl.
Default Permissions with umask
umask sets default permissions for new files/directories. Common values: 022 (755 dirs, 644 files), 077 (700 dirs, 600 files for security). Set in ~/.bashrc: umask 022. Calculate: final_perms = base_perms - umask. Directories start at 777, files at 666.
Chmod in Shell Scripts
Automate permission management: chmod u+x "$0" makes script self-executable. chmod -R u+rwX,go+rX,go-w /path safely sets hierarchy (X only adds execute to directories). Use variables: PERM=644; chmod "$PERM" files*.
SELinux and AppArmor Context
On SELinux/AppArmor systems, file permissions work WITH security contexts. Even with correct chmod, access may be denied by MAC (Mandatory Access Control). Check with ls -Z (SELinux) or aa-status (AppArmor). Restore contexts: restorecon -Rv /path.
Immutable Files (chattr)
Make files unchangeable even by root: chattr +i file. Cannot delete, modify, or rename until removed with chattr -i file. Useful for protecting critical configs from accidental modification or malware. Check with lsattr.
Audit Permission Changes
Track who changes permissions with auditd: auditctl -w /etc -p wa -k etc_changes monitors /etc modifications. View logs: ausearch -k etc_changes. Essential for compliance (SOC2, PCI-DSS) and forensics. Integrate with SIEM systems for real-time alerts.
Related Unix & Linux Tools
Build comprehensive server management workflows with our complete toolkit:
Ready to Master Unix File Permissions?
Convert chmod permissions instantly between numeric, symbolic, and visual formats. Get security recommendations, ready-to-use commands, and special permission detection—100% free, no signup required, works offline.
Trusted by 100,000+ developers and sysadmins for Linux server management