Calculate Unix/Linux file permissions and generate a CHMOD value you can use for files and folders in seconds.
Calculate Unix file permissions instantly with the XConvert Chmod Calculator. Convert between symbolic notation (rwxr-xr--) and numeric (octal) notation (754) with a visual, interactive interface. This free, client-side tool runs entirely in your browser — no installation, no server requests, and no data leaves your machine.
Understanding and setting file permissions correctly is one of the most fundamental tasks in Unix and Linux system administration. A single misconfigured permission can lock users out of critical files or, worse, expose sensitive data to unauthorized access. The XConvert Chmod Calculator eliminates guesswork by letting you toggle permissions visually and see the corresponding numeric and symbolic values update in real time.
755) and the symbolic notation (e.g., rwxr-xr-x) in real time. The corresponding chmod command is also displayed, ready to copy.chmod command (e.g., chmod 755 filename) and paste it into your terminal to apply the permissions to your file or directory.You can also work in reverse: enter a numeric value like 644 and the calculator will display the corresponding symbolic permissions and highlight the appropriate checkboxes.
Unix file permissions control who can read, write, and execute a file or directory. Every file on a Unix-like system (Linux, macOS, BSD) has three sets of permissions assigned to three classes of users:
Each class can be granted three types of access: read (r) allows viewing the file's contents or listing a directory's entries; write (w) allows modifying the file or adding/removing files in a directory; execute (x) allows running the file as a program or entering a directory with cd.
Permissions are represented in two common formats. Symbolic notation uses a 9-character string like rwxr-xr--, where each triplet corresponds to owner, group, and others. Numeric (octal) notation uses a 3-digit number where each digit is the sum of read (4), write (2), and execute (1) for each class. For example, rwxr-xr-- translates to 754 because the owner has 4+2+1=7, the group has 4+0+1=5, and others have 4+0+0=4.
Special permissions — setuid (4), setgid (2), and the sticky bit (1) — add a fourth leading digit to the octal notation. The XConvert Chmod Calculator supports these advanced permissions as well.
| Octal Value | Symbolic | Owner | Group | Others | Typical Use |
|---|---|---|---|---|---|
| 777 | rwxrwxrwx | Full | Full | Full | Temporary dev files (avoid in production) |
| 755 | rwxr-xr-x | Full | Read + Execute | Read + Execute | Executable scripts, public directories |
| 750 | rwxr-x--- | Full | Read + Execute | None | Group-shared executables |
| 700 | rwx------ | Full | None | None | Private scripts and directories |
| 644 | rw-r--r-- | Read + Write | Read | Read | Regular files, config files |
| 640 | rw-r----- | Read + Write | Read | None | Group-readable config files |
| 600 | rw------- | Read + Write | None | None | Private keys, sensitive configs |
| 400 | r-------- | Read | None | None | Read-only sensitive files |
Setting Web Server File Permissions — Web servers like Apache and Nginx require specific permissions to serve files. Typically, HTML and CSS files need 644 (owner can edit, everyone can read), while directories need 755 (owner can modify, everyone can enter and list). The Chmod Calculator helps you determine the correct values without memorizing octal codes.
Securing SSH Keys — SSH requires strict permissions on key files. Private keys must be 600 (only the owner can read and write), and the .ssh directory must be 700. Incorrect permissions cause SSH to refuse the key with a "permissions are too open" error.
Configuring Deployment Scripts — Deployment scripts and CI/CD pipelines often need execute permissions. Setting a script to 755 allows the owner to modify it while letting the deployment user execute it. Use the calculator to verify the exact permissions before adding chmod commands to your pipeline.
Troubleshooting "Permission Denied" Errors — When a user or process cannot access a file, the first step is checking permissions. Paste the current permission string (from ls -l output) into the calculator to see exactly which access bits are set and which are missing.
Managing Shared Project Directories — In team environments, project directories often need group write access. Setting a directory to 775 allows group members to create and modify files while keeping others read-only. The setgid bit (2775) ensures new files inherit the directory's group.
Hardening Server Configurations — Security audits frequently flag overly permissive files. The calculator helps you determine the minimum permissions needed for each file, reducing the attack surface without breaking functionality.
Unix permissions are stored as a bitmask in the file's inode. The permission bits occupy 12 bits of the inode's mode field: 9 bits for the standard read/write/execute permissions (3 bits per class) and 3 bits for the special permissions (setuid, setgid, sticky bit). When you run ls -l, the system reads these bits and translates them into the familiar symbolic notation.
The chmod command accepts both symbolic and numeric arguments. Symbolic mode uses operators: + adds a permission, - removes it, and = sets it exactly. For example, chmod g+w file adds write permission for the group, while chmod 644 file sets the permissions to exactly rw-r--r--. Numeric mode is absolute — it replaces all permissions at once — while symbolic mode is relative, modifying only the specified bits.
Directories interpret permissions slightly differently than files. The read bit on a directory allows listing its contents (e.g., with ls), the write bit allows creating or deleting files within it, and the execute bit allows entering the directory (using cd) and accessing files by name. A directory with read but no execute permission lets you list filenames but not access the files themselves — a subtle but important distinction that often causes confusion.
600 for files, 700 for directories) and add access only as required. This follows the principle of least privilege.cd into it or access files within it, even if they have read permission on the files themselves.chmod 1777 /tmp) prevents users from deleting files they do not own, even in world-writable directories.ls -lR or find . -type f -exec ls -l {} \; to audit permissions across an entire directory tree. The calculator helps you interpret each permission string quickly.umask value determines default permissions for new files. Understanding how umask interacts with chmod helps you set consistent permissions across your system.Chmod 755 sets the file permissions to rwxr-xr-x. The owner can read, write, and execute the file. Group members and others can read and execute but cannot modify it. This is the standard permission for executable scripts and public directories.
Symbolic notation uses letters and operators (e.g., chmod u+x file), allowing you to modify specific permission bits without affecting others. Numeric (octal) notation uses a 3- or 4-digit number (e.g., chmod 644 file) that sets all permissions at once. Numeric mode is more concise; symbolic mode is more flexible for targeted changes.
Run ls -l filename in your terminal. The output shows a 10-character string like -rwxr-xr-x. The first character indicates the file type (- for regular file, d for directory), and the remaining 9 characters show the permissions for owner, group, and others.
These are special permission bits. Setuid (4) causes a program to run with the file owner's privileges. Setgid (2) causes a program to run with the file group's privileges, or makes new files in a directory inherit the directory's group. Sticky bit (1) prevents users from deleting files they do not own in a shared directory.
SSH requires private key files to have permissions of 600 or stricter (only the owner can read and write). If the group or others have any access, SSH considers the key compromised and refuses to use it. Run chmod 600 ~/.ssh/id_rsa to fix this.
Yes. macOS is built on a Unix foundation (Darwin/BSD), and the chmod command works the same way as on Linux. The XConvert Chmod Calculator generates commands compatible with both Linux and macOS.
A common secure configuration is 644 for files (owner reads and writes, everyone else reads) and 755 for directories (owner has full access, everyone else can enter and list). The web server user should own the files, and the web server group should have read access.
Use chmod -R followed by the permission value and directory path, e.g., chmod -R 755 /var/www/html. Be cautious — this sets the same permissions on both files and directories. Use find with -type f or -type d to apply different permissions to files and directories separately.
New files are typically created with 666 (read and write for everyone) and new directories with 777 (full access for everyone), then modified by the umask value. A common umask of 022 results in files being created with 644 and directories with 755.
Yes. Once the XConvert Chmod Calculator page has loaded in your browser, it functions entirely client-side. You can toggle permissions and calculate values without an internet connection, making it useful for working on air-gapped servers or during network outages.
Related XConvert Tools: Base64 Encoder/Decoder · JSON Formatter · Unix Timestamp to Date · Date to Unix Timestamp · HTML Entity Encoder