Visual Linux permissions calculator
750 or 705? I could never keep them straight. So I built this and quit guessing. Click the read, write and execute boxes for each class, and the octal value plus the symbolic rwx string update live. The chmod command updates too, ready to paste. Already got a number in your head? Type the octal, the grid fills itself in. Flip setuid, setgid or the sticky bit and it spells out, in plain English, who can actually touch the file. Nothing leaves your browser. It all runs right here.
| Who | Read | Write | Execute |
|---|---|---|---|
| Owneru | rread |
wwrite |
xexec |
| Groupg | rread |
wwrite |
xexec |
| Othero | rread |
wwrite |
xexec |
| Digit | Applies to | Octal | Symbolic | Meaning |
|---|
What a chmod calculator does
Every file on a Linux box carries a permission set. It decides who reads it and who gets to write or run it. Trouble is, those same permissions wear two different costumes. ls -l shows you the symbolic string, rwxr-xr-x. But chmod wants the octal number, 755 (three digits, or four). That mismatch is exactly where I used to fumble, every single time. This tool just sits in the middle and translates. Tick the access you want, grab the command. It runs both ways too, so paste an octal you found in someone’s docs and you’ll see who it lets in.
Linux cares about three groups. Owner is whoever owns the file, the u. Group is the file’s group, g. Other means everyone else on the box, o. Each gets three switches: read (r, worth 4), write (w, worth 2), execute (x, worth 1). The octal digit? Just those values added up. Read plus write plus execute is 4 + 2 + 1 = 7. Read plus execute is 4 + 1 = 5. Stack the three digits and there’s your 755 for rwxr-xr-x. Once that clicks, honestly, the whole thing stops feeling like magic.
How octal, symbolic and chmod commands relate
Octal is nothing fancy, honestly. It’s the three class digits parked side by side, plus an optional fourth out front when special bits show up. The calculator builds octal, symbolic and the command off one shared state. They can’t drift out of sync the way they would if you juggled them by hand:
- Pick the bits. Each box you click flips one permission for one class, and that digit redraws right away. Watch it while you toggle. Fastest way I know to build the intuition.
- Read the octal. Owner, group and other get stuck together, simple as that. Turn on a special bit and a fourth digit jumps to the front:
755becomes4755the moment setuid goes on. - Copy the command. Most days I grab the numeric form,
chmod 755 file. The symbolic version,chmod u=rwx,g=rx,o=rx file, means the exact same thing. It just reads better in a script where you want the intent spelled out.
The special bits: setuid, setgid and sticky
Past the nine everyday bits sit three odd ones. They change how a program runs, or how a directory behaves. They live in that optional leading digit. Most people ignore them happily, right up until the day they really need one.
- setuid (4000). Stick this on an executable and it runs as the file’s owner, not as whoever launched it. That’s the whole trick behind
passwdwriting to/etc/shadowwhen you, a mere mortal, can’t. In the symbolic string it swaps the owner’s execute bit fors. You’ll seeSif execute happens to be off, which usually means you set it on the wrong thing. - setgid (2000). On an executable it does the group-flavoured version of setuid. Where it really earns its keep, though, is on a directory. Every new file inside picks up the directory’s group instead of whoever created it. Lifesaver for a shared project folder when you’re sick of fixing group ownership by hand. It rides in the group execute slot as
sorS. - sticky bit (1000). Classic home is
/tmp. Everyone can write there. But the sticky bit says only a file’s owner (or root) gets to delete or rename it, so nobody can yank your temp files out from under you. It lands in the other-execute slot astorT.
Common permission sets and when to use them
644(rw-r--r--) is your bread-and-butter for plain files. You edit, everyone else reads. Documents, HTML, any config that isn’t a secret. This is the one.755(rwxr-xr-x) is the go-to for directories and anything meant to run. You get full control, others can step in and execute. Scripts, binaries, public web folders.600(rw-------) means just you. Nobody else, read or write. This is where SSH private keys, credentials and.envfiles belong, full stop.700(rwx------) is the directory version of that lockdown. Only you can even open it.~/.sshlives here, and so should anything per-user and private.666and777are world-writable, and almost always a mistake I wind up cleaning up after someone. Any local user can rewrite your data behind your back, or change what a script does. Need shared writes for real? Make a group and put2775on the directory instead.
Privacy and how this tool runs
I kept this thing entirely client-side on purpose. The math, the octal conversion, the command strings? All of it happens in JavaScript, right in your browser. The file names you type and the bits you flick never get sent anywhere, never get logged or stored. Pull the network cable after the page loads and it still works. So go ahead, paste a real production path or an internal file name. It’s not going anywhere I can see it.
Frequently asked questions
What does chmod 755 mean?
It hands the owner the full set: read, write and execute (7 = 4+2+1). Group and other get read and execute only (5 = 4+1). Written out, that’s rwxr-xr-x. It’s the everyday default for directories and runnable scripts. You can change them. Everyone else can use them, but can’t touch what’s inside.
What is the difference between chmod 644 and 755?
One bit. The execute bit. 644 (rw-r--r--) leaves it off, which is exactly right for ordinary files like text, HTML or images. None of those should be runnable. 755 (rwxr-xr-x) switches it on for all three classes, and you need that on a directory before anyone can step into it, or on a script before it’ll run. Quick rule I never break: 644 for files, 755 for directories and anything executable.
How do I convert symbolic permissions to octal?
Chop the nine characters into three blocks of three. Inside each block, read counts 4, write counts 2, execute counts 1. Add up what’s there. So rwxr-xr-x works out to 7, 5, 5. The calculator above does the sums for you the second you click a box, and it runs backwards too when you type an octal in.
What is the leading fourth digit in chmod 4755?
That’s the special-bits digit out front. 4 is setuid, 2 is setgid, 1 is the sticky bit. They add up exactly like the normal ones. So 4755 is just setuid bolted onto 755. You only ever need that fourth digit when one of the special bits is in play. Otherwise the plain three-digit form says the same thing.
Why should I avoid chmod 777?
Because 777 throws the doors wide open. Read, write and execute for absolutely everyone, including other local users and any process humming along under a different account. I’ve watched it turn into a real incident more than once. Some user or a compromised service overwrites the file, or quietly rewrites a script to do something it shouldn’t. If what you actually want is shared write access, make a group, add the people who need it, then put 2775 on the directory so the group sticks.
Does chmod -R apply to files and directories the same way?
Careful here. This one bites people. A blanket chmod -R 755 stamps the same mode onto every file and folder under the path, and that’s rarely what you want, because your files end up wearing an execute bit they have no business carrying. So I split it with find and treat the two separately: find path -type d -exec chmod 755 {} + for the directories, then find path -type f -exec chmod 644 {} + for the files.
Sources & further reading
Related tools and resources
Typing these commands from memory? That’s how you land a typo at the worst possible moment. Here are the other generators I built for the stuff I run all day.
