Linux Permissions / CHMOD Calculator

The ultimate cheat sheet for Unix file security. Convert R-W-X to octal codes instantly.

CHMOD Calculator

Check boxes to calculate permissions.

Warning: Public can Modify or Execute.

Owner

7

Group

5

Public

5
chmodfile.txt
-rwxr-xr-x

Common Permission Presets

777

Universal Access

Anyone can read, write, or execute. Extremely insecure. Never use this on web servers.

Apply Preset →
755

Standard Executable

Owner can do everything. Everyone else can read and execute. Standard for programs and directories.

Apply Preset →
644

Standard File

Owner can read/write. Everyone else can only read. Standard for documents, HTML, images.

Apply Preset →
600

Private Key

Only the owner can read or write. Use this for standard SSH keys and secrets.

Apply Preset →
400

Read-Only Secret

Only the owner can read. Even the owner cannot modify it without changing permissions first.

Apply Preset →

How Linux Security Works

Unlike Windows, Linux was built from the ground up as a multi-user system. Every file has a specific owner, and the permissions dictate exactly who can read, write, or execute it.

At the heart of this system is the Octal Code system (0-7). It's a clever mathematical trick where every combination of permissions sums up to a unique number.

The Math Behind the Magic

Each action has a specific value. Memorize these three numbers:

  • Read (r)= 4
  • Write (w)= 2
  • Execute (x)= 1

Example: To allow Read (4) and Write (2), you add 4+2 = 6.

The Three Circles of Trust

Permissions are defined in three sets of digits (e.g., 7-5-5):

  • 1st DigitOwner (u): You, the creator of the file. You usually want full control (7).
  • 2nd DigitGroup (g): Your team. If you are developing a website with colleagues, they might need write access (7) or just read access (5).
  • 3rd DigitPublic (o): Everyone else. The internet. Usually, they should only participate in Reading (4).

Files vs. Directories

For Folders, Execute = Enter

This is the most common confusion. If a folder is "Read Only" (444), you can list the files inside (`ls`), but you cannot enter it (`cd`). You typically always need Execute (5 or 7) on folders.

The "644" Standard

Why is 644 default? Because rw-r--r-- means the owner can edit, but colleagues and the public can only view. It prevents accidental deletion.

The "777" Trap

Lazy developers use `chmod 777` to fix "Permission Denied" errors. This is dangerous. It allows any rogue script on your server to delete your database configs or upload malware.

Frequently Asked Questions

What does chmod 777 do?

chmod 777 gives Read, Write, and Execute permissions to Everyone (Owner, Group, and Public). This is a major security risk as any user or hacker on the system can delete or modify your files.

What is the correct permission for web files?

Standard web files (HTML, PHP, Images) should be 644 (Owner: RW, Group: R, Public: R). Directories should be 755 (Owner: RWX, Group: RX, Public: RX).

How do you calculate octal permissions?

Each permission has a value: Read=4, Write=2, Execute=1. You sum them up for each user category. Example: Read+Execute = 4+1 = 5.

What does +x mean?

Running chmod +x filename adds Execute permission to the file for all users (Owner, Group, and Public). It is equivalent to adding 1 to each digit in the octal code (if it wasn't already executable).

What is the "Sticky Bit"?

The Sticky Bit (code 1000) on a directory ensures that only the file owner (or root) can delete files within that directory, even if others have write access. The /tmp directory uses this.

What is setuid (SUID)?

SUID (Set User ID) allows a user to execute a file with the permissions of the file owner (usually root). The passwd command uses this so normal users can update the protected password file.

What is the difference between u, g, and o?

u = User (Owner), g = Group (Team), o = Others (Public). You can use these in symbolic commands like chmod g+w file (Give Group Write access).

Why do directories need Execute permission?

For directories, "Execute" permission (x) allows you to "enter" the folder (cd into it). Without it, you cannot access any files inside, even if you have read permission on the files themselves.

How do I restrict a file to only me?

Use chmod 600. This gives Read/Write to the owner, and No Access to group or public. It is standard for SSH keys (id_rsa).

What does chown do?

chown (Change Owner) changes who owns the file. chmod changes what the owner can do. You often use them together.

What is a umask?

The umask determines the default permissions for newly created files. A common umask is 022, which results in 755 for directories and 644 for files.

What is chmod -R?

The -R flag stands for Recursive. It applies the permission change to the specified directory AND all files and subdirectories inside it.

Can I undo a chmod command?

There is no "undo" button in Linux. If you run chmod -R 777 /, you have likely broken your system security permanently and may need to reinstall. Be careful!

What are symbolic links permissions?

Permissions on a symbolic link itself are irrelevant (usually 777). The permissions that actually matter are those of the target file it points to.

How to make a script executable?

Run chmod u+x myscript.sh. This allows the current user to run it as ./myscript.sh.