chmod Calculator
Symbolic to octal permissions and back, with a visual permission grid and presets.
Permission grid
| Class | read (r) | write (w) | execute (x) | Octal |
|---|---|---|---|---|
| user | 7 | |||
| group | 5 | |||
| other | 5 |
Presets
Advanced: special bits (setuid / setgid / sticky)
Symbolic: rwxr-xr-x. Grid, octal and symbolic stay in sync — edit any of the three.
Command
chmod 755 file
Breakdown
| user | 7 | rwx | read + write + execute |
| group | 5 | r-x | read + execute |
| other | 5 | r-x | read + execute |
On directories, execute means "can enter / traverse" — a directory with r but not x lets you list names but not open anything inside.
How it works
Unix file permissions are a 9-bit grid pretending to be a number. Three classes of user — the file's owner, its group, and everyone else — each get three bits: read, write, execute. The octal notation everyone types into chmod is just that grid read three bits at a time: read counts 4, write counts 2, execute counts 1, summed per class. This calculator keeps three representations of the same value — the visual checkbox grid, the octal number, and the symbolic rwxr-xr-x string — permanently synchronized, so editing any one updates the other two.
The two-way symbolic field is the part most calculators skip. Paste the mode string straight out of ls -l output (the nine characters after the file-type flag) and the grid and octal update instantly — including special-bit notation, where an s in an execute slot means setuid or setgid plus execute, an uppercase S means the special bit without execute, and t/T encode the sticky bit on the final slot. That makes the tool a decoder for permissions you encounter, not just an encoder for permissions you intend.
The presets cover the modes that account for nearly all real usage, each annotated with its use case: 644 for ordinary files, 755 for directories and executables, 600 for secrets and private keys, and 777 — included with a warning, because world-writable is a security hole in almost every context and usually papers over an ownership problem better solved with chown. The result panel flags other-writable modes explicitly so the dangerous configurations are loud.
The advanced section handles the optional leading octal digit: setuid (4), setgid (2) and sticky (1). These matter more than their obscurity suggests — setgid on a shared project directory makes collaboration work by inheriting group ownership onto new files, and the sticky bit is the only reason a world-writable /tmp is survivable. The generated chmodcommand updates live with a copy button, so the path from "what do I want" to a correct shell command is one click.
Frequently asked questions
How do the octal digits map to permissions?
Each digit is the sum of three bit values for one class of user: read is 4, write is 2, execute is 1. The first digit covers the file's owner, the second its group, the third everyone else. So 755 decomposes as 7 = 4+2+1 (owner: read, write, execute), 5 = 4+1 (group: read, execute), 5 again for others. Once the 4/2/1 mapping is internalized, octal stops being arcane and becomes the fastest way to express permissions.
What does execute mean on a directory?
For directories, the execute bit grants traversal — the right to enter the directory and access entries inside it by name. Read on a directory only lets you list filenames; without execute you cannot open, stat or cd into anything within. This is why directories are conventionally 755 where files are 644: a directory without execute is effectively sealed even when readable, and a directory with execute but no read allows access to files whose names you already know.
When should I use 600 versus 644 versus 755?
600 (owner read/write only) is for secrets: SSH private keys, .env files, credentials — OpenSSH actually refuses to use a private key that is group- or world-readable. 644 is the standard for ordinary files: the owner edits, everyone can read. 755 is for directories and executables: the traversal/execute bit added for everyone. If you find yourself reaching for 777, the real problem is almost always ownership — fix it with chown rather than opening write access to the world.
What are setuid, setgid and the sticky bit?
They are the optional fourth (leading) octal digit. Setuid (4) makes an executable run with its owner's privileges — how passwd modifies a root-owned file. Setgid (2) does the same for group, and on directories makes new files inherit the directory's group, which is invaluable for shared project trees. Sticky (1) on a directory restricts deletion to each file's owner — the reason anyone can create files in /tmp (mode 1777) but cannot delete yours.
Why does ls show a letter like s or t where x should be?
The symbolic display overloads the execute slot to show special bits. A lowercase s means setuid or setgid is set and execute is also set; an uppercase S means the special bit is set without execute — usually a misconfiguration, since a non-executable setuid file is meaningless. Likewise t versus T in the final slot for the sticky bit. This calculator renders the same convention, so what you see matches ls -l output exactly.
Built by FORG — AI cost observability for agentic coding. Free tools, no signup, nothing leaves your browser.
Learn about FORG