Coherence DaddyCoherence Daddy Tools

chmod Calculator

Calculate Unix file permissions from symbolic or numeric notation

Result
Numeric
755
Symbolic
-rwxr-xr-x
Command
chmod 755 filename

Related Tools

Subnet Calculator

IP ranges and subnet masks from CIDR

Regex Tester

Test regex with live match highlighting

CSV to JSON

Convert CSV data to JSON

About This Tool

What this calculator does

The chmod Calculator turns a set of yes/no choices into the three pieces of notation you actually need when setting Unix file permissions: the three-digit octal number you pass to chmod, the ten-character symbolic string that ls -l prints, and a ready-to-run command line. You flip nine switches — Read, Write, and Execute for each of the three permission classes (Owner, Group, Other) — and the Result panel updates as you go. Each form has its own Copy button.

It is a thin, single-purpose tool. There is no file upload, nothing is sent to a server, and there is no "save" or login. You toggle, you copy, you paste into your terminal.

Who needs it

Anyone who has run into one of these:

  • You uploaded a shell script and it won't run because the execute bit isn't set.
  • A web server is returning 403 Forbidden and you suspect file permissions.
  • You SSH'd into a box, deployed an SSH key, and OpenSSH is refusing to use it because the file is "too open."
  • You're following a tutorial that says chmod 750 and you want to see what that actually grants before running it.
  • You're writing a Dockerfile or an Ansible playbook and want to encode permissions correctly the first time.

If you use chmod often enough to have memorized 644 and 755, you don't need this. If you use it twice a year and have to look up what 700 means every time, this is faster than re-reading the manpage.

How to use it

Flip the switches for the access you want, then read the Result panel:

  • Owner rows control what the file's user (the account that owns the file) can do.
  • Group rows control what members of the file's group can do.
  • Other rows control what everyone else on the system can do.

The panel shows three forms of the same permission:

  • Numeric — a three-digit octal mode such as 755. This is what you pass to chmod.
  • Symbolic — the ten-character string such as -rwxr-xr-x. This is what ls -l prints in its first column.
  • Command — the literal text chmod 755 filename. The word filename is a placeholder; replace it with your real file or directory path before you run the line.

Each form has a Copy button to the right of it.

How the math works

Inside each of the three classes, the three permissions are weighted:

  • Read = 4
  • Write = 2
  • Execute = 1

You add whichever ones are enabled to get a single octal digit from 0 to 7. So read + write + execute is 4 + 2 + 1 = 7, read + execute is 4 + 1 = 5, read + write is 4 + 2 = 6, read-only is 4, no access is 0. The full numeric mode is just the Owner digit followed by the Group digit followed by the Other digit, with no separator. That's why 755 means "owner gets 7, group gets 5, other gets 5."

The symbolic string is built the same way in reverse: for each class the calculator prints r if the read bit is set or - if not, then w or -, then x or -. The very first character of a ten-character string represents the file type, not a permission — a dash for a regular file, d for a directory, l for a symlink. This calculator always outputs a leading dash because it's describing a permission set, not inspecting a real file.

A worked example: chmod 644

Say you want a config file that you can read and edit, and everyone else can only read. Flip the switches like this:

  • Owner Read on, Owner Write on, Owner Execute off → 4 + 2 + 0 = 6
  • Group Read on, Group Write off, Group Execute off → 4 + 0 + 0 = 4
  • Other Read on, Other Write off, Other Execute off → 4 + 0 + 0 = 4

The Numeric field shows 644, Symbolic shows -rw-r--r--, and Command shows chmod 644 filename. That's the standard mode for text files, config files, HTML, and source code — anything that should be readable but isn't meant to be executed.

Modes worth memorizing

Most of what you'll set in practice falls into a small set:

  • 755 (-rwxr-xr-x) — Owner can do everything; group and other can read and execute. Default for executables, shell scripts, and directories that everyone needs to enter.
  • 644 (-rw-r--r--) — Owner can read and write; group and other can only read. Default for non-executable files.
  • 700 (-rwx------) — Only the owner can do anything; group and other get nothing. Use for private directories like ~/.ssh.
  • 600 (-rw-------) — Owner read/write, no one else. Required for SSH private keys; OpenSSH will refuse to use a key that's more permissive.
  • 777 (-rwxrwxrwx) — Everyone can do everything. Almost never the right answer; it's a frequent symptom of "I gave up and made it work." Treat it as a code smell.
  • 750 / 640 — Owner full, group read (or read/execute), other nothing. Useful when you have a real group that should have access and want to lock everyone else out.

Execute on directories means something different

On a regular file, the execute bit lets you run it as a program or script. On a directory, the execute bit lets you traverse into it — that is, refer to files inside it by name, cd into it, or open files inside it. Without the execute bit on a directory, you might still be able to list its contents (if you have read), but you can't actually reach anything inside.

This is why directory permissions almost always have execute set for whoever should be able to use them. A directory with 644 permissions looks "readable" but isn't usable; you want 755 for a public directory or 700 for a private one.

Common pitfalls

  • The command says "filename". The Command output ends in the literal word filename. Replace it with your actual file or directory path before running. Running chmod 755 filename verbatim will either fail or, worse, change permissions on a file you didn't mean to.
  • chmod doesn't recurse by default. If you want to apply permissions to a whole directory tree, add -R: chmod -R 755 mydir. The calculator doesn't include that flag; add it yourself when needed.
  • Mass-applying the same mode to files and directories is usually wrong. Directories typically need execute; non-executable files don't. A common pattern is two commands: find . -type d -exec chmod 755 {} \; for directories and find . -type f -exec chmod 644 {} \; for files.
  • You might need sudo. You can only chmod a file you own (or as root). If chmod returns "Operation not permitted," check ownership with ls -l and use sudo or chown as appropriate.
  • The symbolic string starts with a dash. That leading dash is not a permission. It's the file-type indicator that ls -l prints. The remaining nine characters are the actual rwx bits in three groups of three.
  • Permissive doesn't always mean "more access." Adding execute to a text file doesn't make it run; removing execute from a directory doesn't make its contents private. Match the mode to the file's actual purpose.

What this tool doesn't cover

The calculator handles the standard three-class POSIX permission model and nothing else. Specifically, it does not output:

  • Special bits — setuid (4), setgid (2), and the sticky bit (1) live in an optional fourth leading octal digit, as in chmod 1777 /tmp (sticky bit on a world-writable directory) or chmod 4755 /usr/bin/something (setuid). If you need those, you'll need to prepend the fourth digit yourself.
  • Symbolic chmod syntax — chmod also accepts forms like chmod u+x file, chmod go-w file, or chmod a=r file. The calculator outputs the absolute octal form, which sets the whole mode at once, not the relative symbolic form, which adds or removes specific bits.
  • ACLs and extended attributes — Linux setfacl, macOS extended ACLs, and SELinux contexts live outside the basic mode and aren't reflected here. If ls -l shows a trailing + on a file, there's an ACL on top of the regular permissions that you'll need to inspect separately with getfacl.
  • umask — When you create a new file, the actual mode is the requested mode minus whatever your umask masks out. The calculator computes the final mode you want; it doesn't help you reason about creation defaults.
  • Windows ACLs — chmod is a Unix concept. NTFS uses a different permission model. Running chmod inside WSL or Git Bash on a Windows filesystem often does nothing meaningful.

When not to use it

If you already know the mode you want, just type the digits and skip the tool. If you're trying to fix a "permission denied" error, the calculator gives you a mode but it can't tell you which mode you need — for that, start with ls -l on the file in question to see who owns it and what the current mode is, and work out the change from there. And if your access problem is actually an ACL, a SELinux denial, an AppArmor profile, a mount option like noexec, or a missing parent-directory execute bit, no chmod will fix it; you'll only mask the symptom or open the file up wider than it needs to be.

Adjacent concepts worth knowing

  • chown changes who owns a file (and optionally which group it belongs to). Permissions tell you what the owner, group, and other can do; ownership tells you who those parties are.
  • umask is the bitmask that gets subtracted from the default mode whenever a new file is created. A umask of 022 means new files come out at 644 and new directories at 755.
  • The sticky bit on a directory (most famously /tmp, mode 1777) means that even though anyone can write into the directory, only the owner of a file can delete or rename it.
  • setuid on an executable causes it to run with the privileges of its owner rather than the user invoking it. This is how passwd can edit /etc/shadow while you run it as a normal user. It's also a security-sensitive bit; never set it without thinking carefully.

For most everyday tasks — making a script runnable, locking down an SSH key, fixing a config file's permissions, setting up a web root — the three-class octal mode this calculator produces is all you need.

The about text and FAQ on this page were drafted with AI assistance and reviewed by a member of the Coherence Daddy team before publishing. See our Content Policy for editorial standards.

Frequently Asked Questions

How do I read the three forms in the Result panel?
Numeric is the three-digit octal mode (for example 755) — what you pass to chmod. Symbolic is the ten-character string ls -l shows (for example -rwxr-xr-x), where the leading character is the file-type indicator and the remaining nine are the rwx bits for owner, group, and other in that order. Command is a ready chmod line that ends in the literal word "filename" — replace that with your real file or directory path before running it.
How do the permission numbers add up?
Within each class, Read = 4, Write = 2, and Execute = 1. Add whichever bits are enabled to get a single digit from 0 to 7. Read + write + execute is 4 + 2 + 1 = 7. Read + execute is 4 + 1 = 5. Concatenate the owner, group, and other digits in that order to get the full mode, so owner 7, group 5, other 5 gives 755.
What's the difference between chmod 755 and chmod 644?
755 (-rwxr-xr-x) lets the owner read, write, and execute while group and other can read and execute but not write. It's the typical mode for executables, scripts, and directories that everyone needs to enter. 644 (-rw-r--r--) lets the owner read and write and everyone else only read, with no execute anywhere. Use it for non-executable files: text, config, HTML, source code. Reserve the execute bit for files that genuinely run and for directories.
Does the execute bit do the same thing on a directory as on a file?
No. On a regular file, x lets you run it as a program. On a directory, x lets you traverse into it — that is, refer to its contents by name, cd in, or open files inside. Without execute on a directory, even if read is set, you can list names but can't actually reach anything inside. This is why directories almost always need x for whoever should be able to use them.
Why does the Command end in the word "filename"?
It's a placeholder. The calculator doesn't know which file you're targeting, so it puts "filename" where the path goes. Copy the command, paste it into your terminal, and replace "filename" with the real path before pressing Enter. If you want to apply the mode to a directory and everything inside, add -R, as in chmod -R 755 mydir.
Does this calculator handle setuid, setgid, or the sticky bit?
No. It covers only the three standard permission classes (owner, group, other). The special bits — setuid (4), setgid (2), and the sticky bit (1) — live in an optional fourth leading octal digit, as in chmod 1777 /tmp or chmod 2775 shared-dir. If you need those, prepend the fourth digit yourself.
Is 777 ever the right answer?
Almost never on a real system. 777 means anyone on the machine can read, write, and execute the file, which is rarely what you actually want and usually masks a different problem — wrong ownership, a missing parent-directory execute bit, an ACL, or a SELinux context. Fix the underlying cause. The closest legitimate use is a world-writable scratch directory like /tmp, and even that gets the sticky bit (1777) so users can't delete each other's files.
My SSH key isn't being accepted — is that a permissions thing?
Often, yes. OpenSSH refuses to use a private key if its permissions are too open. The conventional fix is chmod 600 on the private key file (owner read/write only, group and other nothing) and chmod 700 on the ~/.ssh directory itself. The public key (.pub) can be 644.
Does chmod work the same on macOS as on Linux?
For the basic three-class octal mode this calculator produces, yes — macOS uses the same POSIX permission model. Differences show up at the edges: macOS has its own ACL system layered on top (the trailing + you sometimes see in ls -l), and some Apple-specific commands like chflags handle attributes that aren't part of chmod at all. For everyday use, treat the output of this tool as portable across Linux, macOS, and most BSDs.