Dev Tools

Unix Permissions Calculator

Calculate Unix file permissions interactively. Convert between octal (755) and symbolic (rwxr-xr-x) notation with checkboxes or direct input.

chmodfilename
Read (4)
Write (2)
Execute (1)
Owner (u)
Group (g)
Other (o)
Octal755
Symbolicrwxr-xr-x
chmod commandchmod 755 filename
ls -l output-rwxr-xr-x
Description: Owner: read, write, execute | Group: read, execute | Other: read, execute

Common Permission Presets

About This Tool

The Unix Permissions Calculator is an interactive tool for system administrators, developers, and DevOps engineers who work with file permissions on Linux, macOS, and other Unix-like operating systems. Instead of manually calculating octal values or memorizing which bits correspond to which permissions, this visual calculator lets you click checkboxes and instantly see the corresponding octal number, symbolic notation, and ready-to-use chmod command.

Understanding the Unix Permission Model

The Unix permission model, designed in the 1970s, remains one of the most elegant and widely-used access control systems in computing. Every file and directory in a Unix filesystem has an associated set of permissions that determine which users can perform which operations. The model divides users into three categories: the file owner (typically the user who created the file), the group (a collection of users who share a common group ID), and others (everyone else on the system). Each category can independently be granted or denied read, write, and execute permissions.

Permission Bits Explained

Read permission (r, value 4) on a file allows viewing its contents with commands like cat, less, or any text editor. On a directory, read permission allows listing the directory contents with ls. Write permission (w, value 2) on a file allows modifying its contents, including truncating it to zero length. On a directory, write permission allows creating, renaming, and deleting files within the directory. Execute permission (x, value 1) on a file allows running it as a program or script. On a directory, execute permission allows accessing the directory, which means entering it with cd and accessing files within it by name. Without execute permission on a directory, you cannot access any files inside it even if you know their names.

Octal Notation Deep Dive

Octal notation compresses nine permission bits into three digits. Each digit is the sum of the permission values for one category: read (4) plus write (2) plus execute (1). The digit 7 means all permissions (4+2+1), 6 means read and write (4+2), 5 means read and execute (4+1), 4 means read only, 3 means write and execute (2+1), 2 means write only, 1 means execute only, and 0 means no permissions. Learning to read octal permissions becomes second nature with practice: 755 instantly conveys that the owner has full control while group and others can read and execute but not modify.

Security Best Practices

The principle of least privilege dictates that files should have the minimum permissions necessary for their intended use. Configuration files containing passwords or API keys should use 600 (owner read/write only). Application code that does not need to be modified in production should use 444 or 555. Shared directories should use the setgid bit so that new files inherit the group. The sticky bit on shared writable directories like /tmp prevents users from deleting each other's files. Never use 777 in production environments as it grants full access to every user on the system, creating a significant security vulnerability that can be exploited by compromised processes or malicious users.

Common Permission Patterns

Web applications typically need 755 for directories (so the web server can enter and list them) and 644 for files (so the server can read them). CGI scripts and executable files need 755. Upload directories might need 775 if the web server and application run as different users in the same group. SSH private keys require 600 or they will be rejected by the SSH client. Database files should use 640 with the database service user as owner and the application user in the group. Understanding these patterns and the reasoning behind them is essential for maintaining secure systems.

Frequently Asked Questions

What are Unix file permissions?
Unix file permissions control who can read, write, and execute files and directories on Unix-like operating systems including Linux, macOS, and BSD. Every file and directory has three sets of permissions: one for the owner (the user who created the file), one for the group (users belonging to the file's group), and one for others (everyone else). Each set can independently grant or deny read (r), write (w), and execute (x) permissions. For files, read means viewing contents, write means modifying contents, and execute means running the file as a program. For directories, read means listing contents, write means creating or deleting files within it, and execute means accessing (entering) the directory.
How do octal permission numbers work?
Octal (base-8) notation represents each permission set as a single digit from 0 to 7. Each permission bit has a numeric value: read = 4, write = 2, execute = 1. You add these values together to get the digit for each group. For example, read + write + execute = 4 + 2 + 1 = 7, read + execute = 4 + 1 = 5, and read only = 4. A three-digit octal number like 755 means: owner gets 7 (rwx), group gets 5 (r-x), and others get 5 (r-x). This compact notation is used with the chmod command: chmod 755 filename. Some systems use a fourth leading digit for special permissions (setuid, setgid, sticky bit), but the standard three-digit form covers the most common use cases.
What is the difference between symbolic and octal notation?
Symbolic notation uses letters (r, w, x) and dashes (-) to represent permissions in a human-readable format like rwxr-xr-x. Each character position represents a specific permission for a specific group: positions 1-3 are owner, 4-6 are group, and 7-9 are others. Octal notation uses three digits (e.g., 755) where each digit encodes the same information numerically. Symbolic notation is easier to read at a glance and is displayed by the ls -l command. Octal notation is more compact and is commonly used with the chmod command. The chmod command also accepts symbolic notation with operators: chmod u+x adds execute for the owner, chmod g-w removes write for the group, and chmod o=r sets others to read-only.
What permissions should I use for web server files?
For web server files, the general recommendation is 644 for regular files (owner can read and write, everyone else can only read) and 755 for directories and executable scripts (owner has full access, everyone else can read and execute). Configuration files containing sensitive data like database passwords should use 600 (owner read/write only) or 640 (owner read/write, group read). The web server process typically runs as a specific user (like www-data or nginx), so you should set the file owner or group accordingly. Never use 777 (full access for everyone) on production servers, as it allows any user on the system to modify your files, creating serious security vulnerabilities.
What is the chmod command and how do I use it?
chmod (change mode) is the Unix command for modifying file permissions. It accepts either octal or symbolic notation. In octal mode: chmod 755 file.sh sets the exact permissions. In symbolic mode: chmod u+x file.sh adds execute permission for the owner, chmod g-w file.sh removes write for the group, chmod o= file.sh removes all permissions for others, and chmod a+r file.sh adds read for all (a = all). You can combine changes: chmod u=rwx,g=rx,o=r file.sh. The -R flag applies changes recursively to directories and their contents: chmod -R 755 /var/www/html. To view current permissions, use ls -l which shows them in symbolic format, or stat which can display octal format.
What are setuid, setgid, and the sticky bit?
These are special permission bits represented by a fourth octal digit prepended to the standard three digits. Setuid (4): When set on an executable file, the program runs with the privileges of the file owner rather than the user executing it. The passwd command uses setuid to allow users to change their passwords by temporarily gaining root access. Setgid (2): When set on a directory, new files created within inherit the directory's group rather than the creator's primary group. This is useful for shared project directories. Sticky bit (1): When set on a directory, only the file owner can delete files within it, even if others have write permission. The /tmp directory uses the sticky bit (permissions 1777) to prevent users from deleting each other's temporary files.

Was this tool helpful?

You might also like

Tax & Finance

Self-Employment Tax Estimator

Calculate your quarterly SE tax payments and deductions.

2 minFinance

Compound Interest Calculator

See how your money grows with compound interest over time.

1 minCareer

Freelance Rate Calculator

Find your ideal hourly, daily, and project rates.

3 min