🔒 chmod Calculator

Build Linux file permissions visually, import from ls output or octal code, and generate the chmod command.

Load Existing Permissions — optional, updates the matrix instantly

From ls -l output

Paste the first column from ls -l, e.g. drwxrwxrwt. The file type character (d, -, l…) also sets the "directory" toggle below.

From octal code

Type a 3-digit code (e.g. 644) or 4-digit with special bits (e.g. 1777). The matrix updates as you type.

Permissions

Octal code 644

Symbolic (ls -l) rw-r--r--

	READ r = 4 File: view contents · Dir: list files	WRITE w = 2 File: modify · Dir: create/delete files inside	EXECUTE x = 1 File: run as program · Dir: enter (cd into)
Owner `u` The user who owns the file or directory 6
Group `g` All users who belong to the file's assigned group 4
Others `o` Every other user on the system (not owner, not in group) 4

Special Bits

Setuid s / S — adds 4000

On executables: the program runs with the file owner's privileges instead of the caller's. This is how sudo, passwd, and ping can perform privileged operations without running as root directly. On directories: generally has no effect on Linux. Shown as s when owner execute is set, S when it is not.

Setgid s / S — adds 2000

On executables: the program runs with the file's group privileges. On directories: new files and subdirectories created inside inherit the directory's group instead of the creator's primary group. Essential for shared project directories where all members need to access each other's files. Shown as s when group execute is set, S when it is not.

Sticky bit t / T — adds 1000

On directories: even if the directory is world-writable, only the file's owner (or root) can delete or rename each file inside. The classic example is /tmp (permissions 1777): anyone can create files there, but you cannot delete another user's files. On files: has no practical effect on modern Linux. Shown as t when other execute is set, T when it is not.

What these permissions mean

Owner: read + write
Group: read
Others: read

Quick Presets

644755700600664775777177747552755750640

Generate chmod Command

Target path

Target is a directory

chmod command

chmod 644 "/path/to/target"

About the chmod Calculator

chmod (change mode) is the standard Unix/Linux command for setting file and directory permissions. Every filesystem object has three independent permission sets — for the owner, the group, and others (everyone else). Each set has three bits: read, write, and execute.

How octal notation works

Each permission set is represented as a single octal digit (0–7). The three bits map to fixed values: read = 4, write = 2, execute = 1. You add the values you want: 7 = rwx (4+2+1), 6 = rw- (4+2), 5 = r-x (4+1), 4 = r-- (4 only), 0 = --- (nothing). Three digits cover the three sets: 644 means owner 6 (rw-), group 4 (r--), others 4 (r--). A fourth leading digit encodes special bits: 1777 = sticky + full open.

Reading ls -l output

The first column of ls -l is a 10-character string. The first character is the file type: - for a regular file, d for a directory, l for a symbolic link. The remaining 9 characters are the permissions in order: owner rwx, group rwx, others rwx. Special bits replace the execute character: s for setuid/setgid with execute also set, S without execute, t for sticky with other-execute set, T without.

Execute on directories

For directories the execute bit means traverse — the ability to cd into the directory and access its contents. Without it, a user cannot enter the directory even if they have read permission. Directories should generally have execute wherever they have read — that is why 755 and 644 are the standard pair for directories and files respectively.

The sticky bit and /tmp (1000)

The sticky bit on a directory prevents users from deleting or renaming files they do not own, even if they have write permission on the directory itself. The canonical example is /tmp (permissions 1777): world-writable so any process can create temporary files, but sticky so users cannot delete each other's files.

Setuid and setgid (4000 / 2000)

When set on an executable, the setuid bit causes the process to run with the file owner's identity. This is the mechanism behind sudo, passwd, and ping. The setgid bit is similar but uses the file's group. On directories, setgid causes new files to inherit the directory's group — the standard way to run shared project directories where all team members need read/write access to each other's files.

chmod -R vs find for recursive changes

chmod -R MODE /path blindly applies the same bits to every file and directory under the path. The problem: directories need the execute bit to be enterable, but regular files usually should not be executable. Running chmod -R 755 /var/www marks every HTML, CSS, and image file as executable — harmless but messy and a security smell. The safer approach is to use find to target each type separately:

find "/path" -type f -exec chmod 644 {} +   # files: rw-r--r--
find "/path" -type d -exec chmod 755 {} +   # dirs:  rwxr-xr-x

Use chmod -R only when you are certain the same code is correct for all content, such as a directory that contains only executable scripts or only sub-directories with no regular files.