Understanding Unix File Permissions with Chmod Calculator

Unix file permissions control who can read, write, and execute files and directories. Every file and directory on a Linux or Unix system has a set of permission bits that determine access for three categories: the file owner, the group, and everyone else. Understanding these permissions is essential for system administration, web development, DevOps, and any work on Linux servers.

The Three Permission Triplets

Permissions are organized into three groups of three bits each:

Owner  Group  Other
 rwx    rwx    rwx

Each triplet contains three permissions:

• r — Read (4)
• w — Write (2)
• x — Execute (1)

The values in parentheses are the octal weights. To calculate the octal mode, add the weights of the enabled permissions for each triplet.

rwx = 4 + 2 + 1 = 7
rw- = 4 + 2 + 0 = 6
r-x = 4 + 0 + 1 = 5
r-- = 4 + 0 + 0 = 4
-wx = 0 + 2 + 1 = 3
-w- = 0 + 2 + 0 = 2
--x = 0 + 0 + 1 = 1
--- = 0 + 0 + 0 = 0

Common Chmod Modes

File vs Directory Permissions

The execute bit behaves differently for files and directories.

This distinction is critical. A directory needs both r and x to be readable — r alone lets you see the filenames, but without x you cannot access any file inside it.

# Directory with r but no x — can list but cannot access
$ ls -la /example
# (shows filenames but you cannot cd into it or read files)

# Directory with r-x — full read access
$ ls -la /example
$ cat /example/file.txt

Chmod Command Reference

Octal Notation

chmod 755 script.sh     # rwxr-xr-x
chmod 644 index.html    # rw-r--r--
chmod 600 id_rsa        # rw------- (SSH private key)
chmod 700 ~/.ssh         # rwx------ (SSH directory)
chmod -R 755 public/    # Recursive (apply to all files and subdirectories)

Symbolic Notation

chmod u+x script.sh     # Add execute for owner
chmod g+w file.txt      # Add write for group
chmod o-r file.txt      # Remove read for others
chmod a+rx script.sh    # Add read+execute for all (ugo)
chmod u=rwx,g=rx,o=    # Set exact permissions: rwxr-x---
chmod -R u=rwX,go=rX public/  # Recursive, X = execute only for directories

The capital X in symbolic mode is special: it adds execute permission only if the target is a directory or already has execute permission for any user. This is extremely useful for recursive operations.

# Set all directories to 755 and all files to 644 recursively
find /path -type f -exec chmod 644 {} \;
find /path -type d -exec chmod 755 {} \;

# Or use the X shortcut
chmod -R u=rwX,go=rX /path

Special Permission Bits

Beyond the basic rwx bits, Unix supports three special permissions.

Setuid (SUID) — u+s (4000)

When set on an executable, the process runs with the file owner's privileges, not the user who launched it. This allows ordinary users to execute commands that require elevated permissions.

chmod u+s /usr/bin/passwd
# -rwsr-xr-x (the s replaces x in owner triplet)

Setgid (SGID) — g+s (2000)

On a file, the process runs with the group of the file. On a directory, new files created inside inherit the directory's group instead of the creator's primary group.

chmod g+s /shared/directory
# drwxrwsr-x (the s replaces x in group triplet)

Sticky Bit — +t (1000)

Primarily used on /tmp — only the file owner (or root) can delete or rename files inside the directory, even if others have write permission.

chmod +t /tmp
# drwxrwxrwt (the t replaces x in other triplet)

Umask: Default Permissions

Umask defines which permission bits are removed when a new file or directory is created. It is the inverse of the desired default permissions.

umask 022  # Default for most systems
# Files: 666 - 022 = 644 (rw-r--r--)
# Dirs:  777 - 022 = 755 (rwxr-xr-x)

umask 002  # Default for shared directories
# Files: 666 - 002 = 664 (rw-rw-r--)
# Dirs:  777 - 002 = 775 (rwxrwxr-x)

umask 077  # Restrictive (private)
# Files: 666 - 077 = 600 (rw-------)
# Dirs:  777 - 077 = 700 (rwx------)

Security Best Practices

• Configuration files containing secrets: 600 (chmod 600 .env)
• SSH private keys: 600 (chmod 600 ~/.ssh/id_rsa)
• SSH directory: 700 (chmod 700 ~/.ssh)
• Web directories: 755 (chmod 755 /var/www/html)
• Web files: 644 (chmod 644 /var/www/html/index.html)
• Upload directories: 755, not 777
• Executable scripts: 755 (chmod 755 deploy.sh)
• Never use 777 on production — it allows any user to modify files

Common Pitfalls

Pitfall 1: Confusing directory and file permissions

# ❌ Wrong — giving execute to all files recursively
chmod -R 755 /path

# ✅ Correct — separate file and directory permissions
find /path -type f -exec chmod 644 {} \;
find /path -type d -exec chmod 755 {} \;

Pitfall 2: Using 777 for web uploads

# ❌ Wrong — any user can write
chmod 777 uploads/

# ✅ Correct — owner can write, others only read+execute
chmod 755 uploads/
# Make the web server user the owner
chown www-data:www-data uploads/

Pitfall 3: Ignoring group permissions for team projects

# Set the sticky group bit so new files inherit the group
chmod g+s /project/shared
chmod 775 /project/shared

Online Tool

The CHMOD Calculator tool on Help2Code provides an interactive permission bit toggler with instant octal and symbolic output. Toggle read, write, and execute for owner, group, and other, and see the resulting chmod command immediately. Quick presets for common modes like 755, 644, 600, and 700 make it easy to find the right permission set without memorizing octal values.

Conclusion

Unix file permissions are a simple but powerful system built on three triplets of read, write, and execute bits. Octal notation makes permissions compact and scriptable, while symbolic notation provides fine-grained control. Understanding permissions — including umask, SUID, SGID, and the sticky bit — is essential for secure server administration. Use the CHMOD Calculator tool to experiment with permission combinations interactively.