Tick the boxes for what each class of user should be allowed to do and the calculator gives you the octal value and the exact chmod command. Or type an octal like 644 and watch it decode the other way.
chmod 644 filenameOwner can read, write; group can read; others can read.
Tap any mode to load it, set the path and scope, then copy the command. Your selection is saved on this device.
How the number works
In octal, rwx = 7, rw- = 6, r-x = 5, r-- = 4, -wx = 3, -w- = 2, --x = 1, --- = 0. Each of the three classes, owner, group, and other, gets one of those digits, and that digit is just the sum of three values: read = 4, write = 2, execute = 1. Add them up per class and you get one of eight possibilities:
| Digit | Symbolic | Allows |
|---|---|---|
| 7 | rwx | read + write + execute |
| 6 | rw- | read + write |
| 5 | r-x | read + execute |
| 4 | r-- | read only |
| 3 | -wx | write + execute |
| 2 | -w- | write only |
| 1 | --x | execute only |
| 0 | --- | nothing |
So a mode like 750 reads as owner 7 (rwx), group 5 (r-x), other 0 (---). Three digits, the whole permission grid.
The modes you reach for most
644 is rw-r--r-- (the owner reads and writes, everyone else reads) and 755 is rwxr-xr-x (the same, plus execute for everyone). Those two cover almost everything:
- 644, a normal file: you edit it, everyone else can read it.
- 755, a script or a directory: you have full access, others can read and run/enter it.
- 600, a private file like an SSH key: owner only.
- 700, a private directory: only you can enter it.
- 775 / 664, a shared team directory / file, where the group can write too.
- 777, everyone can do everything. Almost never the right answer; it is the mode people reach for to "make it work" and regret later.
For the full read/write/execute model, files versus directories, and symbolic chmod, see Linux file permissions explained.
The fourth digit: setuid, setgid, sticky
Tick the special boxes and a fourth digit appears in front. It is setuid = 4, setgid = 2, sticky = 1, added the same way:
- setuid (
4755) makes a program run as its owner, which is whypasswdcan edit/etc/shadow. - setgid (
2775) on a directory makes new files inherit the directory's group, the trick behind a shared team folder. - sticky (
1777) on a world-writable directory like/tmpmeans only a file's owner can delete it.
The full breakdown is in setuid, setgid, and the sticky bit explained.
Apply it on the command line
Copy the command from the calculator and run it:
chmod 644 notes.txt
chmod 755 deploy.shTo apply a mode down a whole directory tree without breaking your directories, use the capital-X trick rather than a blind -R 644; see how to chmod recursively.
FAQ
See also
- Linux file permissions explained: the full rwx, octal, and files-vs-directories model.
- How to chmod recursively: apply a mode down a tree without breaking directories.
- setuid, setgid, and the sticky bit: the special fourth digit.
- How to change file owner and group (chown): permissions decide what each class can do; chown decides who they are.
- Fix SSH "permissions are too open": the 600 your private key needs.
Sources
Authoritative references this article was fact-checked against.
