HIFreeTools
ENES

Free Chmod Calculator (Octal & Symbolic)

Tick read, write and execute for owner, group and other to instantly get the octal permission value, the symbolic rwx string and the exact chmod command.

WhoRead(+4)Write(+2)Execute(+1)Octal
Owner (user)7
Group5
Other (world)5
Octal
755
Symbolic
rwxr-xr-x
Command
chmod 755 filename

Each group's digit is the sum of read (4), write (2) and execute (1). For directories, "execute" means permission to enter the directory and access its contents. Everything is calculated in your browser.

Quick answer

A chmod calculator turns Unix file permissions into the octal number you pass to chmod. Each of owner, group and other gets a digit found by adding read=4, write=2 and execute=1. So rwx (4+2+1)=7 and r-x (4+1)=5, giving 755 for rwxr-xr-x. Type an octal value and it fills the checkboxes back, or tick boxes to build the number.

Formula & method

Unix permissions are stored as three groups of three bits: owner, group and other. Within each group, read is worth 4, write is worth 2 and execute is worth 1. Add the values of the permissions you want for a group to get a single octal digit from 0 to 7 (for example read + execute = 4 + 1 = 5). Concatenate the three digits in owner-group-other order to get the full octal mode such as 755. The symbolic string is built by writing r, w or x where a permission is granted and a dash where it is not, e.g. rwxr-xr-x. The tool works in both directions: ticking the nine checkboxes recomputes the octal and symbolic output live, while typing a 3-digit octal value (each digit 0-7) fills the checkboxes back in. The ready-to-run command is simply chmod followed by the octal value and your filename.

Examples

Example 1: Standard directory / script: 755
Input
Owner: read, write, execute. Group: read, execute. Other: read, execute.
Result
Octal 755 - symbolic rwxr-xr-x - command: chmod 755 filename
Why
Owner 4+2+1=7, group 4+1=5, other 4+1=5. This is the typical mode for directories and executable scripts: the owner can change them, everyone else can read and run them.
Example 2: Regular non-secret file: 644
Input
Owner: read, write. Group: read. Other: read.
Result
Octal 644 - symbolic rw-r--r-- - command: chmod 644 filename
Why
Owner 4+2=6, group 4, other 4. The owner can edit the file while everyone else can only read it. This is the standard mode for ordinary documents, HTML and config files that are not secret.
Example 3: Private key / secret: 600
Input
Owner: read, write. Group: none. Other: none.
Result
Octal 600 - symbolic rw------- - command: chmod 600 filename
Why
Owner 4+2=6, group 0, other 0. Only the owner can read or write the file and nobody else has any access. SSH requires private keys to be 600 (or stricter) or it refuses to use them.
Example 4: Fully open: 777
Input
Owner, group and other all have read, write and execute.
Result
Octal 777 - symbolic rwxrwxrwx - command: chmod 777 filename
Why
Every group is 4+2+1=7. Anyone on the system can read, modify, and execute the file. This is almost never appropriate on a real server because it lets any user tamper with the file.

When to use this tool

  • You need the octal number to pass to the chmod command and want to build it visually instead of doing the 4-2-1 arithmetic in your head.
  • You are securing files on a Linux or macOS server - for example setting SSH keys to 600, web files to 644 and directories to 755 - and want to confirm the mode before running it.
  • You have an octal mode like 750 from a tutorial or ls output and want to see exactly which read, write and execute permissions it grants in plain symbolic form.
  • You are writing a Dockerfile, deploy script or Ansible playbook and want to double-check the permission number you are hard-coding before it ships.

Common mistakes

  • Adding the wrong weights. Read is 4, write is 2 and execute is 1 - not 1, 2, 3. Mixing these up turns an intended 644 into something like 654, which silently grants the wrong access.
  • Reaching for 777 to fix a problem. Setting rwxrwxrwx makes a file world-writable and is a real security hole; the issue is almost always ownership or a missing execute bit, so prefer 755 or 644 first.
  • Forgetting that directories need the execute bit. A directory at 644 cannot be entered. Directories you want to access need execute on the relevant groups, which is why 755 is the usual directory mode, not 644.
  • Reading the symbolic string in the wrong order. rwxr-xr-x is owner-group-other, not a single block - the second triplet (r-x) is the group's permission, not part of the owner's.

Frequently asked questions

What does chmod 755 mean?

755 means the owner has read, write and execute (7 = 4+2+1) while the group and other users have read and execute only (5 = 4+1). The symbolic form is rwxr-xr-x. It is the standard mode for directories and executable scripts that everyone is allowed to run but only the owner can change.

What is the difference between 755 and 644?

755 (rwxr-xr-x) grants execute permission to everyone, which directories and runnable scripts need. 644 (rw-r--r--) has no execute bits and is meant for ordinary files like documents, HTML and config files: the owner can edit them and everyone else can only read them.

How is the octal permission number calculated?

For each of owner, group and other you add read=4, write=2 and execute=1 for the permissions you want, giving one digit from 0 to 7. Writing the three digits in owner-group-other order gives the full mode. For example rw- = 4+2 = 6 and r-- = 4, so rw-r--r-- is 644.

What does the symbolic string like rwxr-xr-x mean?

It is the permissions shown in three blocks of three characters: owner, group, then other. Within each block r, w and x mean read, write and execute are granted, and a dash means they are not. So rwxr-xr-x is owner rwx, group r-x, other r-x, which equals octal 755.

Why does chmod 777 get flagged as insecure?

777 (rwxrwxrwx) gives read, write and execute to absolutely everyone, including write access for other users on the system. That means any account can modify or replace the file, so it is almost never the right choice. Prefer the least permission that works, such as 755 or 644.

What permission should a private SSH key have?

600 (rw-------). SSH refuses to use a private key if its permissions are too open, because a key readable by other users is a security risk. 600 gives read and write to the owner only and no access to anyone else.

Does this calculator handle the leading setuid/sticky digit?

This tool covers the standard three-digit mode (owner, group, other) that you use the vast majority of the time. The optional fourth leading digit for setuid, setgid and the sticky bit is a separate special-bits topic and is not included here.

Sources & references

External references open in a new tab. We are independent and not affiliated with these organizations.

  • ✓ Free to use
  • ✓ No sign-up required
  • Runs entirely in your browser — nothing is uploaded.
  • ✓ Formula and method shown above
Last updated: How we calculateReport a correctionDisclaimer

Provided “as is” for general information only — results may be inaccurate, so verify before you rely on them. No warranty; use at your own risk.

Built and reviewed by HIFreeTools against the formula shown above and any authoritative references cited on this page. See our methodology and editorial standards.

Related tools

Embed this tool on your site

Free to embed, no sign-up. Paste this code where you want the chmod calculator to appear: