Skip to main content
CheckTown
Dev Tools

chmod Calculator: Unix File Permissions Explained with Examples

Published 6 min read
In this article

What Is chmod?

chmod (change mode) is a Unix and Linux command that sets file and directory permissions. Every file on a Unix system has three permission categories: owner (the user who created the file), group (users in the same group), and others (everyone else). Each category can independently be granted read, write, and execute permissions.

Understanding chmod is essential for system administration, web server configuration, and secure file management. Incorrect permissions are one of the most common causes of security vulnerabilities and application errors on Linux servers.

How chmod Permissions Work

Permissions can be expressed in two notations: numeric (octal) and symbolic. Numeric notation uses three digits (e.g., 755), where each digit represents the permissions for owner, group, and others respectively.

  • Read (r = 4) — view file contents or list directory entries
  • Write (w = 2) — modify file contents or add/remove files in a directory
  • Execute (x = 1) — run a file as a program or enter a directory with cd

Each digit is the sum of its permissions: 7 = read + write + execute (4+2+1), 6 = read + write (4+2), 5 = read + execute (4+1), 4 = read only. Symbolic notation uses letters: u (user/owner), g (group), o (others), with +/- to add or remove permissions (e.g., chmod u+x file).

Try it free — no signup required

Calculate chmod Permissions →

Common Permission Values

These are the most frequently used chmod values and their typical applications.

  • 755 (rwxr-xr-x) — standard for executable files and directories; owner has full access, everyone else can read and execute
  • 644 (rw-r--r--) — standard for regular files; owner can read and write, everyone else can only read
  • 700 (rwx------) — private directory or script; only the owner has any access
  • 600 (rw-------) — private file like SSH keys or configuration files with secrets; only the owner can read and write
  • 777 (rwxrwxrwx) — full access for everyone; almost never appropriate and is a security risk on production systems

Security Implications

The principle of least privilege applies directly to file permissions: grant only the minimum permissions required for a file or directory to function correctly. World-writable files (permissions ending in 7 or 6 for others) are a common attack vector because any user on the system can modify them.

Special permission bits add another layer: SUID (Set User ID) makes a program run as the file owner, SGID (Set Group ID) makes it run as the file group, and the sticky bit on directories prevents users from deleting files they do not own. Misconfigured SUID bits on executables can lead to privilege escalation vulnerabilities.

Tips and Best Practices

Follow these guidelines to maintain secure and functional file permissions on your systems.

  • Directories need execute permission — without it, users cannot cd into the directory or access files inside it, even if the files themselves are readable
  • Use recursive chmod carefully — chmod -R 755 on a directory sets all files to executable, which is rarely correct; use find with -type f and -type d to set files and directories separately
  • Set umask defaults — the umask command controls default permissions for newly created files; a umask of 022 creates files as 644 and directories as 755, which is appropriate for most server environments

Frequently Asked Questions

What is the difference between 755 and 777?

With 755, the owner has full control (read, write, execute) while group and others can only read and execute. With 777, everyone has full control including the ability to modify or delete the file. Using 777 is almost never necessary and creates a significant security risk — it means any user on the system can alter your files.

Why do directories need execute permission?

The execute bit on a directory controls the ability to traverse it. Without execute permission, a user cannot cd into the directory, list its contents fully, or access any files inside it — even if the files themselves have read permission. This is why directories typically have 755 while files have 644.

What are the default permissions for new files?

Default permissions depend on the umask setting. With the common umask of 022, new files are created with 644 (rw-r--r--) and new directories with 755 (rwxr-xr-x). The umask subtracts permissions from the system maximum of 666 for files and 777 for directories.

Related Tools

Subnet Calculator: IPv4 CIDR, Masks and Hosts GuideLearn how subnetting works and calculate IPv4 subnet details from CIDR notation. Network address, broadcast, hosts, and masks explained.Read article → Hash Generator: MD5, SHA-256 and More — When to Use EachHashing is fundamental to security and data integrity. Learn which algorithm to choose and when.Read article → Password Strength Checker: Build Secure User AuthenticationWeak passwords are a leading cause of breaches. Learn how to measure password strength and enforce policies.Read article →
Back to Blog