How to Calculate Chmod Permissions

March 22, 2026 · 8 min read

Every file and directory on a Unix/Linux system has permissions that control who can read, write, and execute it. The chmod command sets these permissions — but its octal notation (chmod 755) can be confusing if you don't know how the numbers work.

This guide breaks down exactly how Unix permissions work, how to calculate chmod values, and which permission sets to use for common scenarios.

The Permission Model

Unix permissions have three components for each of three user categories:

	Read (r)	Write (w)	Execute (x)
Owner (u)	Can read the file	Can modify the file	Can execute the file
Group (g)	Can read the file	Can modify the file	Can execute the file
Others (o)	Can read the file	Can modify the file	Can execute the file

When you run ls -l, you see permissions displayed like this:

-rwxr-xr--  1 user group  4096 Mar 22 12:00 script.sh
│└┬┘└┬┘└┬┘
│ │   │   └── Others: read only (r--)
│ │   └────── Group: read + execute (r-x)
│ └────────── Owner: read + write + execute (rwx)
└──────────── File type (- = file, d = directory)

Octal (Numeric) Notation

Each permission has a numeric value:

Permission	Value
Read (r)	4
Write (w)	2
Execute (x)	1
None (-)	0

You add the values together for each user category to get a single digit. Three digits make the full permission:

Owner:  rwx = 4 + 2 + 1 = 7
Group:  r-x = 4 + 0 + 1 = 5
Others: r-- = 4 + 0 + 0 = 4

Result: 754

So chmod 754 file.txt means: owner can do everything, group can read and execute, others can only read.

Calculate chmod permissions visually

Toggle checkboxes for read/write/execute and get the numeric value instantly.

Open Chmod Calculator

Symbolic Notation

Instead of numbers, you can use symbolic notation with chmod:

# Add execute permission for the owner
chmod u+x script.sh

# Remove write permission for group and others
chmod go-w file.txt

# Set exact permissions: owner=rwx, group=rx, others=r
chmod u=rwx,g=rx,o=r file.txt

# Add read permission for everyone
chmod a+r file.txt

The operators:

+ — add a permission
- — remove a permission
= — set exact permissions (removes anything not specified)

The targets:

u — owner (user)
g — group
o — others
a — all (owner + group + others)

Common Permission Sets

Octal	Symbolic	Use Case
755	rwxr-xr-x	Executable scripts, directories (standard default)
644	rw-r--r--	Regular files — owner writes, everyone reads
700	rwx------	Private scripts — only owner has access
600	rw-------	Private files (SSH keys, config with secrets)
777	rwxrwxrwx	Everyone can do everything — avoid this
444	r--r--r--	Read-only for everyone, including owner
750	rwxr-x---	Owner full access, group can read/execute, others nothing
664	rw-rw-r--	Shared files — owner and group can write, others read

Directory Permissions

Permissions mean slightly different things for directories:

Read (r) — list the directory contents (ls)
Write (w) — create, rename, or delete files in the directory
Execute (x) — enter the directory (cd) and access files within it

A directory with r-- permission lets you list files but not access them. You almost always need x on directories.

# Standard directory permissions
chmod 755 /var/www/html           # Web root — everyone can read/traverse
chmod 700 ~/.ssh                  # SSH directory — owner only
chmod 1777 /tmp                   # Temp dir — sticky bit (see below)

Special Permissions

Sticky Bit (1000)

On a directory, prevents users from deleting files they don't own. Used on /tmp:

chmod 1777 /tmp    # or: chmod +t /tmp
ls -ld /tmp
# drwxrwxrwt — note the 't' at the end

Setuid (4000)

When set on an executable, it runs with the file owner's permissions (not the caller's). Used by programs like passwd:

chmod 4755 /usr/bin/someprogram
ls -l /usr/bin/someprogram
# -rwsr-xr-x — note the 's' in owner execute

Setgid (2000)

On a file, runs with the group's permissions. On a directory, new files inherit the directory's group:

chmod 2775 /shared/project
# New files in /shared/project inherit the group

Security Best Practices

Never use 777 — if "everyone can do everything" seems like the fix, find the real problem. Usually you need to fix ownership (chown) or group membership instead.
SSH keys must be 600 — SSH refuses to use keys with group/other permissions. chmod 600 ~/.ssh/id_rsa
.ssh directory must be 700 — chmod 700 ~/.ssh
Web files: 644, directories: 755 — the web server user needs read access, not write.
Config files with secrets: 600 — database passwords, API keys, etc. should only be readable by the owner.
Use chown before chmod — fix ownership first, then permissions. chmod 777 is often a band-aid for wrong ownership.

Quick Reference: Calculating Permissions

To calculate a chmod value from scratch:

For each category (owner, group, others), decide which permissions they need
Add up the values: read (4) + write (2) + execute (1)
Combine the three digits

Example: Web application directory
  Owner needs:  read + write + execute = 4+2+1 = 7
  Group needs:  read + execute          = 4+0+1 = 5
  Others need:  read + execute          = 4+0+1 = 5
  Result: chmod 755

Or use the chmod calculator to toggle checkboxes and get the value instantly — no mental math required.

Related tools:

Chmod Calculator — visual permission calculator
Cron Expression Parser — another Linux admin essential
Hash Generator — generate MD5, SHA-256, and other hashes
Password Generator — create strong passwords