Calculate Unix file permissions: chmod 755 = rwxr-xr-x
2026-03-28T00:00:00Z
chmod 755 filename
Unix file permissions control who can read, write, and execute files and directories, forming the foundation of Unix security and multi-user system safety. Every file and directory has three categories of users: Owner (the user who owns the file), Group (users who are members of the file's group), and Others (everyone else on the system). Each category can have three types of permissions: Read (r, value 4) allows viewing file contents or listing directory contents; Write (w, value 2) allows modifying or deleting the file or directory contents; Execute (x, value 1) allows running the file as a program or entering a directory. These values are combined additively: Read+Write = 6, Read+Execute = 5, All three = 7. The chmod command (change mode) modifies these permissions using octal notation (three digits representing Owner, Group, Other) or symbolic notation (letters and operators). Common patterns like 755 (rwxr-xr-x) are standard for executable scripts and programs, granting full control to the owner while allowing others to read and execute but not modify. Understanding chmod is essential for system administration, securing sensitive files, managing collaborative development environments, and preventing accidental permission escalation or unauthorized access. Incorrect permissions can expose private data, prevent legitimate users from accessing needed files, or allow attackers to modify critical system programs.
Note on Special Bits: This calculator handles basic 3-digit permissions (owner, group, other). Advanced Unix systems support additional bits for special permissions: setuid (4xxx) runs a program with owner privileges, setgid (2xxx) runs with group privileges or sets group on new files in a directory, and sticky bit (1xxx) prevents non-owners from deleting files in a directory. These special bits require 4-digit notation (e.g., 4755 for setuid + 755). This calculator does not support special bits; use the command line (chmod 4755 file) or reference your system's chmod documentation for advanced permission scenarios.
Real-world chmod usage requires balancing security and usability. The principle of least privilege dictates that users should have only the minimum permissions needed for their tasks: developers need read+write on source code directories (775 often appropriate for group collaboration), but documentation should be readable by everyone (644). System administrators must manage special bits (setuid, setgid, sticky) which extend basic permissions: setuid (4xxx) runs a program with owner privileges regardless of who executes it (security risk if misused), sticky bit (1xxx) on directories prevents users from deleting files they don't own, protecting shared directories like /tmp from malicious deletion. Recursive permission changes (chmod -r) modify entire directory trees but require careful verification beforehand; accidentally setting 777 (all permissions) recursively opens security vulnerabilities. Umask (permission mask) sets default permissions when files are created, typically 022 (resulting in 644 for files, 755 for directories). Modern systems also support access control lists (ACLs) for fine-grained permissions beyond basic ownership, and extended attributes for metadata security. When troubleshooting access denied errors, check permissions at each directory level in the path; insufficient execute permission on parent directories prevents access even if the target file is readable.
Every file has three sets of permissions: Owner (first digit), Group (second digit), Others (third digit). Identify which category you’re modifying. Owner is typically the creator/administrator. Group is useful for collaborative team projects. Others is the public, including system services. Set permissions with principle of least privilege: grant only needed access.
Remember the values: Read (r) = 4 allows viewing content, Write (w) = 2 allows modification/deletion, Execute (x) = 1 allows running programs or entering directories. Add desired permissions for each category: 7 (4+2+1) grants all, 6 (4+2) grants read+write, 5 (4+1) grants read+execute, 4 grants read-only. This additive system makes calculation straightforward once memorized.
For directories, execute permission (x) is required to enter/traverse, separate from reading contents (r). A directory with r but not x allows listing contents (if accessed directly) but prevents cd into it. Most directories are chmod 755 (rwxr-xr-x) or 700 (rwx------), combining read, write, and execute. Never remove x from writable directories or users can’t access them.
For shell scripts and programs: chmod 755 script.sh (7=rwx for owner, 5=r-x for group, 5=r-x for others) is standard. This allows owner full control, lets others execute but prevents modification by non-owners. Always include shebang (#!/bin/bash) at script top. Test execution after setting permissions. For sensitive scripts only owner should run, use 700 instead (full owner, no others).
chmod -R 755 directory/ applies permissions recursively to entire subdirectories and files. This is powerful but dangerous: accidentally setting -R 777 creates massive security hole. Always verify the target directory first: ls -la to see current permissions, test the command on a single file or small directory before scaling up. Document why you’re making changes. For complex scenarios (different permissions for files vs directories), use find with chmod.
Scenario: You’ve created a deployment script (deploy.sh) and need to set permissions so you can execute it, your team can run it, but only you can modify it. Calculate the proper chmod value.
Interpretation: chmod 750 deploy.sh gives the owner full rights, allows group members to read and execute the script for deployment, and prevents others from accessing it. This is the standard security model for team-shared deployment scripts. After running, verify with ls -l deploy.sh showing rwxr-x---.
It grants all permissions (read, write, execute) to everyone. This is a significant security risk and should be avoided except in temporary testing. Only use 777 when you fully understand implications or in isolated sandbox environments.
644 (rw-r--r--) is for regular files: owner read/write, others read-only. 755 (rwxr-xr-x) is for executables: owner full, others read/execute. Use 644 for documents and data, 755 for scripts and programs.
Run chmod +x script.sh (adds execute for all) or chmod 755 script.sh (owner full, others read/execute). Include shebang (#!/bin/bash) at script top. Run as ./script.sh from command line after setting execute permission.
The -R (recursive) flag applies permissions to a directory and ALL its subdirectories and files. Use carefully: chmod -R 755 directory/ changes everything inside. Verify first with ls -la to avoid accidentally opening security holes.
Check: 1) Shebang present (#!/bin/bash), 2) Parent directory has execute permission (needed to traverse), 3) File is readable (x requires r), 4) Filesystem not mounted with noexec, 5) Correct interpreter installed. Run file command to check type.
Umask sets default permissions when new files are created. Umask 022 gives 644 permissions to files (666-022) and 755 to directories (777-022). chmod changes existing files; umask affects future creations. Set in .bashrc to persist across sessions.
Both work. chmod +x adds execute (all categories). chmod u+x adds execute for owner only. chmod g+w adds write for group. Symbolic notation is human-readable but less precise; numbers (755) are clearer for documentation and scripts.
Run ls -l filename to display permissions in symbolic format (e.g., -rwxr-xr-x). The first character is type (- for file, d for directory), then owner, group, and others permissions. stat filename shows more details including octal notation.