386+ Tools Comprehensive Tools for Webmasters, Developers & Site Optimization

Unix Permissions Calculator - chmod Calculator

Unix Permissions Calculator

Owner
Group
Other

Understanding Unix File Permissions

What are Unix Permissions?

Unix file permissions are a security mechanism that controls who can access, modify, or execute files and directories on Unix-based systems (including Linux and macOS). Every file and directory has an associated set of permissions that define three levels of access: for the file owner, the group that owns the file, and all other users on the system.

This permission system is fundamental to Unix security and has been a core feature since the early days of Unix in the 1970s. Understanding permissions is essential for system administrators, developers, and anyone managing files on Unix-based servers.

The Three Permission Types

Unix defines three basic types of permissions for files and directories:

  • Read (r): For files, allows viewing file contents. For directories, allows listing directory contents.
  • Write (w): For files, allows modifying file contents. For directories, allows creating, deleting, or renaming files within the directory.
  • Execute (x): For files, allows running the file as a program or script. For directories, allows accessing files and subdirectories within (traversal).

The Three User Classes

Permissions are assigned to three classes of users:

  • Owner (u): The user who owns the file, typically the creator. Has the most control over the file.
  • Group (g): Users who belong to the file's group. Allows sharing access among team members.
  • Other (o): All other users on the system. Usually the most restricted permission level.

Numeric (Octal) Notation

The numeric format represents permissions as a three or four-digit octal number. Each digit is the sum of values for read (4), write (2), and execute (1):

Read (r) = 4

Write (w) = 2

Execute (x) = 1

No permission = 0

Each digit represents one user class: [special][owner][group][other]

Common Permission Values

644 (rw-r--r--): Owner can read/write, others can only read. Common for files.

755 (rwxr-xr-x): Owner can read/write/execute, others can read/execute. Common for directories and executables.

600 (rw-------): Owner can read/write, no access for others. Good for private files like SSH keys.

777 (rwxrwxrwx): Full permissions for everyone. Generally insecure and should be avoided.

700 (rwx------): Owner has full access, no access for others. Good for private directories.

664 (rw-rw-r--): Owner and group can read/write, others can read. Common for shared files.

Symbolic Notation

Symbolic notation uses letters to represent permissions in a human-readable format: rwxrwxrwx

The format is three groups of three characters each:

  • First three: Owner permissions (rwx)
  • Second three: Group permissions (rwx)
  • Third three: Other permissions (rwx)

A dash (-) indicates the absence of a permission. For example, rw-r--r-- means the owner can read and write, while group and others can only read.

Using chmod Command

The chmod (change mode) command modifies file permissions. It can use either numeric or symbolic notation:

chmod 644 file.txt - Set permissions to rw-r--r--

chmod 755 script.sh - Set permissions to rwxr-xr-x

chmod u+x file.sh - Add execute permission for owner

chmod g-w file.txt - Remove write permission from group

chmod o+r file.txt - Add read permission for others

chmod -R 755 directory/ - Recursively set permissions for directory and contents

Security Best Practices

  • Principle of Least Privilege: Grant only the minimum permissions necessary for functionality.
  • Protect Sensitive Files: Use 600 or 400 for files containing passwords, keys, or sensitive data.
  • Avoid 777: Full permissions for everyone is almost never necessary and creates security vulnerabilities.
  • Executable Scripts: Mark scripts as executable (chmod +x) only when needed, and set appropriately restrictive permissions.
  • Web Server Files: Web-accessible files should typically be 644 (files) and 755 (directories).
  • Database Files: Restrict database files to 600 or 660 to prevent unauthorized access.
  • Log Files: Use 640 or 644 for log files to allow reading but restrict writing.

Common Permission Scenarios

  • SSH Private Keys: Must be 600 or 400, otherwise SSH refuses to use them for security reasons.
  • Web Root: Directories 755, files 644 allows web server to read and serve content.
  • Upload Directories: 775 or 755 depending on whether group write access is needed.
  • CGI Scripts: 755 allows web server to execute scripts while preventing unauthorized modification.
  • Configuration Files: 640 or 600 prevents other users from reading potentially sensitive settings.
  • Shared Project Folders: 775 with appropriate group ownership allows team collaboration.

Special Permissions

Beyond basic permissions, Unix supports special permission bits:

  • Setuid (4000): Execute file as owner, regardless of who runs it. Security sensitive.
  • Setgid (2000): Execute file as group owner, or inherit group for new files in directory.
  • Sticky Bit (1000): In directories, prevents users from deleting files they don't own (like /tmp).

Checking Permissions

Use ls -l to view file permissions:

-rw-r--r-- 1 user group 1234 Jan 1 12:00 file.txt

The first column shows permissions: first character is file type (- for file, d for directory), followed by three groups of three characters for owner, group, and other permissions.

Using This Calculator

This tool helps you understand and convert between numeric and symbolic permission formats. Choose symbolic mode to select permissions with checkboxes, or numeric mode to enter an octal value. The calculator shows both formats and breaks down what each user class can do.

Use this when setting up servers, troubleshooting permission issues, or learning Unix security. It's particularly helpful when you know what permissions you want conceptually but need to determine the numeric chmod value.