Linux permission (chmod) calculator — convert between octal (755), symbolic (rwxr-xr-x), and ls -l forms, with safety warnings.
- Runs locally
- Category Developer & DevOps
- Best for Checking file type, size, metadata, and obvious mismatch signals before sharing.
Common presets
Plain-English explanation
- owner: read, write, execute
- group: read, execute
- others: read, execute
All conversion runs in your browser. Nothing is sent to any server.
What this tool does
A chmod calculator that speaks all three forms Linux actually writes permissions in — octal (755, 644, 4755), symbolic (rwxr-xr-x, rwsr-xr-x), and the full ls -l line (-rwxr-xr-x, drwxr-xr-x) — and converts between them live. Type any one form and the other two update immediately. Click the nine r/w/x boxes to flip individual bits and watch the numeric form change. Toggle the three special bits — setuid (s on owner execute), setgid (s on group execute), sticky (t on others execute) — and the leading octal digit appears: 4 for setuid, 2 for setgid, 1 for sticky, so 4755 is "setuid + 755". Six one-click presets cover the values you actually type at the shell: 644 (the normal file default), 755 (scripts and directories), 600 (SSH private keys), 700 (private user directories), 4755 (setuid binaries — handle with care), and 777 (clearly labeled "danger, do not use"). When you land on a dangerous value (777, 666, 4777, 6777) a red banner explains exactly why: world-writable means any local user can replace the file, and a world-writable setuid binary is a textbook privilege-escalation. Below the inputs an explanation panel spells out each triad in plain English — "owner: read, write, execute; group: read, execute; others: read, execute" — so you can paste it straight into a runbook or pull request description. Everything runs in the tab; no permissions are ever sent over the network.
Tool details
- Input
- Text + Numbers
- The page exposes text boxes, numeric controls, file pickers, or structured inputs depending on the tool.
- Output
- Live result + Copy
- The result area focuses on usable output, with copy, download, or preview actions when supported.
- Privacy
- Browser-side processing
- The main tool logic does not call an external API, so inputs normally stay in the current tab.
- Save / share
- No account required
- Open the page and use it; whether results survive refresh depends on the tool.
- Performance budget
- Initial JS <= 18 KB
- No WASM budget is declared, keeping the tool quick to open on mobile.
- Best fit
- Developer & DevOps · Developer
- Category and role tags drive related tools, internal links, and quick fit checks.
How to use
-
1. Input
Paste or drop your content into the tool panel.
-
2. Process
Click the button. All processing is local in your browser.
-
3. Copy / Download
Copy the result or download to disk in one click.
How Linux Permission (chmod) Calculator fits into your work
Use it before upload, handoff, archive, support review, or any moment where a file needs one local check before it leaves your machine.
File jobs
- Checking file type, size, metadata, and obvious mismatch signals before sharing.
- Preparing mixed folders for upload, archive, intake, or review.
- Keeping sensitive files in the browser instead of sending them to an account-based service.
File checks
- Do not treat the extension alone as proof of the real file type.
- Review metadata before a file goes to customers, vendors, or a public page.
- Keep the original file until the copied, converted, or exported result is verified.
Good next steps
These links move the current task into a more complete workflow.
- 1 awk + sed Cheatsheet awk + sed cheat sheet — 80+ one-liners for text processing, with real examples and common pitfalls. Open
- 2 Stair Calculator Total rise + steps → rise/run, slope, Blondel comfort check + side-view diagram — metric & imperial, browser-only Open
- 3 Nginx Cheatsheet Nginx cheat sheet — common configs, location/server blocks, SSL, reverse proxy, gzip, real examples & gotchas. Open
Real-world use cases
Fixing an SSH key that OpenSSH refuses to load
You scp your id_ed25519 to a new box, run ssh, and get "Permissions 0644 for id_ed25519 are too open." Paste 644 here, see it is rw-r--r-- with group and world read, flip both off to land on 600 (rw-------), and run chmod 600 ~/.ssh/id_ed25519. The 700 preset is right next to it for the ~/.ssh directory itself, which OpenSSH also checks.
Reviewing a Dockerfile COPY that ships a setuid binary
A teammate's PR adds COPY --chmod=4755 ./helper /usr/local/bin. Type 4755 and the panel shows rwsr-xr-x: the leading 4 is setuid, so helper runs as its owner regardless of who calls it. If that owner is root and the binary is world-writable in any layer, you have a privilege-escalation path. Now you can explain in the review exactly why 4755 needs justification.
Writing a runbook line non-Linux teammates can follow
Your deploy doc says "chmod the config to 644" but the on-call rotation includes two people who live in Windows. Type 644, copy the plain-English line "owner: read, write; group: read; others: read," and paste it into the runbook next to the command. Nobody has to memorize that 4 means read or that the second digit is the group.
Debugging a CGI script that returns 403 instead of running
Apache logs show the script is found but never executes. You run ls -l and get -rw-r--r--. Paste -rw-r--r-- here, watch it resolve to 644, and notice no execute bit anywhere. The 755 preset shows the fix: rwxr-xr-x, so the web server (running as others) gets the execute bit it needs. One chmod 755 and the 403 turns into a 200.
Common pitfalls
Reaching for 777 to fix "permission denied." World-writable lets any local user overwrite the file; the real fix is usually 644/755 plus the right chown, e.g. chown www-data:www-data then chmod 644.
Forgetting that directories need the execute bit to be entered. A directory at 644 (rw-r--r--) cannot be cd'd into even by its owner; directories almost always want 755 or 700, never 644.
Setting an SSH key to 644 or 640 and wondering why ssh ignores it. OpenSSH demands 600 (or 400) on private keys and 700 on ~/.ssh, and silently refuses anything looser.
Privacy
The octal value, the rwx bits, and the ls -l line you type stay in your browser tab and are converted with plain arithmetic. No permission value is sent to a server, logged, or written into the URL, so a 600 SSH-key permission or an internal 4755 binary name never leaves your machine. The tool works on an air-gapped jump host with DevTools showing zero outbound requests.
FAQ
Tool combos
Folks in your role tend to reach for these alongside this tool.
- 555 Timer Calculator Astable f = 1.44/((R1+2R2)C) + monostable t = 1.1RC — pick R1, R2, C in Ω/kΩ and µF/nF, read frequency, duty cycle and pulse width — browser-only
- Add Line Numbers Number every line of pasted text — set start, step and separator, zero-pad to align, skip blanks, or strip numbers back off — browser-only
- AES Text Encryptor Encrypt & decrypt text with a password — AES-256-GCM + PBKDF2 via WebCrypto — 100% in your browser, nothing uploaded
- Affine Cipher Encoder & Decoder Encrypt and decrypt the ax+b affine cipher with live modular-inverse check, browser-only