What is this tool?
Use this chmod calculator and permissions visualizer to turn a numeric Unix permission such as 655, 755, or 644 into a permission grid. It shows what owner, group, and others can do with read, write, and execute permissions.
The tool runs in your browser. It does not send your input to a server, and it does not run chmod on any file.
How to use it
- Enter one digit for owner, one for group, and one for others.
- Read the permission string, such as
rw-r-xr-x. - Check the grid to see which permissions are on.
- Use a preset for common modes such as
644,755,600,700,664,775, or777. - Check warnings before applying a permission change on a real file or directory.
This page only accepts three-digit numeric modes from 000 to 777. Four-digit modes such as 1777 or 2775 are not accepted by the visualizer input.
Why are chmod values 4, 2, and 1?
Each numeric chmod digit is an octal digit, which means it can be 0 through 7. The digit is built from three permission bits:
Read = 4
Write = 2
Execute = 1Those values are powers of two. Each permission is either off or on, then the enabled values are added together:
7 = 4 + 2 + 1 = read + write + execute
6 = 4 + 2 + 0 = read + write
5 = 4 + 0 + 1 = read + execute
4 = 4 + 0 + 0 = read only
0 = 0 + 0 + 0 = no permissionsThis is why a mode such as 755 has three octal digits: 7 for owner, 5 for group, and 5 for others.
What does chmod 755 mean?
chmod 755 means:
Owner = 7 = read + write + execute
Group = 5 = read + execute
Others = 5 = read + executeThe permission string in rwx notation is:
rwxr-xr-xThis is common for directories and executable scripts. The owner can modify the item, while group and others can read it and traverse or execute it.
chmod 755 vs 644
755 includes execute permission for owner, group, and others. It is often used for directories because execute on a directory allows users to traverse it.
644 is common for regular files:
rw-r--r--The owner can read and write. Group and others can read only. For a normal text file, config file, or web asset that should not be executable, 644 is usually a better fit than 755.
What does chmod 664 mean?
chmod 664 means:
Owner = read + write
Group = read + write
Others = read onlyThe permission string in rwx notation is:
rw-rw-r--This is useful for a file edited by users in the same Unix group. It is not the same as making the file world-writable; others can read the file but cannot modify it.
How to check file owner and group
Before changing permissions, check the current owner, group, and mode:
ls -l app.logExample:
-rw-r--r-- 1 appuser appgroup 1234 May 6 app.logRead it as:
-rw-r--r-- permission
appuser owner
appgroup group
app.log file nameFor a directory, use:
ls -ld logsDirectory execute permission matters because it controls whether a user can traverse the directory.
How to check your username, uid, and gid
Check the current username:
whoamiCheck the current user ID, primary group ID, and group memberships:
idExample:
uid=1001(deploy) gid=1001(deploy) groups=1001(deploy),33(www-data)The fields mean:
uid = user ID
gid = primary group ID
groups = groups the current user belongs toTo see group names only, use:
groupsor:
id -nGHow to check who is in a group
On many Linux servers, getent group shows the group entry and explicit members:
getent group www-dataExample:
www-data:x:33:deploy,appuserDepending on the system, users whose primary group is that group may not appear in the member list.
To check whether a specific user belongs to a group, use:
id usernameExample:
id deployIf getent is not available, /etc/group may help:
grep '^www-data:' /etc/groupOn macOS, group membership is managed differently. For example:
dscl . -read /Groups/staff GroupMembershipHow to share a log directory between Apache and CLI
A common chmod problem happens when Apache and a CLI command both write logs, but they run as different users.
Example:
Apache user: www-data
CLI user: deploy
Log directory: logs/Apache often runs as www-data on Debian/Ubuntu, or apache on RHEL/CentOS-like systems. Check the actual process user before changing permissions.
Avoid using:
chmod 777 logsThat makes the directory writable by users outside the owner and group. A better approach is to use a shared group.
Example plan:
Shared group: app-logs
Members: www-data, deploy
Log directory group: app-logs
Directory permission: group writableExample commands:
sudo groupadd app-logs
sudo usermod -aG app-logs www-data
sudo usermod -aG app-logs deploy
sudo chgrp -R app-logs logs
sudo chmod 2775 logsAfter changing group membership, users may need to log out and log in again. For services such as Apache or PHP-FPM, restart the service so the process receives the new group membership.
In chmod 2775 logs, the leading 2 is the setgid bit. The setgid bit helps new files and directories inherit the parent directory group. It does not always guarantee group write permission. The final permission can still be affected by the process umask or application settings.
This is an operations note only; the visualizer input on this page still accepts only 000 through 777.
Also check log rotation. If logrotate creates new log files, check the create directive too:
create 664 www-data app-logsOtherwise permissions may look fixed until the next rotation recreates the file with a different owner, group, or mode.
Why chmod 777 is dangerous
chmod 777 gives read, write, and execute permissions to owner, group, and others:
rwxrwxrwxThe risky part is the final 7. It means users outside the owner and group can write. For files, that can allow unwanted edits. For directories, it can allow unwanted file creation or replacement depending on the surrounding system configuration.
Use the smallest permission that works. In many cases, the fix is not 777; it is the correct owner, the correct group, and a group-writable mode such as 664 for files or 775 for directories.
Privacy / local processing
The visualizer is a browser-only tool. Numeric permission values are processed locally with JavaScript and are not sent to the server.