Security Tools

Linux Permission Explainer

Explain file permission modes in plain language.

beginner5 minRuns in your browser

Interactive workspace

Inputs stay on your device — nothing is sent to our servers unless you choose to share.

Client-side only

644rw-r--r--

/var/www/html/index.html

Looks reasonable

owner

Readyes
Writeyes
Executeno

group

Readyes
Writeno
Executeno

other

Readyes
Writeno
Executeno

owner

rw-

octal digit 6

File owner (user who created the file)

group

r--

octal digit 4

Users in the file's group

other

r--

octal digit 4

Everyone else on the system

Suggested command

chmod 644 /var/www/html/index.html

Common paths

Who is affected?

Owner is the file's user. Groupmatches users in the file's group. Other is everyone else. Directories need the execute bit to allow traversal (cd into them).

Use the Chmod Calculator to build custom modes interactively.

Documentation

How to use this tool, practical use cases, and technical notes.

The Linux Permission Explainer is designed to return results in under 5 minutes. Here is a complete walkthrough of every feature, including tips for getting the most out of the tool.

Step 1 — Enter or Select a File Path (Optional)

The first field accepts a file or directory path. This is optional and does not affect the permission calculation — it is used to provide context in the output and in the suggested chmod command.

The tool ships with a set of common Linux paths pre-populated as quick-select options:

Common Path

Default Mode

Context

/var/www/html/index.html

644

Web root HTML file

/var/www/html

755

Web root directory

/home/user/.ssh/id_rsa

600

SSH private key

/usr/local/bin/deploy.sh

755

Executable shell script

/var/www/uploads

775

Shared upload directory

You can also type any custom path — this is useful when auditing a specific file on your system and you want the generated chmod command to be ready to copy and paste directly.

Step 2 — Select or Enter a Permission Mode

The Octal permission mode field is the core input. You can either:

  • Select from the dropdown of pre-built common modes (see table below)

  • Type a custom 3-digit or 4-digit octal mode directly

Pre-built mode presets in the tool:

Octal Mode

Symbolic

Label

Typical Use Case

755

rwxr-xr-x

Standard directories and executables

Directories, shell scripts, binaries

644

rw-r--r--

Standard files

HTML, CSS, log files, config files

600

rw-------

Private files

SSH private keys, secrets files

700

rwx------

Owner-only scripts or directories

Private scripts, restricted data dirs

775

rwxrwxr-x

Shared team directories

Collaborative upload folders

664

rw-rw-r--

Collaborative files

Shared documents with group edit

777

rwxrwxrwx

World read/write/execute

Avoid in production — see Security Notes

4755

rwsr-xr-x

Setuid binary

System binaries like passwd, sudo

Custom

User-defined

Any mode from 000 to 7777

Step 3 — Read the Permission Breakdown

Once a mode is entered, the tool instantly renders a three-panel breakdown:

Panel 1 — Summary table (owner / group / other)

Entity

Read

Write

Execute

Owner

✅ / ❌

✅ / ❌

✅ / ❌

Group

✅ / ❌

✅ / ❌

✅ / ❌

Other

✅ / ❌

✅ / ❌

✅ / ❌

Panel 2 — Octal digit explanation

Each of the three octal digits is displayed alongside:

  • Its symbolic representation (rw-, r-x, ---, etc.)

  • The octal digit value

  • A plain-English label for the principal it controls

Panel 3 — Risk / reasonableness indicator

The tool evaluates whether the mode is "reasonable" for the path entered and flags potentially dangerous configurations — for example, warning when 777 is applied to any path.

Step 4 — Read the Plain-English Description

Below the breakdown tables, the tool generates a sentence-level explanation of what the permission mode means, such as:

"Owner can read and write. Group can read. Everyone else can read."

This description is especially useful for:

  • Copying into a code comment explaining why a specific chmod was applied

  • Pasting into a ticket or runbook describing the expected file state

  • Teaching team members who are unfamiliar with octal notation

Step 5 — Copy the chmod Command

The tool generates the exact chmod command based on the mode and path you entered:

chmod 644 /var/www/html/index.html

Click "Copy chmod" to copy this command to your clipboard — ready to paste directly into a terminal, Ansible playbook, Dockerfile, or Bash script.

Step 6 — Copy the Full Explanation

Click "Copy explanation" to copy the full plain-English breakdown, including:

  • The symbolic representation

  • Per-principal permission summary

  • The octal digit annotations

  • The suggested chmod command

This is useful for pasting into documentation, incident reports, or security audit findings.

Quick Reference: Reading Symbolic Permission Strings

When you run ls -l on a Linux system, the first column of output looks like this:

-rwxr-xr--  1  root  www-data  4096  Jun  1 12:00  deploy.sh
drwxr-xr-x  2  root  root      4096  Jun  1 12:00  html/

The first character indicates the file type:

Character

File Type

-

Regular file

d

Directory

l

Symbolic link

c

Character device

b

Block device

p

Named pipe (FIFO)

s

Socket

The remaining 9 characters are the permission bits in rwx notation — positions 2–4 are owner, 5–7 are group, 8–10 are other. The Linux Permission Explainer decodes all of this into tabular plain-English form instantly.