What 755 Really Means: A Closer Look at Unix File Permissions#

Every developer who’s touched a Linux server knows chmod 755. But have you ever stopped to think about why read is 4, write is 2, and execute is 1? Why does 7 mean rwx? That’s not arbitrary — it’s binary.

The Binary Logic Behind Permissions#

Unix permissions are organized into three groups of three bits, one group each for:

Owner (the file’s user)
Group (the file’s group)
Others (everyone else)

Each group maps r (read), w (write), x (execute) to three consecutive bits:

rwx  →  111₂  →  7
rw-  →  110₂  →  6
r--  →  100₂  →  4
---  →  000₂  →  0

So 755 in full is:

Owner:  rwx  →  7  →  111₂
Group:  r-x  →  5  →  101₂
Others: r-x  →  5  →  101₂

It’s literally three 3-bit binary numbers packed into a 3-digit octal number. That’s why it’s called chmod — change file mode bits. Every bit means something.

Implementation: Building a Permission Calculator#

The core logic for converting between octal notation and permission checkboxes is just bit testing:

function octalToPerms(octal: string) {
  const digits = octal.split('').map(Number)
  const scopes = ['owner', 'group', 'others']
  
  return scopes.map((_, i) => {
    const d = digits[i]
    return {
      r: (d & 4) !== 0,  // test bit 3
      w: (d & 2) !== 0,  // test bit 2
      x: (d & 1) !== 0,  // test bit 1
    }
  })
}

Going the other direction is just weighted addition:

function permsToOctal(perms) {
  let v = 0
  if (perms.r) v += 4
  if (perms.w) v += 2
  if (perms.x) v += 1
  return v
}

The weights aren’t magic — they’re powers of two: 2² = 4, 2¹ = 2, 2⁰ = 1. It’s the same positional notation you learned in elementary school, just in base 2.

Umask: The Inverse Operation#

Umask is the permission mask — it specifies which bits to clear on new files:

$ umask
0022

The math: base_permissions & (~umask). For files, the base is 666 (no execute by default), for directories it’s 777.

// File:  0o666 & (~0o022) = 0o644  (rw-r--r--)
// Dir:   0o777 & (~0o022) = 0o755  (rwxr-xr-x)

The Fourth Digit: Special Permissions#

There’s a fourth octal digit hiding at the front:

4 = setuid — run the program as the file owner (used by /usr/bin/passwd to access /etc/shadow)
2 = setgid — run with the group’s privileges
1 = sticky bit — only the file owner can delete their files (used by /tmp)

chmod 4755 some-program
# ls -l shows: -rwsr-xr-x

Notice the s where the owner’s x would be. If the owner doesn’t have execute permission, setuid shows as S and is effectively ignored.

Common sticky bit example:

chmod 1777 /tmp
# Shows as: drwxrwxrwt

The t at the end means the sticky bit is set.

Quick Memory Rule#

The special bits follow the exact same pattern as regular permissions:

Special: SUID(4) | SGID(2) | Sticky(1)
Normal:  Read(4) | Write(2) | Execute(1)

If you know 4+2+1=7 means full rwx, you already know 4+2+1=7 means all three special flags are on.

The Tool#

I built a visual chmod calculator based on the logic above: chmod Calculator

Features:

Click checkboxes to set any permission combination
Live preview of octal and symbolic notation
Quick presets for 755, 644, 600, 700
One-click copy of the chmod command

File permissions aren’t magic — they’re just three bits, three times. But getting the calculator right means handling every edge case in the bit logic cleanly.