What Does chmod 755 Mean? Unix File Permissions Explained
Β· 7 min read
Every developer has stared at a permission denied error at least once. You upload a script to your server, try to run it, and Linux flat-out refuses. Or you misconfigure SSH and suddenly nothing works. File permissions are one of those foundational Unix concepts that trip people up constantly β yet once you understand the logic, they become second nature.
This guide breaks down how Unix file permissions work, explains the most common permission modes (755, 644, 600, 777), and shows you how a free Chmod Calculator can save you from permission-related headaches for good.
How Unix File Permissions Work
Every file and directory on a Unix or Linux system has three sets of permissions assigned to three categories of users:
- Owner β the user who created the file
- Group β users who belong to the file's assigned group
- Other β everyone else on the system
For each of those three categories, three types of access can be granted or denied:
| Permission | Symbol | Numeric Value |
|---|---|---|
| Read | r | 4 |
| Write | w | 2 |
| Execute | x | 1 |
To calculate the permission for a single category, you simply add the values together. For example, read + write + execute = 4 + 2 + 1 = 7. Read + write (no execute) = 4 + 2 = 6. Read only = 4.
A full permission mode is three digits β one for owner, one for group, one for other. That three-digit number is the octal notation.
Octal vs Symbolic Notation
Unix permissions can be expressed in two equivalent ways.
Octal notation uses three digits, each from 0 to 7. For example: 755, 644, 600.
Symbolic notation uses a nine-character string where r, w, and x appear in fixed positions, and - means the permission is not granted. For example: rwxr-xr-x.
The nine characters map directly to the three categories:
rwxr-xr-x
^^^ owner: rwx (7)
^^^ group: r-x (5)
^^^ other: r-x (5)
So rwxr-xr-x in symbolic is 755 in octal. Both mean the same thing to the operating system. When you run ls -l in a terminal, you see the symbolic form. When you run chmod, you typically type the octal form.
Common Permission Modes at a Glance
Here is a quick reference for the permission modes you will encounter most often:
| Mode | Symbolic | Owner | Group | Other | Typical Use Case |
|---|---|---|---|---|---|
| 755 | rwxr-xr-x | Read/Write/Execute | Read/Execute | Read/Execute | Web directories, executables |
| 644 | rw-r--r-- | Read/Write | Read only | Read only | Web files (HTML, CSS, images) |
| 600 | rw------- | Read/Write | None | None | SSH private keys, secret config files |
| 700 | rwx------ | Read/Write/Execute | None | None | Private scripts, personal directories |
| 777 | rwxrwxrwx | All | All | All | Rarely justified β avoid in production |
| 664 | rw-rw-r-- | Read/Write | Read/Write | Read only | Shared project files within a team |
| 400 | r-------- | Read only | None | None | Read-only backups, public certificates |
How to Use the Chmod Calculator
Calculating permissions manually works fine once you have the system memorized, but it is easy to make mistakes β especially when you need something less common than 755 or 644. The free Chmod Calculator handles all of this for you instantly, with no signup and no data sent to any server.
Here is how to use it:
- Open the tool in your browser. It runs entirely client-side, so your file paths and permission choices stay private.
- Check the boxes for owner, group, and other permissions. Each row has read, write, and execute checkboxes.
- Watch the output update instantly. The tool shows you both the octal code (e.g.
755) and the symbolic string (e.g.rwxr-xr-x) side by side. - Copy the chmod command β most calculators generate the ready-to-run command:
chmod 755 yourfile. - Paste it into your terminal and you are done.
You can also work in reverse: type in an octal code like 644 and the tool will show you exactly which permissions are active for each user category.
Real-World Examples
Web Server Files
A typical Apache or Nginx setup uses:
- Directories: 755 β the web server process (usually
www-dataornginx) needs execute permission on directories to traverse them. - Files: 644 β the server needs read access to serve HTML, CSS, JS, and images. Write access should be restricted to the owner only.
Running chmod 644 on a PHP file and chmod 755 on a directory is a safe, standard configuration that keeps files readable by the server without letting anyone else modify them.
Shell Scripts
When you write a bash script, it is saved as a regular file without execute permission. Before you can run it, you need:
chmod 755 deploy.sh
Or, if it contains sensitive information (API keys, passwords), keep it private:
chmod 700 deploy.sh
SSH Private Keys
This is one of the most important permission rules on any Unix system. SSH will refuse to use a private key if it is readable by other users. The correct mode is strict:
chmod 600 ~/.ssh/id_rsa
A permission of 644 on an SSH key will cause ssh to print a warning and refuse to connect. Always set SSH private keys to 600.
Application Config Files
Database credentials, .env files, and API tokens should never be world-readable. Set them to 600 (owner read/write only) or 640 (owner read/write, group read) depending on whether your application runs as a different user.
Tips and Best Practices
Apply the principle of least privilege. Give each file only the permissions it actually needs. A static HTML file has no reason to be executable. A config file has no reason to be group-writable.
Never use 777 in production. Granting full read, write, and execute to everyone is almost never the right answer. It opens the door to code injection, data tampering, and privilege escalation. If you think you need 777 to make something work, dig deeper β the real fix is usually adjusting ownership with chown rather than opening permissions wide.
Check ownership alongside permissions. chmod sets what is allowed; chown sets who the owner is. A file owned by root with mode 644 behaves very differently from the same mode on a file owned by www-data.
Use 644/755 as your defaults for web. Files should be 644, directories should be 755. This is the baseline for most shared hosting environments and a safe starting point for VPS setups.
Audit permissions regularly. Run find /var/www -perm -o+w to find world-writable files on a web server. Any results deserve immediate attention.
Common Mistakes to Avoid
- Setting 777 "just to make it work" β this masks the underlying ownership or configuration problem and creates a security hole.
- Forgetting execute on directories β a directory needs the execute bit for anyone to enter it. Mode 644 on a directory will break traversal.
- Wrong permissions on SSH files β
~/.sshshould be 700,~/.ssh/authorized_keysshould be 600. - Recursive chmod without thinking β running
chmod -R 755on a web root will make every file executable, which is unnecessary and sloppy.
Frequently Asked Questions
What does chmod 755 mean?
chmod 755 sets a file or directory so the owner has full read, write, and execute access (7), while the group and everyone else have read and execute access (5) but cannot write. In symbolic notation this is rwxr-xr-x. It is the standard permission for directories and executable scripts on web servers.
What does chmod 644 mean?
chmod 644 gives the owner read and write access (6) and restricts the group and others to read-only access (4). In symbolic form: rw-r--r--. This is the correct mode for most web files such as HTML pages, stylesheets, and images β the server can read them, but only the owner can edit them.
What does chmod 600 mean?
chmod 600 grants the owner read and write access and denies all permissions to the group and others. Symbolic: rw-------. This is required for SSH private keys and recommended for any file that contains sensitive credentials.
Is chmod 777 safe?
Almost never. Setting a file to 777 (rwxrwxrwx) allows any user on the system β or any process running under any account β to read, modify, and execute it. On a shared server this is a serious security risk. In containerized or isolated environments the risk is lower, but 777 is still considered bad practice. Use the minimum permissions needed and correct ownership instead.
How do I calculate chmod permissions without making mistakes?
The easiest way is to use a free tool that does the math for you. The Chmod Calculator lets you toggle permissions visually and instantly shows the corresponding octal code and symbolic string. It runs entirely in your browser β no account required, nothing stored server-side.
Conclusion
Unix file permissions are simple once you see the pattern: three categories (owner, group, other), three permission types (read=4, write=2, execute=1), and a three-digit octal code that combines them. Knowing what 755, 644, 600, and 777 mean puts you in control of your server's security posture and helps you debug access errors fast.
When in doubt, skip the mental arithmetic and use the free Chmod Calculator β it translates between octal and symbolic notation instantly, generates the ready-to-run chmod command, and requires no signup or installation. Bookmark it and keep it handy for your next deployment.