Linux File Permissions Explained: What 755 and 644 Actually Mean
Last updated: 2026-06-13
A chmod number like 755 is just three permission sets written as digits — one for the file's owner, one for its group, and one for everyone else. Once you see that each digit is read (4) + write (2) + execute (1) added together, the whole system stops being a memorization exercise.
The three permissions
- Read (r) = 4 — view a file's contents, or list a directory.
- Write (w) = 2 — change a file, or add and remove items in a directory.
- Execute (x) = 1 — run a file as a program, or enter (cd into) a directory.
You add the values for each role. Read + write = 6. Read + write + execute = 7. Read + execute = 5. That single digit fully describes what one role may do.
The three roles
Every file has an owner (the user), a group, and others (everyone else). A permission string like rwxr-xr-x reads left to right as owner, group, others — which is exactly 755: owner 7 (rwx), group 5 (r-x), others 5 (r-x).
Try the toolchmod Permissions CalculatorConvert Linux file permissions between octal and symbolic instantly — check rwx boxes to get chmod 755-style commands with clear explanations.The numbers you will actually use
- 755 (rwxr-xr-x) — directories and executables/scripts: owner can change them, everyone can read and run/enter.
- 644 (rw-r--r--) — ordinary files: owner can edit, everyone else can read.
- 600 (rw-------) — private files like SSH keys and config with secrets: only the owner can read or write.
- 700 (rwx------) — private directories only the owner may enter.
- 777 (rwxrwxrwx) — everyone can do everything; a security red flag you should almost never set.
Directories need execute
Symbolic vs. numeric
You can also use symbolic syntax: chmod u+x adds execute for the owner, chmod go-w removes write from group and others. Symbolic mode is handy for nudging one bit; numeric mode (755) sets all nine bits at once. The two are interchangeable — the calculator above converts between them.
The special fourth digit
Sometimes you will see a four-digit mode like 1777 or 4755. The leading digit sets special bits: setuid (4) runs a program as its owner, setgid (2) runs it as its group, and the sticky bit (1) — famously on /tmp — lets anyone add files but only the owner delete their own. Use these deliberately; setuid on the wrong binary is a classic privilege-escalation hole.
Permissions are not encryption
Permissions control who the operating system lets near a file; they do nothing once the disk leaves your control. For secrets, store a hash rather than the value (see the hash generator) or protect credentials with a proper scheme like the one the htpasswd generator uses for web auth.
Frequently asked questions
What does chmod 755 mean?
Owner can read, write, and execute (7); group and others can read and execute but not write (5 and 5). It is the standard mode for directories and executable scripts.
When should I use 644 vs 755?
Use 644 for ordinary files (owner edits, everyone reads) and 755 for directories and executables, which also need the execute bit to be entered or run.
Is chmod 777 ever a good idea?
Almost never. It lets any user modify the file or directory and is a frequent source of security incidents. Grant the narrowest permissions that make the task work instead.
Why can't I enter a directory I have read access to?
Entering a directory requires the execute bit, not just read. Read alone lets you list names; without execute you cannot open or traverse into it.
Tools in this guide
- chmod Permissions CalculatorConvert Linux file permissions between octal and symbolic instantly — check rwx boxes to get chmod 755-style commands with clear explanations.
- .htpasswd GeneratorGenerate .htpasswd lines for Apache and nginx basic auth — bcrypt or MD5-crypt hashes computed locally, your password never touches a server.
- Hash Generator (MD5/SHA-1/SHA-256/SHA-512)Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from text or files instantly — computed in your browser, nothing is ever uploaded.