You hit Permission denied, you Googled chmod 755, and now you're here. The good news: the right permission is almost always obvious once you know what the numbers mean. The bad news: picking the wrong one is a real security risk. Here's how to read the codes and match them to your actual situation.
The 30-second decision
Don't memorize. Match your symptom to the table.
| I want to… | Use |
|---|---|
| Make a shell script executable by everyone | 755 |
| Make an HTML, JSON, or config file readable by all, editable by me | 644 |
Lock an SSH key or .env to only me | 600 |
| Let a web server read a directory's contents | 755 (dirs) + 644 (files) |
| Run a personal script no one else should touch | 700 |
How the permission digits work
Linux permission is three groups: owner, group, others. Each group gets a number that is a sum of read (4), write (2), and execute (1).
7 = 4+2+1 = rwx (owner: read, write, execute)
5 = 4+1 = r-x (group: read, execute)
5 = 4+1 = r-x (others: read, execute)
So this produces rwxr-xr-x. The owner can do anything. Group and others can read and run the file, but cannot modify it.
Curious about the math? Each octal digit is a 3-bit binary value — 7 is 111 (rwx all on), 5 is 101 (read and execute, no write). The binary to decimal converter is handy for playing with bit combinations. Or skip the arithmetic entirely: the chmod calculator at SnipKit ticks checkboxes for you and generates the right number.
chmod 755 vs 644 — the everyday choice
Most files on a server need exactly one of these two.
644 for regular files. HTML, CSS, JSON, Markdown, PHP, config files — none of them need the execute bit. 644 means the owner can edit, everyone else can read. That's exactly what a web server needs to serve static content.
755 for directories and scripts. A directory without the execute bit is like a locked room — you can't enter it even if you know the name. Execute on a directory means "you can list and traverse." Web servers need 755 on every directory in the path to a file they're serving.
A quick reference for the most common files:
| File type | Permission |
|---|---|
Shell script (.sh) | 755 |
| HTML / CSS / JSON / Markdown | 644 |
| PHP / Python source | 644 |
| Web directory | 755 |
| SSH private key | 600 |
.env file | 600 |
chmod 755 vs 700 vs 777
These three look similar but behave very differently.
700 — owner only. Same execute rights as 755 for the owner, but group and others get nothing. Use this for personal scripts, cron jobs that contain secrets, or anything running under your own account that no other user should see or run.
777 — full access for everyone. Every user on the system can read, write, and execute. This sounds convenient, but it means any process — including a compromised web app — can modify the file. It is almost never the right answer. If you think you need 777, you probably need 755 plus the correct group assignment.
How to check what's set right now
Two commands, both useful. ls -l shows the rwxr-xr-x style (human-readable); stat returns the octal number directly (handy in scripts).
ls -l filename
stat -c '%a %n' filename
Example output for a shell script set to 755:
$ ls -l deploy.sh
-rwxr-xr-x 1 alex staff 512 Apr 28 10:22 deploy.sh
$ stat -c '%a %n' deploy.sh
755 deploy.sh
The - at the start of ls -l means it's a regular file. A d there means directory. An l means symlink.
FAQ
What does chmod 755 mean?
chmod 755 sets file permissions so the owner has read, write, and execute access (rwx = 7), while group members and all other users have read and execute access (r-x = 5). In symbolic notation this is rwxr-xr-x. It's the standard permission for executable scripts and directories that need to be publicly accessible but not publicly editable.
Is chmod 755 safe?
For scripts and directories, yes — with one condition. Anyone on the system (or over the web) can read and execute the file. That's fine for a deployment script or a web directory. It becomes a problem if the file contains secrets, credentials, or private keys. Those belong at 600 (owner-read-only) or 640 at most. Run grep -r "password\|secret\|token" . before setting anything to 755.
What's the difference between 755 and 644?
Both allow the owner to read and write. The difference is the execute bit. 755 sets execute for owner, group, and others — necessary for scripts you want to run and directories you want to traverse. 644 omits execute entirely — correct for static files like HTML, JSON, and config files that are read, not run. On a typical web server, every directory is 755 and every file is 644.
Stop memorizing octal codes. The SnipKit chmod calculator shows you the permission grid as checkboxes, lets you toggle exactly what you need, and outputs the right number — including the chmod command ready to copy.
