Every server tutorial eventually says “chmod 755” and keeps walking, leaving 755 unexplained like a phone number you are supposed to recognize. The number is actually three tiny sums written side by side, learnable in two minutes, and once learned, every permission error message becomes readable. This guide decodes the system, with our free chmod calculator translating both directions when you would rather not do arithmetic at a terminal.
In this guide
The grid: three audiences, three powers
Unix permissions answer one question nine times: who may do what. The who has three rows: the file’s owner, the owner’s group, and others (everyone else). The what has three columns: read (r), write (w), and execute (x). Nine cells, each on or off, which is exactly what the long listing shows: rwxr-xr-x reads as three triplets, owner rwx, group r-x, others r-x. Everything else in this topic is notation for that grid.
The math: 4 + 2 + 1
Each triplet compresses to one digit by giving the powers prices: read = 4, write = 2, execute = 1, and the digit is the sum of what is granted.
| Triplet | Sum | Digit |
|---|---|---|
| rwx | 4 + 2 + 1 | 7 |
| r-x | 4 + 1 | 5 |
| rw- | 4 + 2 | 6 |
| r– | 4 | 4 |
| — | 0 | 0 |
So 755 is owner 7 (rwx), group 5 (r-x), others 5 (r-x): the owner does everything, everyone else may read and execute but not modify. 644 is rw- r– r–: owner edits, the world reads. The prices were chosen so every combination produces a unique sum, which is why the digit decodes unambiguously back to the triplet, the round trip the calculator performs with checkboxes instead of mental arithmetic.
The numbers you will actually meet
| Number | Spelled out | Standard use |
|---|---|---|
| 755 | rwxr-xr-x | directories, scripts, programs |
| 644 | rw-r–r– | ordinary files: HTML, images, configs the world may read |
| 700 | rwx—— | private directories, owner-only |
| 600 | rw——- | secrets: private keys, .env files, credentials |
| 777 | rwxrwxrwx | the tempting mistake, see below |
The web-hosting rule of thumb that solves ninety percent of cases: directories 755, files 644, secrets 600. SSH is the strict teacher here: it flatly refuses a private key with permissions looser than 600, one of the few programs that checks your homework, and the error message suddenly makes sense once 600 reads as “owner only, read and write”.
Directories: where x means enter
The execute bit changes meaning on directories, and this is the detail that breaks intuition: for a directory, x means permission to enter and reach things inside, while r means listing the names. A directory with r but not x lets you see the names and touch nothing; x without r lets you reach files you already know by name without browsing, a real technique for semi-private folders. The practical consequence is why directories are 755 where files are 644: stripping a directory’s x bit does not make it “non-executable”, it makes it a wall, and “permission denied” on a file you can clearly see often means a missing x on a directory somewhere along the path, not on the file at all.
Why 777 is the wrong answer to everything
777 grants everyone on the system full control, and it appears in tutorials because it makes permission errors vanish, the way removing your door makes lost-key problems vanish. On shared hosting, “others” is not an abstraction: it is every other account on the machine, and a world-writable file is an invitation for any compromised neighbor to edit your site. The honest procedure when something throws a permission error: identify which user the program runs as (the web server, usually), and grant the minimum that user actually needs, often via group permissions or ownership changes rather than wider modes. 777 “working” is the symptom of skipping that diagnosis, and most security scanners flag it on sight. The toolbox context, with the rest of the server-side utilities, lives in the developer tools pillar.
Frequently asked questions
What does the fourth digit in 0755 mean?
A leading digit carries special bits (setuid, setgid, sticky) that alter execution and deletion semantics, with the sticky bit on shared directories like /tmp being the everyday example. Most daily work uses three digits and lets the special bits be zero.
What is the difference between chmod 755 and chmod u+x?
Numeric mode sets the entire grid absolutely; symbolic mode (u+x, go-w) adjusts specific cells relative to what exists. Symbolic is safer for one-bit changes, numeric is clearer for establishing a known state, and both end at the same grid.
Why does my upload get 644 automatically?
New files inherit defaults from the creating program filtered through umask, the system’s “bits to withhold by default” setting. Sensible systems default files to 644 and directories to 755 precisely because those are the standard safe values.
Do Windows machines have chmod?
Windows uses a different, richer permission system (ACLs), so chmod numbers apply to Unix-family systems: Linux servers, macOS, and the hosting world. The moment you rent a Linux server or open a Mac terminal, the grid above is the law of the land.