What does chmod 755 actually mean?
Those three digits are the single most confusing thing about Linux for beginners. Every tutorial that tells you to run chmod 755 myscript.sh assumes you already understand why. You don't. It's fine. Here's the whole mental model in one short article, and then a live sandbox where you can try every variation without breaking anything.
The one-sentence summary
chmod 755 means "the owner can read, write, and execute; everyone else can read and execute but not write." That's it. The rest of this post is just explaining where those three numbers come from.
Every Linux file has three permissions for three audiences
Unix-like operating systems think about files in a very specific way. Every file has:
- Three permissions:
read(can you see the contents?),write(can you change the contents?), andexecute(can you run it as a program, or enter it if it's a directory?) - Three audiences: the owner (the user who created the file), the group (a set of users who share access), and others — literally everyone else on the system.
That gives you a 3×3 grid of nine yes-or-no flags. Which means there are exactly 29 = 512 possible permission states for any given file. The 755 shorthand is just a compact way to write one of those 512 states.
The octal trick
Here's where the magic number comes from. Each of the three audience groups gets a single digit. That digit is computed by adding together:
- 4 if the audience can read
- 2 if the audience can write
- 1 if the audience can execute
So read+write+execute = 4+2+1 = 7. Read+execute (no writing) = 4+1 = 5. Read only = 4. No permissions at all = 0.
Three audiences × one digit each = a three-digit number. 755 is just:
| Owner | Group | Others | |
|---|---|---|---|
| Digit | 7 | 5 | 5 |
| Math | 4+2+1 | 4+0+1 | 4+0+1 |
| Read | ✓ | ✓ | ✓ |
| Write | ✓ | ✗ | ✗ |
| Execute | ✓ | ✓ | ✓ |
If you can do the mental math "owner digit, group digit, others digit — add up 4/2/1 as needed," you can read any chmod number on sight.
The five numbers you'll see 95% of the time
In practice you only need to remember a handful of common patterns:
| Code | Means | Use it for |
|---|---|---|
755 | Owner rwx, others rx | Executable scripts, directories, programs |
644 | Owner rw, others r | Regular files you want the world to read |
700 | Owner rwx, nobody else | Personal files — your home directory, ~/.ssh |
600 | Owner rw, nobody else | Private keys, secrets, config with passwords |
777 | Everyone everything | Almost never. If you typed this, you probably made a mistake. |
Warning about 777: setting a file to 777 means literally any user on the system can read, modify, or execute it. It's the "fix every permission problem" button that tutorials sometimes tell you to press, but it's almost always the wrong answer. If a file "won't run," the problem is usually that it's missing the execute bit, not that you need to grant write access to the world. 755 or 700 is the right fix.
Try it — live, in your browser
LinuxSim is a free browser-based Linux sandbox. Open the sim, click the Terminal, and run these commands:
$ touch test.sh
$ ls -l test.sh
-rw-rw-r-- 1 student student 0 ... test.sh
$ chmod 755 test.sh
$ ls -l test.sh
-rwxr-xr-x 1 student student 0 ... test.sh
$ chmod 600 test.sh
$ ls -l test.sh
-rw------- 1 student student 0 ... test.shNotice how the 10-character string on the left (-rwxr-xr-x) changes to match. That's just the human-readable form of the same number. The first character is the file type (- = regular file, d = directory, l = symlink). The next 9 characters are three groups of three — owner, group, others — each showing r, w, x, or a dash.
🚀 Launch LinuxSim and try it →
Symbolic syntax (the other way)
Octal isn't the only way to use chmod. It has a symbolic syntax too, which is nicer when you're tweaking one permission without touching the others:
chmod +x myscript.sh # add execute for everyone
chmod u+w file.txt # add write for the user (owner)
chmod g-r file.txt # remove read for the group
chmod o= file.txt # remove ALL permissions for others
chmod u=rwx,go=rx file.sh # exactly the same as chmod 755Most people end up memorizing chmod +x and chmod 755 and ignoring the rest. That's fine — they cover 95% of what you'll ever need.
Directories vs files
One confusing thing: the x bit means something different for directories. On a regular file, x means "you can run this as a program." On a directory, x means "you can enter this directory with cd and see what's inside." Without x on a directory, you'd get "permission denied" even on files inside it that you technically have read access to.
That's why 755 is so common for directories: you want everyone to be able to traverse your folder structure, even if they can't modify anything.
The three gotchas that will bite you
- Your SSH private key must be
600. OpenSSH refuses to use a private key that has any group or world permissions at all. If you see "permissions too open" errors, runchmod 600 ~/.ssh/id_rsa. - Shell scripts need the execute bit. If you wrote
myscript.shand it refuses to run with./myscript.sh, the fix ischmod +x myscript.sh.bash myscript.shalso works — but once you set the bit, you can just run it directly. - Making things world-writable is a security hole. If an attacker can write to a file you run as a program, they can replace that file with a malicious one.
777is almost always the wrong answer.755,644,700, or600are almost always the right one.
Where to go next
Once you're comfortable with chmod, the next command to learn is chown — it changes who owns a file, rather than what the permissions are. Then umask, which sets the default permissions for newly-created files. All three have real manual pages in LinuxSim — type man chmod, man chown, or man umask in the terminal.
Or, if you want hands-on practice, the Practice Labs in LinuxSim have an entire "Permission Lockdown" lab that walks you through fixing realistic permission problems.
TL;DR: read=4, write=2, execute=1, one digit per audience, three audiences (owner/group/others). 755 means owner can do everything, everyone else can look but not touch.