What does chmod 755 mean?

The owner gets rwx (read, write and execute = 7), and both group and others get r-x (read and execute = 5). It's the typical value for directories and executable scripts that should be browsable and runnable, but only the owner can modify them.

Why is chmod 777 dangerous?

It grants rwx to owner, group and others. Any user on the system (including a compromised process) can read, modify and execute the file. On servers with multiple users or services exposed to the internet, that's a serious security risk. Use the least-privilege value.

What's the difference between octal and symbolic permissions?

Octal permissions (e.g. 755) are a number encoding the three rwx bits per audience. Symbolic ones (e.g. u+x) modify existing permissions incrementally. Octal is more expressive when setting absolute permissions; symbolic is handy for adding or removing specific bits.

What permissions does a script need to run?

The execute bit (x) for whichever audience will launch it. For a personal script, `chmod u+x script.sh` or `chmod 700 script.sh` works. For a public read-and-execute script, `chmod 755 script.sh`. The owner still needs r so the shell can read the script's contents.

What are setuid, setgid and sticky?

Extra special bits. setuid (4xxx) makes the executable run as its owner. setgid (2xxx) does the same with the group, or forces group inheritance on directories. The sticky bit (1xxx) on a directory prevents users from deleting files that belong to other users (typical on /tmp).

Linux chmod permissions guide

Learn Linux chmod permissions: 755, 644 and 777 modes, rwx permissions, symbolic notation and safe examples for files and scripts.

What chmod is

chmod is the standard Unix/Linux command for changing the permissions of a file or directory. It controls who can read it (r), modify it (w) or run it (x), applying those permissions across three audiences: the owner, the associated group, and everyone else.

Owner, group and others

Every Linux file has three permission blocks, one per audience:

Owner (user): the user who created the file, unless changed with chown.
Group: users belonging to the file's associated group. Useful for team-shared files.
Others: any other user on the system.

The r, w, x bits

Each audience has three bits: read, write and execute. In octal each bit adds:

4 = r (read)
2 = w (write)
1 = x (execute)

Adding them gives the value per audience:

Octal	Symbolic	Meaning
7	rwx	Read, write and execute
6	rw-	Read and write
5	r-x	Read and execute
4	r--	Read only
0	---	No permissions

Safe examples

The following values cover the most common cases without dropping into the wide-open chmod 777 territory:

chmod 755 script.sh — public executable script; only the owner can edit.
chmod 644 file.txt — config file readable by everyone, writable only by the owner.
chmod 700 private-script.sh — only the owner reads, writes and runs. Group and others have no access.
chmod 600 secret.txt — only the owner reads and writes. Typical for SSH private keys.
chmod 777 — grants rwx to everyone. Avoid it: any process or user can modify and run the file. A more restrictive value (755 or 750) is usually enough.

Octal vs symbolic

Octal notation sets absolute permissions. Symbolic notation modifies them incrementally:

chmod u+x script.sh — adds execute to the owner without touching the rest.
chmod go-w file.txt — removes write from group and others, leaves the owner untouched.
chmod a+r public.html — adds read for all audiences.

Audiences are u (user/owner), g (group), o (others) and a (all). Operators are + (add), - (remove) and = (set exactly).

Special bits (setuid, setgid, sticky)

Linux supports three extra bits that prepend the standard octal mode:

setuid (4xxx): the executable runs as the file owner, not the user who invoked it. Example: /usr/bin/passwd.
setgid (2xxx): on executables, runs with the file's group. On directories, new files inherit the directory's group.
sticky (1xxx): on directories, only the file owner can delete their files, even if others have w. Typical on /tmp.

Common mistakes

Using chmod 777 "to make it work". It usually hides an owner, group or path issue.
Forgetting that accessing a file also requires read/execute permission on the directory.
Running chmod -R 777 . on a project and leaving the system vulnerable.
Not checking the owner with ls -l before changing permissions.
Assuming a copied file keeps its permissions: cp -p preserves them, plain cp does not.

Compute the permissions

If you're unsure which octal value to use, try the calculator:

Use the chmod calculator

Next steps

If you're going to run a script with cron, review both permissions and scheduling. Pair this guide with the cron expression guide or jump straight to the cron expression generator to schedule the job.

Frequently asked questions

What does chmod 755 mean?: The owner gets rwx (read, write and execute = 7), and both group and others get r-x (read and execute = 5). It's the typical value for directories and executable scripts that should be browsable and runnable, but only the owner can modify them.
Why is chmod 777 dangerous?: It grants rwx to owner, group and others. Any user on the system (including a compromised process) can read, modify and execute the file. On servers with multiple users or services exposed to the internet, that's a serious security risk. Use the least-privilege value.
What's the difference between octal and symbolic permissions?: Octal permissions (e.g. 755) are a number encoding the three rwx bits per audience. Symbolic ones (e.g. u+x) modify existing permissions incrementally. Octal is more expressive when setting absolute permissions; symbolic is handy for adding or removing specific bits.
What permissions does a script need to run?: The execute bit (x) for whichever audience will launch it. For a personal script, `chmod u+x script.sh` or `chmod 700 script.sh` works. For a public read-and-execute script, `chmod 755 script.sh`. The owner still needs r so the shell can read the script's contents.
What are setuid, setgid and sticky?: Extra special bits. setuid (4xxx) makes the executable run as its owner. setgid (2xxx) does the same with the group, or forces group inheritance on directories. The sticky bit (1xxx) on a directory prevents users from deleting files that belong to other users (typical on /tmp).