chmod 755 vs 644: What They Mean and When to Use Each

If you've ever set up a web server, you've been told to use 755 for directories and 644 for files. Here's exactly what those numbers mean and why they're the standard.

Decoding the Numbers

Each digit represents permissions for: owner, group, others (everyone else). The value is the sum of read (4) + write (2) + execute (1):

chmod 755 — For Directories and Executables

755 = 7 (owner) + 5 (group) + 5 (others)
    = rwx r-x r-x

Owner: read, write, execute  → Full control
Group: read, execute         → Can enter directory, read files, run scripts
Others: read, execute        → Same as group

chmod 755 /var/www/html/    # Web directory
chmod 755 deploy.sh         # Shell script

Execute on a directory means "can enter it" (cd into it). Without execute on a directory, you can't access anything inside, even with read permission.

chmod 644 — For Regular Files

644 = 6 (owner) + 4 (group) + 4 (others)
    = rw- r-- r--

Owner: read, write   → Can edit the file
Group: read          → Can read but not modify
Others: read         → Can read but not modify

chmod 644 /var/www/html/index.html  # HTML file
chmod 644 config.php                 # Config file

Regular files don't need execute permission — only scripts and binaries do.

The Web Server Pattern

# Typical web server file structure
drwxr-xr-x (755)  /var/www/html/          ← directory: enter + read
-rw-r--r-- (644)  /var/www/html/index.html ← file: read
-rw-r--r-- (644)  /var/www/html/style.css
drwxr-xr-x (755)  /var/www/html/images/   ← subdirectory
-rw-r--r-- (644)  /var/www/html/images/logo.png

# Web server (nginx, apache) runs as www-data user
# Needs to READ files and ENTER directories → 644/755 is correct
# Set recursively:
find /var/www/html -type d -exec chmod 755 {} ;
find /var/www/html -type f -exec chmod 644 {} ;

Other Common Permission Sets