I'm trying to set up a web server and I keep seeing "chmod 755" as a recommendation for my public directories. I understand it has to do with security, but I'm confused about the math behind it. Why 755? What exactly happens if I give a directory these permissions vs a file? Does it allow anyone to delete my files or just view them?
3 answers
The number 755 represents "octal" permissions in Linux. Each digit stands for a different user class: Owner, Group, and Others. The numbers are sums of values: 4 (Read), 2 (Write), and 1 (Execute). For the owner, 7 (4+2+1) means full access. For the group and others, 5 (4+1) means they can read and execute but NOT write (modify/delete). On a directory, "execute" permission is vital because it allows users to 'cd' into it and view metadata. Using 755 is a standard security balance: it lets the world see your website or run your script, while preventing anyone but you from tampering with the code.
If I mistakenly use 755 on a sensitive configuration file containing database passwords, would that mean any user logged into the system could read my secrets, or does "read" just apply to the web server process?
Think of it this way: 755 is for public stuff, 700 is for private stuff. If you use ls -l, you will see it as rwxr-xr-x.
I agree with Amanda Lewis. I always run ls -l right after a chmod to verify the symbolic string. It’s a quick habit that prevents deployment errors where a script fails to run just because I forgot the "1" (execute bit) in the calculation!
Great question, Michael. "Others" literally means any user account on the system. If you have a file with passwords, 755 is a huge security risk because everyone can read it. For sensitive files, you should use 600 (Owner can read/write, no one else has any access) or 640. Always follow the "Principle of Least Privilege": only give the minimum permissions necessary for the task to keep your environment secure.