Tip
This whole post is write by Olivier Pusadoux from Les hirondelles du net website.
A GNU-Linux operating system has three types of users and three distinct types of permissions. This page explains and presents the most commonly used options for scripts and more specifically the management of web site folders and files on an Apache server under Linux.
For additional information, you can consult ubuntu-fr.org documentation:
The CHmod Command
Types of users:
- The file owner (user)
- The owner’s group (group)
- Other users, or the rest of the world (others)
Types of permissions:
- r: read permission
- w: write permission
- x: execute permission
Binary/Octal Permission Correspondences and Their Meanings
| Binary Position | Octal Value | Permissions | Meaning |
|---|---|---|---|
| 000 | 0 | - - - | No permissions |
| 001 | 1 | - -x | Executable |
| 010 | 2 | - w - | Write |
| 011 | 3 | - w x | Write and execute |
| 100 | 4 | r - - | Read |
| 101 | 5 | r - x | Read and execute |
| 110 | 6 | r w - | Read and write |
| 111 | 7 | r w x | Read, write, and execute |
To modify permissions in octal format, the best way to be certain of the result is to add these values.
For example: change the permissions of the “myscript” file so that I (the owner) am the only one who can modify it, people in my group can read and execute it, and everyone else can only execute it:
| User Type | Owner | Group | Others |
|---|---|---|---|
| Permissions | r w x | r - x | - - x |
| Binary Position | 111 | 101 | 001 |
| Octal Value | 7 | 5 | 1 |
Modify permissions on myscript:
sudo chmod 751 myscriptSummary of Different Commonly Used Values
Note
644 - Read, write for owner / Read for others.
Default value for a file under GNU-Linux.
| User Type | Owner | Group | Others |
|---|---|---|---|
| Permissions | r w - | r - - | r - - |
| Binary Position | 110 | 100 | 100 |
| Octal Value | 6 | 4 | 4 |
Danger
666 - Read, write for everyone, not recommended
| User Type | Owner | Group | Others |
|---|---|---|---|
| Permissions | r w - | r w - | r w - |
| Binary Position | 110 | 110 | 110 |
| Octal Value | 6 | 6 | 6 |
Note
700 - Read, write, execute only for owner
Default value for a directory under GNU-Linux
| User Type | Owner | Group | Others |
|---|---|---|---|
| Permissions | r w x | - - - | - - - |
| Binary Position | 111 | 000 | 000 |
| Octal Value | 7 | 0 | 0 |
Note
705 - Owner has all permissions / Group none / Others read and execute
Recommended by some providers for the site directory if it’s inaccessible (message: “Forbidden…”)
| User Type | Owner | Group | Others |
|---|---|---|---|
| Permissions | r w x | - - - | r - x |
| Binary Position | 111 | 000 | 101 |
| Octal Value | 7 | 0 | 5 |
Note
755 - Owner has all permissions / Others read and execute
Useful for scripts for example and certain website files
| User Type | Owner | Group | Others |
|---|---|---|---|
| Permissions | r w x | r - x | r - x |
| Binary Position | 111 | 101 | 101 |
| Octal Value | 7 | 5 | 5 |
Note
764 - All permissions for owner / Read, write for group / Read only for others
Sometimes useful for website files belonging to www-data group
| User Type | Owner | Group | Others |
|---|---|---|---|
| Permissions | r w x | r w - | r - - |
| Binary Position | 111 | 110 | 100 |
| Octal Value | 7 | 6 | 4 |
Note
774 - All permissions for owner and group / Read only for others
Useful for certain files on a local development server
| User Type | Owner | Group | Others |
|---|---|---|---|
| Permissions | r w x | r w x | r - - |
| Binary Position | 111 | 111 | 100 |
| Octal Value | 7 | 7 | 4 |
Note
775 - All permissions for owner and group / Read and execute for others
Very practical for simplifying website management in development on a local server (in the media folder)
| User Type | Owner | Group | Others |
|---|---|---|---|
| Permissions | r w x | r w x | r - x |
| Binary Position | 111 | 111 | 101 |
| Octal Value | 7 | 7 | 5 |
Danger
777 - All permissions for everyone
Strongly discouraged! But may be necessary for CMS cache locally (for example) on a LAMP server
| User Type | Owner | Group | Others |
|---|---|---|---|
| Permissions | r w x | r w x | r w x |
| Binary Position | 111 | 111 | 111 |
| Octal Value | 7 | 7 | 7 |
To modify permissions of a directory and its subdirectories, use the recursive function -R
Modify the directory /var/www/html/mysite with permissions changed to 755:
sudo chmod -R 755 /var/www/html/mysiteDisplay Directory Permissions
The permissions of files in a directory can be displayed using the “ls -l” command
Display permissions of files in the /var/www/html/mysite directory:
ls -l /var/www/html/mysitePermission Format
The permission format is a list of 10 symbols.
The 1st symbol is either ”-” or “l” or “d”, indicating whether it’s:
- a file (-)
- a link (l)
- or a directory (d)
Then follow the three groups of three permission symbols (rwx-). For example:
-rw-r--r-- means it’s a file with permissions set to 644
drwx------ means it’s a directory with permissions set to 700
lrwxrwxrwx means it’s a link with permissions set to 777
The Advantage of CHown
To avoid chmod 666 (or worse, 777), CHown allows you to change the file owner.
If you want to reclaim ownership rights on an entire folder and you are the user “martin”:
sudo chown -R martin /path/to/folderRecover permissions on the entire folder:
sudo chmod -R 755 /path/to/folder