File permission settings may very well be the most important thing you ever learn in Linux server management. When file permissions on a dedicated server are correct, no one notices, and everything runs smoothly. When even one file permission is wrong, it can result in an error or, even worse, a security hole.
Linux relies on a tool called “chmod” to manipulate file permissions. The settings for Linux file permissions are few, and that makes it easy to remember. There are only three permissions: Read, Write, and Execute. Although there are other ways to configure more settings, these three are where you should begin.
In addition to the three permissions, there are three types of users: Owner, Group, and Other. Each of the users can have one, two, three, or none of the permissions. In other words, the owner of the file can be allowed to read and write the file but not execute it, while other users might be allowed only to read it.
When using chmod, there are two ways to change permissions: using the full numbers or using shortcuts. Each number represents a different set of permissions. For example:
- chmod 755 means the Owner can read, write, and execute, while the Group and Other can only read and execute.
- “ 744 gives the same permissions to the owner, but the group and other can only read.
- “ 644 means that the owner can read and write, the group and others can only read, and no one can execute.
- “ 600 would mean that the owner can read and write, and no one else has any permissions (resulting in a 403 Forbidden error on a web server).
Another way to simplify chmod is to use letters.
- Chmod a+r gives all users read permissions.
- “ a+x gives all users executable permissions.
- “ chmod u=rw,go= gives the owner read and write permissions while clearing all permissions for the other users.
There are numerous other combinations, but the important note to remember is that 777 gives read, write, and execute to everyone. Unless you are sure you want to give the world full access to a file, do not use it. Generally speaking, 644 is sufficient for public files on a website. For more information about chmod and a chmod calculator, see this site.