Linux Chmod: A Guide to File Permissions

File permissions are a foundational concept in Linux and Unix-like operating systems. Every file and directory has an owner, a group, and a set of permissions that control who can read, write, or execute it. The chmod command is the primary tool for modifying these permissions, and understanding its syntax is essential for system administrators, developers, and anyone who works with servers.

There are two main ways to express permissions in Linux. Octal notation uses three digits from 0 to 7, where each digit represents the combined permissions for Owner, Group, and Public. The values are Read=4, Write=2, and Execute=1, and they are summed to produce a single number. For example, 755 means the owner gets rwx (4+2+1=7), while group and public get r-x (4+0+1=5). Symbolic notation, on the other hand, uses a 9-character string like rwxr-xr-x where each position directly shows whether a permission is granted or denied.

Some chmod values appear so frequently that they have become standard practices. 755 (rwxr-xr-x) is the go-to for executable scripts and public directories. 644 (rw-r--r--) is standard for configuration and data files that should not be executed. 700 (rwx------) locks access to the owner only, ideal for private SSH keys. 600 (rw-------) is used for sensitive files like .env or credentials. Understanding these patterns helps you follow the principle of least privilege, granting only the minimum access necessary.

Never use 777 (rwxrwxrwx) on a production server. It grants full read, write, and execute access to every user on the system, creating a massive security vulnerability. Always prefer restrictive defaults and widen permissions only when required. Use 600 for private keys, 644 for web content, and 755 for scripts. Audit your file permissions regularly with commands like find / -perm -002 to detect world-writable files.