Linux Permissions Cheat Sheet
Understand chmod, chown, numeric modes, symbolic permissions and safe hosting defaults for files, folders and web applications.
Basics
| Part | Meaning |
|---|---|
r | Read. View file contents or list directory names. |
w | Write. Modify file contents or create/delete items in a directory. |
x | Execute. Run a file or enter/traverse a directory. |
u | User/owner. |
g | Group. |
o | Others/everyone else. |
ls -l file.txt
-rw-r--r-- 1 user user 1234 May 3 file.txtNumeric modes
| Mode | Common use |
|---|---|
644 | Typical web file: owner can write, everyone can read. |
755 | Typical directory: owner can write, everyone can traverse/read. |
600 | Private file: owner read/write only. |
700 | Private directory or script. |
664 | Group-writable file. |
775 | Group-writable directory. |
4 = read, 2 = write, 1 = execute. Add them together for each user/group/other column.Symbolic chmod
Add execute for owner
chmod u+x script.shRemove write for others
chmod o-w file.txtGive group write
chmod g+w uploadsSet exact permissions
chmod u=rw,g=r,o=r file.txtOwnership
| Task | Command |
|---|---|
| Change owner | chown user file.txt |
| Change owner and group | chown user:user file.txt |
| Recursive ownership | chown -R user:user /home/user/public_html |
| Change group only | chgrp groupname file.txt |
Find and fix
Fix common web files
find public_html -type f -exec chmod 644 {} \;Fix common web directories
find public_html -type d -exec chmod 755 {} \;Find world-writable files
find public_html -type f -perm -002 -lsFind root-owned files in account
find /home/user/public_html -user root -lsHosting defaults
| Item | Usual permission | Notes |
|---|---|---|
| Directories | 755 | Web server can traverse and read. |
| Files | 644 | Good default for PHP, HTML, CSS and images. |
| wp-config.php | 600 or 640 | Depends on hosting setup. |
| Scripts | 700 or 755 | Only executable if they need to run directly. |
Safety
- Avoid
777unless there is a very specific and temporary reason. - Do not recursively chmod everything to one mode unless you understand the impact.
- Use
findto target files and directories separately. - Check ownership after migrations, restores and manual uploads.
Common permission recipes
| Use case | Command | Notes |
|---|---|---|
| Website files | find public_html -type f -exec chmod 644 {} \; | Common readable file default. |
| Website directories | find public_html -type d -exec chmod 755 {} \; | Directories need execute to be entered. |
| Private config | chmod 600 wp-config.php | Restricts access to owner only. |
| Change owner and group | chown user:group file.txt | Useful after migrations. |
Avoid
chmod 777 unless it is temporary, understood and absolutely required.Frequently Asked Questions
What does chmod 755 mean?
Owner can read, write and execute. Group and others can read and execute.
What does chmod 644 mean?
Owner can read and write. Group and others can read only.
Why do directories need execute permission?
Execute permission allows a user to enter or traverse the directory.
Is chmod 777 safe?
Generally no, because it allows everyone to write.