Understanding file permissions is key to running a web server. Permissions control which users can read a file, make changes to a file, or execute a file/script/etc.
File permissions on a Linux server are always listed in a series of three, meaning when you are viewing permissions for a file you are actually looking at the permissions for three different roles: The user who owns the file, the group that is also assigned to the file, and everyone else (a.k.a “world” permissions).
Each of these sets has three different permission types that can be on or off: Read (r), Write(w), and Execute (x).
Illustrated visually:
The directory bit indicates that the item is a folder/directory and not a normal file. This can appear as a few different items, but d (directory) and – (dash) (regular file) are most commonly seen on the server.
Symbolic Permission Notation
--- no permission
--x execute
-w- write
-wx write and execute
r-- read
r-x read and execute
rw- read and write
rwx read, write and execute
Numeric Permission Notation
The numeric notation system uses the digits 1 through 7, with each corresponding to a different symbolic permission set:
0 --- no permission
1 --x execute
2 -w- write
3 -wx write and execute
4 r-- read
5 r-x read and execute
6 rw- read and write
7 rwx read, write and execute
What Each Type Controls
Read
Display the contents of a file. You may be able to open it in text editors like Vim, but you will not be able to save any changes to the file unless you also have write permissions.
Write
Make changes to a file or folder/directory.
Execute
Execute (a.k.a. Run) a file. Examples include compiled binaries and shell scripts.
Working With Existing Permissions
Say you want to figure out what the existing permissions are on your public_html folder. Your web designer friend asks you “Is your public_html folder using 644 permissions or 755?”
You ssh into your Linux server and take a look:
root@host [/home/user]# ls -lah
drwx--x--x 17 user user 4.0K Oct 27 17:04 ./
drwx--x--x 25 root root 4.0K Oct 22 09:59 ../
drwxrwx--- 7 user user 4.0K Oct 13 09:28 mail/
drwxr-x--- 3 user user 4.0K May 16 2008 public_ftp/
drwxr-xr-x 12 user nobody 4.0K Oct 28 14:03 public_html/
drwxr-xr-x 7 user user 4.0K Oct 13 09:28 tmp/
In order to figure out the existing permissions of public_html we are only concerned with this line:
drwxr-xr-x 12 user nobody 4.0K Oct 28 14:03 public_html/
Most public_html folders use permissions that range from 644 to 755.
Using the numeric notation above, 644 translates into the symbolic notation as:
6 - rw-
4 - r--
4 - r--
Now you simply combine the three symbolic parts and you end up with:
rw-r--r--
Same process for 755 permissions:
7 - rwx
5 - r-x
5 - r-x
So 755 = rwxr-xr-x
Now we know that the existing permissions on the public_html folder in the example above are 755.
Changing Permissions and Ownership
Users can only change permissions and ownership of files that are owned by them. The root user can modify any permissions, regardless of existing permissions. As always, please remember that the root user can cause a lot of damage if you are not extremely careful.
To change permissions, use the chmod command.
Examples:
chmod 644 file.php
Changes the permissions on file.php to 644.
chmod -R 644 folderb/
Changes the permissions on the directory called folderb, and everything inside it, to 644.
To change which user or group owns a file, use the chown command.
Examples:
chown natasha:natasha file.php
Changes the ownership of file.php to the user and group bob.
chown -R natasha:natasha folderb/
Changes the ownership of the directory called folderb, and everything inside it, to the user and group bob.
When using chown the new ownership is specified using a user:group syntax. Many Linux servers create both a corresponding group name that matches the username in order to keep various server accounts from being able to access other website’s files on the same server. If you have a Linux server running cPanel this is what you will see.