Understanding File Permissions on Linux Server
Linux is a clone of UNIX, the multi-user operating system which can be accessed by many users simultaneously. Linux can also be used in mainframes and servers without any modifications. But this raises security concerns as an unsolicited or malign user can corrupt, change or remove crucial data. For effective security, Linux divides authorization into 2 levels.
There are three user categories:
- User (the owner of the file)
- Group (the security group you are in), and
- Other (for the world to see).
Each category has three permissions that can be set: r, w, and x to read, write, and execute a file, respectively.
Permissions defied with three numbers:
- 4 for Read
- 1 for Execute
- 2 for Write
By adding these numbers together, you form the permissions that make up one digit. This table can be used as a quick reference:
|Read = 4||x||x||x|
|Write = 2||x|
|Execute = 1||x||x||x|
|Totals||4 + 2 + 1 = 7||4 + 1 = 5||4 + 4 = 5|
4 + 2 + 1 = 7, which grants read, write, and execute permissions;
4 + 1 = 5, which grants only read and execute permissions.
Thus, 755 grants
7 (read, write, execute) to the owner of the file
5 (read and execute) to the group the file
5 (read and execute) to the world.
Each digit corresponds to a set of permissions (read, write, or execute) and the position of the digit corresponds to the user category (left = owner, middle = group, right = other). The single-digit numbers are defined for all three user categories as the following:
|0||- - -||no access|
|1||- - x||execute only|
|2||- w -||write access only|
|3||- w x||write and execute|
|4||r - -||read only|
|5||r - x||read and execute|
|6||r w -||read and write|
|7||r w x||read, write and execute (full access)|
Some file permission examples:
777 - all can read/write/execute (full access).
755 - owner can read/write/execute, group/others can read/execute.
644 - owner can read/write, group/others can read only.
Some directory permission examples:
777 - all can read/write/search.
755 - owner can read/write/search, others and group can only search.
Common permissions settings:
777 - directories with proper permissions on files in directory, use this one very carefully
755 - web store folder, CGI scripts
751 - log folder
701 - webalizer and modlogan folders
666 - data files
644 - configuration files (files not updated by scripts, html, gif,etc...)