In Linux, every file and directory has a permission structure that defines who can do what. Understanding this structure is critical for letting the web server access files, preventing security holes and fixing "permission denied" errors. This guide explains Linux file permissions together with the chmod and chown commands.
Related reading: Essential Linux server commands · Connecting to a server with SSH
How the Linux Permission Structure Works
Each file's permissions are defined separately for three classes: owner, group and others. For each class there are three permission types: read (r), write (w) and execute (x).
The ls -l command shows permissions as -rwxr-xr-x. The first character is the file type (- file, d directory). The following groups of three indicate the permissions of owner, group and others respectively.
Numeric (Octal) Permission Notation
Permissions are often expressed with numbers. Each permission type has a value: read 4, write 2, execute 1. A class's permission is the sum of these values.
| Number | Permissions | Meaning |
|---|---|---|
| 7 | rwx | Read + write + execute |
| 6 | rw- | Read + write |
| 5 | r-x | Read + execute |
| 4 | r-- | Read only |
| 0 | --- | No permission |
For example, permission 755: full rights for owner (7), read+execute for group and others (5). And 644: read+write for owner (6), read only for others (4).
Changing Permissions with chmod
The chmod command changes permissions. Both numeric and symbolic usage are possible:
# Numeric: 755 for directories, 644 for files is a standard choice
chmod 755 script.sh
chmod 644 index.html
# Symbolic: add execute permission for the owner
chmod u+x script.sh
# Apply to an entire directory tree (-R)
chmod -R 644 /var/www/siteChanging Ownership with chown
chown changes a file's owner and group. On web servers, files belonging to the correct user is essential for the site to work:
# Change owner and group at once
chown www-data:www-data /var/www/site
# Apply to an entire directory tree
chown -R www-data:www-data /var/www/siteCorrect Permissions for a Web Server
On a website, permissions need to be both secure and functional. The widely accepted approach is: directories 755, files 644, and files owned by the web server user (www-data or similar).
chmod 777. 777 lets everyone on the system write to the file and is a serious security hole. Instead of fixing a "permission denied" error with 777, set the correct ownership with chown.Frequently Asked Questions
What is the difference between 755 and 644?
755 is generally for directories and executable scripts (which need execute permission). 644 is for normal files — readable but not executable. This distinction is both secure and functional.
How do I fix a "permission denied" error?
First check the file's owner and permission with ls -l. Most of the time the problem is wrong ownership; assign it to the correct user with chown. If a permission is genuinely missing, grant the minimum needed with chmod.
What does the execute (x) permission mean for directories?
On directories, the x permission means being able to "enter" the directory (access its contents). That is why directories usually get 755 — they need to be enterable.
With KEYDAL hosting solutions, file permissions and security are set up correctly from the start. KEYDAL hosting solutions