Linux permissions confuse a lot of people at first, but the model is simple once it clicks. Every file has an owner, a group, and three permission sets.

The three permissions

  • r (read) = 4, w (write) = 2, x (execute) = 1.
  • Applied to three classes: owner, group, others.

So chmod 644 file means owner read+write (6), group read (4), others read (4). 755 adds execute for everyone — common for directories and scripts.

Common commands

chmod 644 index.html      # files: owner rw, others r
chmod 755 script.sh       # executable
chmod -R 755 /var/www     # recursive
chown deploy:deploy file  # change owner and group
chown -R www-data:www-data /var/www

Rules of thumb

  • Web files: 644; web directories: 755.
  • Never use 777 — it lets anyone write, a serious security risk.
  • Secrets and keys: 600 (owner only).

Master these and you'll fix most "permission denied" errors in seconds.