Linux permissions confuse a lot of people at first, but the model is simple once it clicks. Every file has an owner, a group, and three permission sets.
The three permissions
- r (read) = 4, w (write) = 2, x (execute) = 1.
- Applied to three classes: owner, group, others.
So chmod 644 file means owner read+write (6), group read (4), others read (4). 755 adds execute for everyone — common for directories and scripts.
Common commands
chmod 644 index.html # files: owner rw, others r
chmod 755 script.sh # executable
chmod -R 755 /var/www # recursive
chown deploy:deploy file # change owner and group
chown -R www-data:www-data /var/www
Rules of thumb
- Web files:
644; web directories:755. - Never use
777— it lets anyone write, a serious security risk. - Secrets and keys:
600(owner only).
Master these and you'll fix most "permission denied" errors in seconds.