File Permissions

From LAMP Host Knowledge Base
Jump to: navigation, search
File Permissions, symbolic notation.

LAMP Host's webservers obey unix-like file permissions. File permissions determine which users in the system can read, write, or execute a file. For detailed information and history on Unix Permissions, see Wikipedia's article at



Unix permissions can be displays in both textual symbols and numerical values. In its textual notation, a set of permissions is a ten-character string. In numerical notation, three octal digits represent for the file owner, group, and all other users.

Textual/Symbolic Notation

The first digit determines the type of file on the server. For general use purposes, this will be a d character a directory or a - (hyphen) character for a normal file.

The next three digits determine the permissions for the file's owner (i.e., your LAMP Host username). These values always remain in the same order and can consist of r (read), w (write), and x (execute). Note that directories will always contain the execute permission for permitted users.

The second set of three digits determines permissions for a file's group. Unless you have explicitly requested that your server be configured otherwise, usernames and group names will be identical.

The final set of three digits determines permissions for other system users than your username and users that are not in the file's group. This set of permissions should generally be restricted to read-only except when you explicitly wish to allow the webserver to write to your files or directories.

Numeric/Octal Notation

Particularly when working with file management tools such as FTP or command-line tools such as chmod, users may find it easier to use and memorize common octal notations for permissions.

The octal notation, commonly referred to as a file mode, generally consists of only three numeric characters. Each character represents the permissions for the user, group, and all users, respectively. Even numbers set read and write capabilities. Adding 1 to any odd numbered mode grants it executable permissions as well.

0: No Permissions
1: Execute-only (uncommon in practice)
2: Write-only (uncommon in practice)
3: Write-only + Execute (uncommon in practice)
4: Read-only
5: Read-only + Execute (standard for read-only directories)
6: Read + Write
7: Read + Write + Execute (standard for read+write directories)


Regular file; owner can read and write; others can only read
(These are the default file permissions for new files.)
Sym: -rw-r--r--
Oct: 644
Regular file; only owner can read or write; others users are denied
(Note: the Apache and Nginx webserver users will not have any access to these files. Files with these permissions will not be accessible over the web.)
Sym: -rw-------
Oct: 600
Regular file; full read-write permissions
(Note: if your web application needs to write to a file via PHP code, these are the proper permissions to set.)
Sym: -rw-rw-rw-
Oct: 666
Directory (folder), owner can read, write, and create new files; others can only read
(These are the default directory permissions for new directories.)
Sym: drwxr-xr-x
Oct: 755
Directory; only owner can read, write, or create new files
(Note: As above with regular file permissions, this breaks the webserver's ability to serve files from this directory.)
Sym: drwx------
Oct: 700
Directory; full read-write permissions
(Note: If your web application needs to create new files in a directory, these are the proper permissions to set.)
Sym: drwxrwxrwx
Oct: 777