CHMOD: Permissions in Linux and Unix-Like Systems

(Originally posted on my Portuguese blog at rberaldo.com.br)

Unix-like operating systems, such as Linux, allow restricting access to files through the permission system. Since everything in Linux is treated as a file, permissions are applicable to files, directories, input/output devices, and more.

It’s not just Linux users who need to understand the permission system. Developers who write software to run on Linux platforms should also be familiar with permissions. It’s quite common to hear PHP programmers say, “just give it chmod 777, and the permission issues will be resolved.” However, this is not a solution; it’s merely the beginning of a potential and serious future problem.

Owner, Group, and Others

Permissions are divided into three levels: permissions for the file’s owner, permissions for the group to which the file’s owner belongs, and permissions for other users.

Hence, you’ll usually see three numbers like 755, 644, or three sets of letters like rwxr-xr-x or rw-r--r--. Each set corresponds to a level of permission.

The first set represents the permissions for the file’s owner. The second represents permissions for the group to which the file’s owner belongs. The third represents permissions for other users.

Division of Permission Bits

Each set mentioned above consists of three bits. With three bits, you can form eight combinations:

000 = 0 
001 = 1 
010 = 2 
011 = 3 
100 = 4 
101 = 5 
110 = 6 
111 = 7

The first bit corresponds to the read permission. The second corresponds to the write permission. The third corresponds to the execution permission. Thus, we can rewrite the combinations above as follows:

000 = --- = 0 = no permission 
001 = --x = 1 = execute-only permission 
010 = -w- = 2 = write-only permission 
011 = -wx = 3 = write and execute permissions 
100 = r-- = 4 = read-only permission 
101 = r-x = 5 = read and execute permissions 
110 = rw- = 6 = read and write permissions 
111 = rwx = 7 = all permissions (full access)

Read, Write, and Execute

Let’s clarify what it means to have read, write, and execute permissions for files and directories.

Files

Write permission on files means you can modify the file’s content. Read permission on files means you can access (read) the file’s content. Execute permission on files means you can run the file in the command terminal (shell).

Directories

Write permission on directories means you can create files within the directory. Furthermore, write permission allows you to remove existing files and modify their permissions in that directory. Read permission on directories means you can access (read) the directory’s content, essentially listing the directory’s contents. Execute permission on directories means you can enter the directory, either through the cd command or by accessing it via a URL in a browser.

The Dangers of Permission 777

Permission 777 grants full access. If a directory has permission 777, any user can tamper with that directory, insert or remove files, and change their permissions. Any user can insert a malicious executable script or program, grant execution permission, and run it whenever they want. Imagine this happening on a hosting server! It’s a significant risk. That’s why I always emphasize: never use permission 777.

It’s very common to see PHP “programmers” posting questions on forums, saying they’re receiving permission error messages. Someone responds, “just give it chmod 777.” Never do that!

The correct approach is to check the file’s owner and set appropriate permissions. Typically, you use 755 for directories and 644 for non-executable files, such as in the case of PHP running on web servers.