What Does chmod 777 Mean
Updated on
•5 min read
You are trying to fix a permission issue with your web server and found information on the Internet saying that you need to recursively run chmod 777 on the web directory. Before doing that, ensure you understand what chmod -R 777 does and why you should never set permissions to 777.
This article explains the Linux permissions model and the meaning of permission numbers.
Understanding Linux File Permissions
In Linux, access to the files is controlled by the operating system using file permissions, attributes, and ownership. Understanding the Linux file system permissions model allows you to restrict access to files and directories only to authorized users and processes and makes your system more secure.
Each file is owned by a particular user and a group and assigned with permission access rights for three different classes of users:
- The file owner.
- The group members.
- Others (everybody else).
Three file permission types apply to each user class and allow you to specify which users are allowed to read, write to, or execute the file. The same permission attributes apply for both files and directories with a different meaning:
- The read permission.
- The file is readable. For instance, when the read permission is set, the user can open the file in a text editor or display the file content in the terminal.
- The content of the directory can be viewed. The user can list files inside the directory with the
lscommand.
- The write permission.
- The file can be changed or modified.
- The content of the directory can be altered. The user can create new files , delete existing files , move files , rename files ..etc.
- The execute permission.
- The file can be executed. The user can run the (script) file from the command line
- The directory can be entered using the
cdcommand.
File permissions can be viewed using the ls
command. Here is an example:
ls -l filename.txt-rw-r--r-- 12 linuxize users 12.0K Apr 8 20:51 filename.txt
|[-][-][-]- [------] [---]
| | | | | | |
| | | | | | +-----------> 7. Group
| | | | | +-------------------> 6. Owner
| | | | +--------------------------> 5. Alternate Access Method
| | | +----------------------------> 4. Others Permissions
| | +-------------------------------> 3. Group Permissions
| +----------------------------------> 2. Owner Permissions
+------------------------------------> 1. File Type
The first character indicates the file type. It can be a regular file (-), directory (d), a symbolic link
(l), or any other special type of file.
The following nine characters represent the file permissions, divided into three triplets of three characters each. The first triplet shows the owner permissions, the second group permissions, and the last one shows the permissions for everyone else.
Permission number
File permissions can be represented in either numeric or symbolic format. In this article, we will focus on the numeric format.
The permission number may consist of three or four digits, ranging from 0 to 7.
When using a 3-digit number to represent file permissions, the first digit corresponds to the owner’s permissions, the second digit to the group’s permissions, and the third digit to everyone else’s permissions.
The write, read, and execute permissions have the following number value:
r(read) = 4w(write) = 2x(execute) = 1- no permissions = 0
The permissions digit of a specific user class is the sum of the values of the permissions for that class.
Each digit of the permissions number may be a sum of 4, 2, 1, and 0:
- 0 (0+0+0) – No permission.
- 1 (0+0+1) – Only execute permission.
- 2 (0+2+0) – Only write permission.
- 3 (0+2+1) – Write and execute permissions.
- 4 (4+0+0) – Only read permission.
- 5 (4+0+1) – Read and execute permission.
- 6 (4+2+0) – Read and write permissions.
- 7 (4+2+1) – Read, write, and execute permission.
For instance, if the permission number is set to 750, it means the file’s owner has read, write, and execute permissions. The file’s group has read and execute permissions, while other users have no permissions:
- Owner: rwx=4+2+1=7
- Group: r-x=4+0+1=5
- Others: r-x=0+0+0=0
When a 4-digit number is used, the first digit has the following meaning:
- setuid = 4
- setgid = 2
- sticky = 1
- no changes = 0
The next three digits have the same meaning as when using 3 digits number. If the first digit is 0 it can be omitted, and the mode can be represented with 3 digits. For example, the numeric mode 0755 is the same as 755.
To view the file’s permissions in the numeric (octal) notation, you can use the stat
command:
stat -c "%a" filename
644
Never Use chmod 777
Setting 777 permissions (chmod 777) to a file or directory means that it will be readable, writable and executable by all users and may pose a huge security risk.
For instance, if you recursively change the permissions of all files and subdirectories under the /var/www directory to 777, any user on the system will be able to create, delete, or modify files in that directory.
If you experience permission issues with your web server, instead of recursively setting the permission to 777, change the file’s ownership to the user running the application and set the file’s permissions to 644 and the directory’s permissions to 755.
File ownership can be changed using the chown
command and permissions with the chmod
command.
Let’s say you have a PHP application on your server running as user “linuxize”. To set the correct permissions, you would run the following:
chown -R linuxize: /var/wwwfind /var/www -type d -exec chmod 755 {} \;find /var/www -type f -exec chmod 644 {} \;
Only the root, the file owner, or the user with sudo privileges can change the permissions of a file. Be extra careful when using chmod, especially when recursively changing the permissions.
Conclusion
If you are managing a Linux system, it is crucial to know how the Linux permissions work.
You should never set 777 (rwxrwxrwx) permissions files and directories permissions. 777 means that anyone can do anything with those files.
Feel free to leave a comment if you have any questions.
