3.5. Permissions

File permissions are essential on any UNIX system. Many of the problems you run into, especially with a web site, are due to incorrect file permissions. Unfortunately, this topic is complex enough to merit a lengthy discussion, so I'm just providing the basics here. You should definitely read the chmod(1) man page for more details.

You can set permissions using the chmod command. In my opinion, it's best to learn to use chmod's octal numbering system to set permissions, as opposed to using the letters and symbols mentioned some places.

Permissions are set by summing up numbers to set the overall restrictions for a file. These numbers behave like this:

0No permission

For example, to grant read and write but not execute permission on a file, you would use permission 6 (2+4=6). If you wanted it to be executable and readable, but not writeable, you would use permission 5 (1+4=5).

There are also three[1] positions for these permissions. The first is for the owner of the file, the second for the group of the file, and the third is for all others, otherwise known as the world. For example, a file with mode 640 is readable and writeable by the owner, readable by the group, and everyone else has no permission to read it.

In most cases, for example on your website, you want to set permissions to 644, meaning that the owner of the file (you) can read and write to it, while all others can only read it. This will allow, for example, a web server to serve your pages while preventing anyone from modifying them, since the web server always runs as one of the “others”.


On tentacle.net, each user has a separate group, and most users aren't members of any other groups. In other words, group permissions are effectively the same as user permissions.[2]

If you are using CGIs on a web site (see Section 6.2, “Dynamic content”), you should set permissions to 755 for each CGI file, meaning you can read, write, and execute, and others may only read and execute the file.

Strangely, directories must be executable as well as readable (say, 755 permission, rather than 644) to be accessible.

chmod's syntax is:

chmod 644 filename

[1] There are actually 4 columns, but the first is used for special circumstances and shall not be discussed here. See chmod(1) for more information.

[2] It is possible, however, for the administrator to make a new group containing several users so that several people can, for example, share responsibility for a web site, allowing each other to edit files.