Linux File Permissions: A Practical Guide to chmod, chown, and Secure Defaults

Correct permissions are the backbone of Linux security. Misconfigured bits can expose secrets, break deployments, or allow privilege escalation. This guide demystifies permission modes, shows how to set secure defaults, and offers checklists you can apply to servers, containers, and developer laptops. 1. Why permissions matter Permissions protect confidentiality (who can read), integrity (who can modify), and availability (who can execute). A leaked .env , a world-writable script, or an executable log file can all turn into incidents. 2. The permission model Users: owner, group, others Actions: read (r), write (w), execute (x) Numeric modes: r=4, w=2, x=1; summed per class (e.g., 754 → owner rwx, group r-x, others r--) Symbolic modes: u/g/o/a with + / - / = (e.g., chmod g-w ) 3. Understanding common modes 755 : Directories and executable scripts; owner can write, everyone can execute/read. 750 : Private executables for team members in the group. 644 : Text files; owner writes, others r