Perhaps an example may be of use.
I have a directory named /spares
-- the name is not relevant, it could be anything. The permission mask for this directory is
drwxrwxr-x 25 root users 4096 Feb 14 12:55 spares/
That's 775. Root owns it, any member of the users group write in that directory and any other user can read from that directory.
The entire directory looks like this:
ls -al /spares
drwxrwxr-x 25 root users 4096 Feb 14 12:55 ./
drwxr-xr-x 24 root root 4096 Jul 1 09:32 ../
drwxr-xr-x 2 root root 4096 Jun 23 2008 AdvLinProg/
drwxr-xr-x 2 trona users 4096 Nov 26 2005 Album/
drwxr-xr-x 5 trona users 4096 Jun 4 19:38 Collections/
drwxr-xr-x 2 trona users 4096 Oct 2 2006 Dighton/
drwxr-xr-x 2 trona users 4096 Nov 26 2005 ThomasRonan/
drwxr-xr-x 3 trona users 4096 Sep 26 2011 backup/
drwxr-xr-x 2 trona users 12288 Jun 25 2011 book/
drwxr-xr-x 2 root root 4096 Nov 26 2005 canhwy/
drwxr-xr-x 2 trona users 4096 Nov 26 2005 cottage/
drwxr-xr-x 2 root root 4096 Dec 2 2007 county/
drwxr-xr-x 80 root root 4096 May 3 2011 etc/
dr-xr-xr-x 2 root root 12288 Dec 3 2007 gnis/
drwxr-xr-x 2 root root 4096 Jan 15 2010 grid/
drwx------ 2 root root 16384 Mar 13 2011 lost+found/
drwxr-xr-x 2 root root 4096 Nov 26 2005 mexhwy/
drwxr-xr-x 3 trona users 20480 Jun 29 09:58 movies/
drwxr-xr-x 2 trona users 12288 Feb 8 10:00 patches-13.0/
drwxr-xr-x 13 trona users 4096 Apr 5 2011 photo/
drwxr-xr-x 2 root root 16384 Jun 24 2006 srtm30/
dr-xr-xr-x 2 root root 4096 Dec 19 2009 topo/
drwxr-xr-x 2 root root 4096 Dec 1 2007 usanhpn/
drwxr-xr-x 2 root root 4096 Jan 13 2010 wdb/
drwxr-xr-x 6 root root 4096 Sep 2 2011 www/
Almost all the directories have read-write for owner, read for group, read for public. The "special" directories are lost+found
directory is a mounted file system, mounted to a partition, and lost+found
is automatically created, at least by ext4
file systems) and gnis
, which contains geographic information, lots of it, and it doesn't need write for any user, including root just because I want it that way to protect the content from accidental overwrite (no big deal).
The owner, trona
just happens to be me, so I can write in those directories; the permission mask for those directories is a good default of 755.
Why is 755 a good default? It means read-write for owner, read for group, read for public; i.e., nobody can write in it but me but everybody else can read the content.
If I wanted to keep public from reading, I'd use a mask of 750.
If I wanted to keep the group and the public from reading, I'd use a mask of 700.
So, if you wanted to keep everybody but you out of grandma_recipes
, you'd do
chmod 700 grandma_recipes
If you wanted to let the group (say, users) read but not write, you'd do
chmod 750 grandma_recipes
And if you wanted to let anybody in the group or public read but not write
chmod 755 grandma_recipes
The numbers are a little easier to remember than the batches of characters, methinks; others will not agree, without doubt.
Now, that's directories. Files are a different story.
You make a file executable with
chmod 755 file_name
You own it, you can write, group can read, public can read with
chmod 644 file_name
You own it, you can write, group can write, public can read with
chmod 660 file_name
You own it, anybody can write
chmod 666 file_name
That's called Attila the Hun permissions, ravage and pillage.
And, last but not least, you own it and everybody can read only
chmod 444 file_name
In both cases -- directory and file -- the first digit is owner, the second is group and the third is public.
When you initially create a directory or file, the system-wide umask
value sets the permission mask; a pretty standard, widely-used value for umask
is display with
Read the manual page for more information about umask
(particularly how to determine the value 0022).
That sets newly-created directories 755 and file 644 and is a pretty good default for all files and directories you may create. After creating something you can restrict or add permissions as described above, but, generally, a value of 0022 is just about right in most cases.
Hope this helps some.