Perhaps an example may be of use.
I have a directory named
/spares -- the name is not relevant, it could be anything. The permission mask for this directory is
Code:
drwxrwxr-x 25 root users 4096 Feb 14 12:55 spares/
That's 775. Root owns it, any member of the users group write in that directory and any other user can read from that directory.
The entire directory looks like this:
Code:
ls -al /spares
total 164
drwxrwxr-x 25 root users 4096 Feb 14 12:55 ./
drwxr-xr-x 24 root root 4096 Jul 1 09:32 ../
drwxr-xr-x 2 root root 4096 Jun 23 2008 AdvLinProg/
drwxr-xr-x 2 trona users 4096 Nov 26 2005 Album/
drwxr-xr-x 5 trona users 4096 Jun 4 19:38 Collections/
drwxr-xr-x 2 trona users 4096 Oct 2 2006 Dighton/
drwxr-xr-x 2 trona users 4096 Nov 26 2005 ThomasRonan/
drwxr-xr-x 3 trona users 4096 Sep 26 2011 backup/
drwxr-xr-x 2 trona users 12288 Jun 25 2011 book/
drwxr-xr-x 2 root root 4096 Nov 26 2005 canhwy/
drwxr-xr-x 2 trona users 4096 Nov 26 2005 cottage/
drwxr-xr-x 2 root root 4096 Dec 2 2007 county/
drwxr-xr-x 80 root root 4096 May 3 2011 etc/
dr-xr-xr-x 2 root root 12288 Dec 3 2007 gnis/
drwxr-xr-x 2 root root 4096 Jan 15 2010 grid/
drwx------ 2 root root 16384 Mar 13 2011 lost+found/
drwxr-xr-x 2 root root 4096 Nov 26 2005 mexhwy/
drwxr-xr-x 3 trona users 20480 Jun 29 09:58 movies/
drwxr-xr-x 2 trona users 12288 Feb 8 10:00 patches-13.0/
drwxr-xr-x 13 trona users 4096 Apr 5 2011 photo/
drwxr-xr-x 2 root root 16384 Jun 24 2006 srtm30/
dr-xr-xr-x 2 root root 4096 Dec 19 2009 topo/
drwxr-xr-x 2 root root 4096 Dec 1 2007 usanhpn/
drwxr-xr-x 2 root root 4096 Jan 13 2010 wdb/
drwxr-xr-x 6 root root 4096 Sep 2 2011 www/
Almost all the directories have read-write for owner, read for group, read for public. The "special" directories are
lost+found (the
/spares directory is a mounted file system, mounted to a partition, and
lost+found is automatically created, at least by
ext4 file systems) and
gnis, which contains geographic information, lots of it, and it doesn't need write for any user, including root just because I want it that way to protect the content from accidental overwrite (no big deal).
The owner,
trona just happens to be me, so I can write in those directories; the permission mask for those directories is a good default of 755.
Why is 755 a good default? It means read-write for owner, read for group, read for public; i.e., nobody can write in it but me but everybody else can read the content.
If I wanted to keep public from reading, I'd use a mask of 750.
If I wanted to keep the group and the public from reading, I'd use a mask of 700.
So, if you wanted to keep everybody but you out of
grandma_recipes, you'd do
Code:
chmod 700 grandma_recipes
If you wanted to let the group (say, users) read but not write, you'd do
Code:
chmod 750 grandma_recipes
And if you wanted to let anybody in the group or public read but not write
Code:
chmod 755 grandma_recipes
The numbers are a little easier to remember than the batches of characters, methinks; others will not agree, without doubt.
Now, that's directories. Files are a different story.
You make a file executable with
Code:
chmod 755 file_name
You own it, you can write, group can read, public can read with
Code:
chmod 644 file_name
You own it, you can write, group can write, public can read with
Code:
chmod 660 file_name
You own it, anybody can write
Code:
chmod 666 file_name
That's called Attila the Hun permissions, ravage and pillage.
And, last but not least, you own it and everybody can read only
Code:
chmod 444 file_name
In both cases -- directory and file -- the first digit is owner, the second is group and the third is public.
When you initially create a directory or file, the system-wide
umask value sets the permission mask; a pretty standard, widely-used value for
umask is display with
Read the manual page for more information about
umask (particularly how to determine the value 0022).
That sets newly-created directories 755 and file 644 and is a pretty good default for all files and directories you may create. After creating something you can restrict or add permissions as described above, but, generally, a value of 0022 is just about right in most cases.
Hope this helps some.