CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use
← Back to glossary

Linux File Permissions

linux CWE-732 OWASP A5:2021 CVSS 7.5 Beginner

Also Known As

chmod PHP file permissions web server 755 644 PHP linux permission bits

TL;DR

Read, write, and execute permissions assigned to owner, group, and others — the foundation of Linux access control for web application files.

Explanation

Each file has three permission sets: owner (u), group (g), others (o). Each set has read (r=4), write (w=2), execute (x=1). chmod 755 = owner rwx, group r-x, others r-x. Web server files: 644 for files (rw-r--r--), 755 for directories. PHP files should never be world-writable (666 or 777). Config files with secrets should be 600 (owner read/write only). The web server user (www-data) should be in the correct group — not given direct ownership of application files.

Common Misconception

chmod 777 fixes permission problems cleanly. It gives every user on the system full read/write/execute access — a critical security misconfiguration on any shared or multi-tenant server.

Why It Matters

World-writable PHP files (777) allow any process on the server to modify them — if any site on a shared host is compromised, attackers can inject code into your files. 777 permissions are a critical misconfiguration.

Common Mistakes

  • Setting 777 to 'fix' permission errors instead of diagnosing the actual user/group mismatch.
  • Making .env files world-readable — they contain secrets that any process on the server can read.
  • Owning application files as root — the web server cannot write to them and deployment scripts fail.

Avoid When

  • Never use 777 on any production file or directory — it is always a misconfiguration.
  • Do not own application files as root — the web server user cannot write them and deployments will fail.

When To Use

  • Set 644 for all PHP files and 755 for directories as the default — only loosen permissions when specifically required.
  • Set 600 on .env and config files containing secrets — readable only by the file owner.

Code Examples

✗ Vulnerable 
# chmod 777 — world-writable: any process on the server can modify files
chmod -R 777 /var/www/myapp  # critical misconfiguration
✓ Fixed 
# Correct permissions for a PHP web app
find /var/www/myapp -type f -exec chmod 644 {} \;
find /var/www/myapp -type d -exec chmod 755 {} \;
# Writable directories (uploads, cache, logs) — owner only
chmod 700 /var/www/myapp/storage
# Secrets — owner read only
chmod 600 /var/www/myapp/.env
Added 31 Mar 2026
Views 28

Curated in Warsaw under one editorial standard. 1,444 terms, single voice.  About this reference →

Rate this term
No ratings yet
🤖 AI Guestbook educational data only
| |
Last 30 days
0 pings W 0 pings T 2 pings F 0 pings S 0 pings S 1 ping M 0 pings T 0 pings W 0 pings T 1 ping F 0 pings S 1 ping S 0 pings M 0 pings T 0 pings W 0 pings T 1 ping F 0 pings S 0 pings S 0 pings M 0 pings T 0 pings W 1 ping T 1 ping F 0 pings S 0 pings S 2 pings M 0 pings T 0 pings W 0 pings T
Agents 0
No pings yet today
No pings yesterday
Perplexity 8 Amazonbot 6 Unknown AI 3 Google 2 Ahrefs 2 SEMrush 2 Majestic 1
Also referenced
Error Handling in PHP 29
How they use it
crawler 22 crawler_json 1 pre-tracking 1
Related categories
php 6.3k linux 475
DEV INTEL Tools & Severity
🟠 High ⚙ Fix effort: Low
⚡ Quick Fix
Set files to 644 and directories to 755 — never use 777 in production
📦 Applies To
web cli
🔍 Detection Hints
chmod 777 or world-writable files detected by find -perm /o+w
Auto-detectable: ✓ Yes semgrep
⚠ Related Problems
🤖 AI Agent
Confidence: High False Positives: Low ✓ Auto-fixable Fix: Low Context: Line
CWE-732
✓ schema.org compliant