What is the normal chmod?

Question

Here's a summary that I have gathered

• chmod all files to 644
• chmod all .htaccess files to 644
• chmod all robots.txt files to 644
• chmod all directories to 711
• chmod all directories with directory listing (.htaccess Options +Indexes) to 755
• chmod all directories that users can upload files to, to 755 (ex: /uploads/).

Explanations:

• 644 means:
  • 6: the owner of the file/directory can read and write, but not execute. Since files are not executable, you don't need to have "x" rights here (6 means r+w. 7 means r+w+x).
  • 44: The group that the file/directory belongs to (see the group by using ls -l) and everyone else (the public) are able to read the file, but not execute or write to it (permission number 4).
• 711 means:
  • 7: the owner of the file/directory can read, write, and execute. This is needed for directories! Without "execute" when you try to list the directory you'll get permission denied.
  • 11: The group that the file/directory belongs to and the public have execute rights only. This is suitable for directories where you don't want other people browsing through the contents but do want to give them access to selected files further down the directory.
• 755 means:
  • 7: the owner of the file/directory can read, write, and execute.
  • 55: The group that the file/directory belongs to and the public have read and execute permissions but not write. This allows users to be able to view what files are in a directory, and be able to read those files, but not alter them.

There's also an interactive online calculator you can use to figure out what permissions to use: https://chmod-calculator.com/

They should be as restrictive as possible, but no more.

Usually 0644 is a good choice, which gives the owner read and write rights, but everybody else only read. 0755 for directories. But, it can depend on your specific system settings.

If you want to reset everything, do this command and sort out the consequences. Usually 644 is a good permission for files and 711 is for directories. If you allow directory listings, then use 755.

$ find /var/www/html \( -type f -execdir chmod 644 {} \; \) \
                  -o \( -type d -execdir chmod 711 {} \; \)

If you want something less invasive, then just remove the write bits for group and "other".

$ chmod -R go-w /var/www/html

I think 644 is standard for files and 755 for directories.

If your webserver serves only webpages, without allowing access through (e.g.) anonymous FTP, then incorrect file permissions do not allow users to remove files.

If other people have access to your server through other means (e.g. SSH), then make sure that the write-bit is not set for users other than yourself. Execute:

find . -exec chmod go-w {} \;

This command will restrict the permissions of all files and directories in which it is executed.