新しい
広告が嫌いですか? 行く 広告なし 今日
Unix file permissions trip up almost everyone at some point. The cryptic rwxr-xr-x で ls -la output, the three-digit octal numbers, the difference between chmod, chownと、 chgrp — it’s a lot to hold in your head. This is a reference you can bookmark instead.
If you need to compute a value right now, use the chmod Calculator — pick your permissions visually and it generates the correct octal or symbolic notation.
The Permission Model
Every file and directory has three permission sets:
- Owner (u) — the user who owns the file
- Group (g) — members of the file’s assigned group
- Others (o) — everyone else
Each set gets three bits: read (r = 4), write (w = 2), execute (x = 1). Add them together to get the octal digit for that set. So rwx = 4+2+1 = 7, r-x = 4+0+1 = 5, r-- = 4+0+0 = 4.
A three-digit octal like 755 means: owner gets 7 (rwx), group gets 5 (r-x), others get 5 (r-x).
Reading ls -la Output
-rwxr-xr-x 1 thien www-data 4096 Apr 10 10:00 deploy.sh
drwxr-x--- 2 thien www-data 4096 Apr 10 09:00 private/The first character is the file type: - for a regular file, d for a directory, l for a symlink. The next nine characters are the three permission sets in order — owner, group, others — three characters each.
Common chmod Values
| 価値 | 所有者 | グループ | その他 | Typical Use |
|---|---|---|---|---|
| 644 | rw- | r– | r– | Web files (HTML, CSS, PHP) |
| 755 | rwx | r-x | r-x | Directories, shell scripts |
| 600 | rw- | — | — | SSH keys, private config files |
| 640 | rw- | r– | — | Config files (group-readable) |
| 664 | rw- | rw- | r– | Shared project files |
| 700 | rwx | — | — | Private scripts |
| 777 | rwx | rwx | rwx | Don’t use — gives everyone full control |
Why 777 is wrong
chmod 777 is a common fix-it-later shortcut that tends to stay forever. It gives every user on the system — and in web contexts, any PHP process — write access to your files. On a shared server this is a security hole. On a VPS it’s sloppy. Fix the actual ownership problem with chown その代わり。
chmod vs chown vs chgrp
| コマンド | What it changes |
|---|---|
chmod | Read/write/execute permissions on the file |
chown | Which user (and optionally group) owns the file |
chgrp | Which group owns the file |
chmod 644 index.php # Set permissions
chown www-data:www-data . # Change owner and group
chgrp developers config.yml # Change group onlySticky Bit, setUID, setGID
These are represented by a fourth octal digit (as a prefix) or by letter substitutions in the symbolic notation.
- Sticky bit (1 / t) — on directories, only the file owner can delete their own files. Used on
/tmp. - setUID (4 / s on owner x) — the file runs as its owner, not the executing user. Used by
sudoとpasswd. - setGID (2 / s on group x) — on files: runs with the file’s group. On directories: new files inherit the directory’s group, which is useful for shared project directories.
chmod +t /shared/dir # Add sticky bit
chmod 1755 /shared/dir # Sticky bit + standard 755
chmod g+s /var/www/project/ # setGID on a directoryIn ls -l output, setGID on a directory looks like drwxrwsr-x; sticky bit looks like drwxrwxrwt.
Recursive Permissions: Be Careful with -R
chmod -R applies permissions to a directory and everything inside it. The common mistake: using 755 recursively sets execute on all files too, even when they don’t need it. A safer approach separates directories from files:
# Apply 755 to directories, 644 to files
find /var/www/html -type d -exec chmod 755 {} \;
find /var/www/html -type f -exec chmod 644 {} \;Fixing Common Permission Problems
# Web server can't read your files (403 Forbidden)
chown -R www-data:www-data /var/www/html
find /var/www/html -type d -exec chmod 755 {} \;
find /var/www/html -type f -exec chmod 644 {} \;
# SSH key refused (WARNING: UNPROTECTED PRIVATE KEY FILE)
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
chmod 700 ~/.ssh
# Script won't execute (Permission denied)
chmod +x deploy.sh
# PHP can't write to uploads directory
chown www-data:www-data wp-content/uploads
chmod 755 wp-content/uploadsSkip the Mental Math
Translating rwxr-x--- に 750 in your head is doable, but tedious. The chmod Calculator at IO Tools lets you toggle permissions visually and instantly shows both the octal value and the symbolic notation — useful when you need to be certain before running chmod -R on a production directory.
