You've just uploaded a new set of images to your website, but when you load the page, all you see are broken image icons. Or maybe you've edited a CSS file, but the changes aren't showing up. It’s a classic, frustrating web server problem, and the root cause is often one of the most misunderstood concepts in Linux: file permissions.
As a sysadmin who has managed web servers for over 15 years, I can tell you that incorrect permissions are a leading cause of both broken sites and security holes. You might see advice to "just `chmod 777` it," but that's like leaving your house keys in the front door. The real professional standard for web files is `644`. This guide will break down exactly what that means and why this specific number is the secure, correct choice for the vast majority of your website's files.
Decoding the Numbers: What "644" Actually Means
The `chmod` command uses a three-digit code to set permissions for three types of users: the file's **Owner**, the **Group**, and **Other** (everyone else). Each number is a sum of values for the permissions you want to grant:
- Read (r) = 4
- Write (w) = 2
- Execute (x) = 1
Let's do the math for `644`:
- The **first digit (6)** is for the **Owner**. A `6` is `4 (read) + 2 (write)`, which means you, the owner, can view and edit the file (rw-).
- The **second digit (4)** is for the **Group**. A `4` means `4 (read)`, so users in the file's group can only read it (r--).
- The **third digit (4)** is for **Other**. A `4` also means `4 (read)`, so everyone else—including your web server's user—can only read it (r--).
In short, `chmod 644` allows you to edit your files, while everyone else can only view them. This simple rule is the foundation of web file security.
Why 644 is the Gold Standard for Web Files
This permission set is based on the "principle of least privilege," a core security concept. It gives every user the absolute minimum access they need to do their job.
Consider an image file, `logo.png`. Your web server only needs to **read** the file to show it to a visitor. It has no reason to **write** to it (which could allow it to be defaced) or **execute** it (which is meaningless for an image). By setting the permission to `644`, you allow the server to do its job and nothing more, closing a huge potential security hole.
644 for Files vs. 755 for Directories: A Critical Distinction
This is where beginners often get tripped up. The rule is simple: files get `644`, but directories almost always get `755`.
Why the difference? For a directory, the "execute" permission (`1`) doesn't mean "run the directory." It means "traverse" or "enter" it. Without the execute permission on a folder, your web server can't even get inside to read the files. For a deeper dive, our article on `chmod 755` provides a comprehensive explanation.
| Type | Standard Permission | Reason |
|---|---|---|
| Files (HTML, CSS, JPG, PNG) | `644` (rw-r--r--) | Web server only needs to read them. |
| Directories (folders) | `755` (rwxr-xr-x) | Web server needs to read *and* enter (execute) them. |
If you're ever unsure about the numbers, a handy chmod calculator can help you translate octal codes into permissions.
How to Apply `chmod 644` on Your Server
Applying these permissions is straightforward. To change a single file's permissions to `644`:
chmod 644 your-file.htmlA common task is to fix permissions for an entire website directory. **Warning:** running `chmod -R 644 .` is a mistake, as it will break your site by removing the execute permission from directories. The correct, safe way to do this is with the `find` command:
First, set all directories to `755`:
find . -type d -exec chmod 755 {} \;Then, set all files to `644`:
find . -type f -exec chmod 644 {} \;These two commands are a sysadmin's best friend for ensuring correct permissions across an entire project.
Final Thoughts: The Simple, Secure Choice
Understanding `chmod 644` is a fundamental skill for anyone who works with a web server. It's not arbitrary; it's a deliberate, secure choice based on the principle of least privilege. By pairing `644` for your files with `755` for your directories, you establish a secure and functional baseline for any website, preventing a huge range of common errors and security vulnerabilities.