Chmod 400 Explained
Chmod 400 makes a file read-only for the owner with no access for anyone else. Maximum protection for sensitive files you don't need to edit.
Permission
400
r--------
chmod 400 filename
Permission Breakdown
| Role | Read (4) | Write (2) | Execute (1) | Octal | Meaning |
|---|---|---|---|---|---|
| Owner | r | - | - | 4 | read |
| Group | - | - | - | 0 | no permissions |
| Others | - | - | - | 0 | no permissions |
Visual Permission Grid
Detailed Explanation
The permission 400 is the most restrictive useful permission: only the file owner can read the file, and even the owner cannot write to it without changing permissions first.
Octal breakdown:
- 4 (Owner): read (4) only
- 0 (Group): no access
- 0 (Others): no access
In symbolic notation this is r--------. Only the owner can read the file. Nobody, not even the owner, can write to or execute the file. To modify the file, the owner must first change the permission (e.g., chmod 600 file).
This permission provides an extra layer of protection against accidental modification. It is commonly used for AWS PEM key files, which Amazon recommends setting to 400 to satisfy the SSH client's security requirements and to prevent accidental overwrites. Certificate files, license keys, and other files that should be set once and never modified are good candidates for 400.
Use Case
Amazon Web Services (AWS) requires 400 for PEM key files used with EC2 instances. Also used for SSL certificates, license files, and any read-once credentials.