Chmod 600 Explained
Chmod 600 restricts access to owner read and write only. Group and others have zero access. The standard for private keys and secrets.
Permission
600
rw-------
chmod 600 filename
Permission Breakdown
| Role | Read (4) | Write (2) | Execute (1) | Octal | Meaning |
|---|---|---|---|---|---|
| Owner | r | w | - | 6 | read, write |
| Group | - | - | - | 0 | no permissions |
| Others | - | - | - | 0 | no permissions |
Visual Permission Grid
Detailed Explanation
The permission 600 is a highly secure permission that grants only the owner read and write access, with no permissions for anyone else.
Octal breakdown:
- 6 (Owner): read (4) + write (2) = read and write
- 0 (Group): no access
- 0 (Others): no access
In symbolic notation this is rw-------. Only the file owner can read and modify the file. No other user on the system can access it in any way.
This is the required permission for SSH private keys (id_rsa, id_ed25519). The SSH client will refuse to use a private key file if its permissions are too open (e.g., readable by group or others). Similarly, GPG private keys, SSL/TLS private key files, password databases, and .env files with API credentials should all use 600. This ensures that even if other users have shell access to the same server, they cannot read your secrets.
Use Case
Required for SSH private keys, SSL/TLS private keys, .env files with secrets, password files, and any file containing credentials or sensitive configuration data.