Chmod 640 Explained
Chmod 640: owner can read and write, group can read, others have no access. Secure permission for configuration and log files.
Permission
640
rw-r-----
chmod 640 filename
Permission Breakdown
| Role | Read (4) | Write (2) | Execute (1) | Octal | Meaning |
|---|---|---|---|---|---|
| Owner | r | w | - | 6 | read, write |
| Group | r | - | - | 4 | read |
| Others | - | - | - | 0 | no permissions |
Visual Permission Grid
Detailed Explanation
The permission 640 gives the owner read-write access, allows the group to read only, and blocks all access for others.
Octal breakdown:
- 6 (Owner): read (4) + write (2) = read and write
- 4 (Group): read (4) only
- 0 (Others): no access
In symbolic notation this is rw-r-----. The file owner can read and modify the file. Group members can only read it. Other users cannot access the file at all.
This permission is ideal for sensitive files that a specific service or team needs to read but should not be world-readable. For example, a web application's configuration file containing database credentials might be owned by the developer and readable by the web server's group, but invisible to other users. Similarly, log files often use 640 so that the logging service (owner) can write and the monitoring group can read, while other users are excluded.
Use Case
Used for web application configuration files (e.g., database.yml, .env files), log files, and any sensitive data file where only the owner and a specific group should have access.