Chmod 660 for Log Files
Learn how chmod 660 is used for log files. Owner and group read-write, others blocked. Secure logging with shared access.
Permission
660
rw-rw----
chmod 660 filename
Permission Breakdown
| Role | Read (4) | Write (2) | Execute (1) | Octal | Meaning |
|---|---|---|---|---|---|
| Owner | r | w | - | 6 | read, write |
| Group | r | w | - | 6 | read, write |
| Others | - | - | - | 0 | no permissions |
Visual Permission Grid
Detailed Explanation
The permission 660 for log files allows both the application (owner) and the monitoring/log management group to read and write, while blocking all other users.
Octal breakdown:
- 6 (Owner): read (4) + write (2) = read and write
- 6 (Group): read (4) + write (2) = read and write
- 0 (Others): no access
In symbolic notation this is rw-rw----.
In the context of log files, this permission is essential for proper log management. The application process (running as the owner) writes log entries. The operations team or log aggregation tools (in the group) can read and sometimes rotate the logs. Other system users cannot access potentially sensitive log data.
Many log rotation tools (like logrotate) expect log files to maintain 660 permissions. The tool creates new log files with the same permissions, ensuring consistent access control throughout the rotation cycle. Systemd journal and syslog configurations often specify 660 for their output files.
Use Case
Standard permission for application log files, syslog outputs, and any log file where the application writes and a monitoring group reads, while other users should not access log data.