===Unix-based Systems===
##-##: doesn’t allow
##r##: allows read
##w##: allows write
##x##: allows execute, or on directories, allows access to contents
#|
*| Number | Permission | Symbolic Notation |*
|| 0 | None | ##—## ||
|| 1 | Execute only | ##–x## ||
|| 2 | Write only | ##-w-## ||
|| 3 | Execute and write (1 + 2 = 3) | ##-wx## ||
|| 4 | Read only | ##r–## ||
|| 5 | Read and execute (4 + 1 = 5) | ##r-x## ||
|| 6 | Read and write (4 + 2 = 6) | ##rw-## ||
|| 7 | Read, write, and execute (4 + 2 + 1 = 7) | ##rwx## ||
|#
permission groups
#|
*| | owner | group | others |*
|| read | r - - | r - - | r - - ||
|| write | - w - | - w - | - w - ||
|| execute | - - x | - - x | - - x ||
|#
#|
*| Symbolic Notation | Numeric Notation | English |*
|| ##~----------## | 0000 | no permissions ||
|| ##~-rwx------## | 0700 | **read, write, & execute only for owner** ||
|| ##~-rwxrwx---## | 0770 | read, write, & execute for owner and group ||
|| ##~-rwxrwxrwx## | 0777 | read, write, & execute for owner, group and others **SECURITY RISK** ||
|| ##~---x--x--x## | 0111 | execute ||
|| ##~--w--w--w-## | 0222 | write ||
|| ##~--wx-wx-wx## | 0333 | write & execute ||
|| ##~-r--r--r--## | 0444 | read ||
|| ##~-r-xr-xr-x## | 0555 | read & execute ||
|| ##~-rw-rw-rw-## | 0666 | read & write ||
|| ##~-rwxr-----## | 0740 | owner can read, write, & execute; group can only read; others have no permissions ||
|#
Numeric Notation: octal integer, precedes the number with a 0 (zero), e.g. ##0644##
====Directory and File Permissions====
#|
*| Permissions | Directory | File |*
|| Most secure | ##755## | ##644## ||
|| Least secure | ##777## | ##666## ||
|#
Directories need to allow for access to their contents, so for each scope (owner, group, world), directory permissions will nearly always be one of the execute permissions: ##1##, ##3##, ##5##, or ##7##.
In a web application, no files themselves need execute privileges because the web server is controlling the process that actually executes the PHP. So the typical options will be ##4## or ##6##.
Usually **only the owner** needs write permissions, and group/world just need read.