chmod 640

rw-r-----

Group Readable File

Permission Structure

Owner (User)

✓Read (r)

✓Write (w)

✗Execute (x)

Group

✓Read (r)

✗Write (w)

✗Execute (x)

Others

✗Read (r)

✗Write (w)

✗Execute (x)

Octal

640

Symbolic

rw-r-----

Explanation

chmod 640 grants the owner read and write permissions, the group read-only access, and others no permissions at all. Used when a service account needs to read a configuration file but only the administrator should be able to modify it. Ideal for security-sensitive configuration files that a service must consume.

Common Use Cases

▸Database configuration files read by a web server
▸Environment configuration files for service accounts
▸Certificate files: written by root, read by service group
▸Security configuration files in /etc/sudoers.d/
▸Application secret files (readable only by the app group)

Security Considerations

640 is optimal for letting a service account read configuration without being able to modify it. Applying 640 to .env files or DB credential files lets the service work normally while protecting against other system users reading them. Always pair with the correct group ownership.

Command Examples

$ chmod 640 /etc/myapp/database.conf

$ chown root:www-data /etc/myapp/database.conf

$ chmod 640 /etc/ssl/private/app.key

$ chmod 640 /etc/cron.d/backup-job

Related Permissions

755rwxr-xr-x→644rw-r--r--→777rwxrwxrwx→700rwx------→

← Back to chmod Calculator

// related tools

⏱

Cron Expression Generator

Build and parse cron expressions visually. Generate human-readable descriptions and preview next execution times.

jwt

JWT Decoder

Decode and inspect JWT tokens. View header, payload, and signature details.

Regex Tester

Test regular expressions with live matching, group highlighting, and explanations.

◑

Color Converter

Convert colors between HEX, RGB, HSL, and more. Pick colors visually.