diff --git a/lib/config.js b/lib/config.js
index c037382..052a5d0 100644
--- a/lib/config.js
+++ b/lib/config.js
@@ -24,6 +24,9 @@ var allowanonymous = process.env.HMD_ALLOW_ANONYMOUS ? (process.env.HMD_ALLOW_AN
 
 var allowfreeurl = process.env.HMD_ALLOW_FREEURL ? (process.env.HMD_ALLOW_FREEURL === 'true') : !!config.allowfreeurl;
 
+var defaultpermission = process.env.HMD_DEFAULT_PERMISSION || config.defaultpermission || 'editable';
+defaultpermission = (!allowanonymous && defaultpermission == 'freely') ? 'editable' : defaultpermission;
+
 // db
 var dburl = config.dburl || process.env.HMD_DB_URL || process.env.DATABASE_URL;
 var db = config.db || {};
@@ -173,6 +176,7 @@ module.exports = {
     usecdn: usecdn,
     allowanonymous: allowanonymous,
     allowfreeurl: allowfreeurl,
+    defaultpermission: defaultpermission,
     dburl: dburl,
     db: db,
     sslkeypath: path.join(cwd, sslkeypath),
diff --git a/lib/models/note.js b/lib/models/note.js
index 8611297..8b38d3f 100644
--- a/lib/models/note.js
+++ b/lib/models/note.js
@@ -513,10 +513,10 @@ module.exports = function (sequelize, DataTypes) {
                         }
                     }
                 }
-                // if no permission specified and have owner then give editable permission, else default permission is freely
+                // if no permission specified and have owner then give default permission in config, else default permission is freely
                 if (!note.permission) {
                     if (note.ownerId) {
-                        note.permission = "editable";
+                        note.permission = config.defaultpermission;
                     } else {
                         note.permission = "freely";
                     }