Changing File and Folder Permissions via SSH
Last Updated: 2025-01-01
3 min read
Overview
File permissions determine who can read, write, and execute files on your Linux server. Incorrect permissions are a common cause of “403 Forbidden” errors, security vulnerabilities, and application malfunctions. The chmod command lets you set permissions precisely.
Understanding Permissions
Every file and directory has three permission sets:
| Who | Symbol | Description |
|---|---|---|
| Owner | u | The user who owns the file |
| Group | g | Users in the file’s group |
| Others | o | Everyone else |
Each set has three permission types:
| Permission | Symbol | Numeric Value |
|---|---|---|
| Read | r | 4 |
| Write | w | 2 |
| Execute | x | 1 |
Reading permission strings
ls -l
# -rwxr-xr-- 1 user group 1234 Jan 01 12:00 script.sh
Breaking down -rwxr-xr--:
| Position | Meaning |
|---|---|
- | File type (- = file, d = directory) |
rwx | Owner: read, write, execute |
r-x | Group: read, execute |
r-- | Others: read only |
Numeric (Octal) Notation
Each permission set is represented by a single digit (sum of r=4, w=2, x=1):
| Number | Permissions | Meaning |
|---|---|---|
7 | rwx | Read, write, execute |
6 | rw- | Read, write |
5 | r-x | Read, execute |
4 | r-- | Read only |
0 | --- | No permissions |
Common chmod examples
chmod 755 script.sh # Owner: rwx, Group: rx, Others: rx
chmod 644 index.html # Owner: rw, Group: r, Others: r
chmod 600 .htpasswd # Owner: rw, no access for anyone else
chmod 700 private-dir/ # Owner: rwx, no access for anyone else
Symbolic Notation
chmod u+x script.sh # Add execute permission for the owner
chmod g-w file.txt # Remove write permission from the group
chmod o-rwx secret.txt # Remove all permissions for others
chmod a+r readme.txt # Add read permission for all (a = all)
chmod u=rwx,g=rx,o=r file # Set exact permissions
Recursive Permission Changes
Apply permissions to a directory and all its contents:
chmod -R 755 /home/username/public_html/
Set different permissions for files and directories
Directories need execute (x) permission to be entered, but files usually don’t:
# Set directories to 755
find /home/username/public_html -type d -exec chmod 755 {} \;
# Set files to 644
find /home/username/public_html -type f -exec chmod 644 {} \;
This is the recommended approach for web hosting.
Common Permission Sets for Web Hosting
| Permission | Use Case |
|---|---|
644 | HTML, CSS, JS, PHP files, images |
755 | Directories, executable scripts, CGI files |
600 | Sensitive config files (e.g., .htpasswd, wp-config.php) |
700 | Private directories |
666 | Files that need to be writeable by the web server (use sparingly) |
777 | Avoid — gives everyone full access (serious security risk) |
Practical Examples
Fix a “403 Forbidden” error
Often caused by incorrect permissions:
find /home/username/public_html -type d -exec chmod 755 {} \;
find /home/username/public_html -type f -exec chmod 644 {} \;
Secure wp-config.php
chmod 600 /home/username/public_html/wp-config.php
Make a script executable
chmod +x /home/username/scripts/backup.sh
Check current permissions
ls -la /home/username/public_html/
stat /home/username/public_html/wp-config.php
Tips
- Never use 777 on a production server — it allows anyone to read, write, and execute the file, creating severe security risks.
- The most common web hosting setup is 755 for directories and 644 for files.
- If your web application needs to write to a directory (e.g., uploads), use
775or770and ensure the web server user is in the correct group. - Use
ls -lato verify permissions after making changes. - When in doubt, start with more restrictive permissions and loosen only as needed.
Tags:
ssh
linux
permissions
chmod
security