How to change file and folder permissions in Linux

In Linux, file and folder permissions control who can read, modify, or execute data on a system and form a core part of basic security hardening. Correctly scoped permissions reduce the risk of accidental data loss and limit what untrusted users or services can do in shared environments.

Each filesystem object is associated with three permission sets: one for the owner (user), one for the group, and one for all other users. Long listings such as drwxr-xr-x indicate whether the object is a directory or regular file and show read (r), write (w), and execute (x) bits for user, group, and others, while a dash (-) indicates that a particular permission is not granted. Commands such as chmod adjust these bits using symbolic forms like u=rwx,g=rx,o= when tuning access for different roles.

The same permissions can be expressed in octal notation such as 755 or 640, where each digit encodes the read, write, and execute bits for user, group, and others in binary. The tables below map symbolic, binary, and octal representations and act as a quick reference when choosing secure defaults. Advanced mechanisms such as ACL, SELinux, and AppArmor add more granular or mandatory access controls but remain outside the scope here, keeping the focus on standard ownership and mode changes with chmod.

1. Check the current permissions of a file or folder in both octal and symbolic form.

   $ stat -c "%a : %A" /var/www/html/index.html 
   644 : -rw-r--r--

   The first value is the octal mode, and the second is the symbolic representation shown in ls -l output.

2. Add write permission for the group using symbolic mode.

   $ sudo chmod g+w /var/www/html/index.html
   [sudo] password for user:

   The g+w expression adds write permission for the group while leaving all other bits unchanged.

3. Remove read permission for others to prevent world-readable access.

   $ sudo chmod o-r /var/www/html/index.html

   Removing read access for others helps keep sensitive content from being exposed to all local users.

4. Set read and execute permissions for the owner (user) explicitly, replacing any existing owner bits.

   $ sudo chmod u=rx /var/www/html/index.html

   The u=rx form overwrites the owner’s permissions with read and execute, dropping any previous write bit.

5. Verify the updated permissions of the file.

   $ stat -c "%a : %A" /var/www/html/index.html 
   560 : -r-xrw----

   The mode 560 corresponds to user r-x, group rw-, and no permissions for others.

6. Set the same permissions using octal notation for all entries directly in a directory.

   $ sudo chmod 560 /var/www/html/*

   Without --recursive (-R), permissions apply only to items directly inside the directory, not to nested subdirectories and their contents.

7. Apply the permissions recursively to all files and folders under a directory.

   $ sudo chmod -R 560 /var/www/html/

   Recursive permission changes can break services or access if run on the wrong path or with an incorrect mode; confirm both before executing.

8. Check the current permissions for all files and folders in the directory tree.

   $ sudo ls -l /var/www/html/
   total 20
   dr-xrw---- 2 root root  4096 Jan  24 09:58 css
   -r-xrw---- 1 root root 10918 Jan  23 19:57 index.html
   dr-xrw---- 2 root root  4096 Jan  24 09:57 js

   Entries starting with d are directories; verify that user, group, and others bits match the expected access pattern for the application.