chmod / chown / chgrp

In numeric mode (octal mode), permissions for owner, group, and others are specified using the sum of r=4, w=2, x=1. 644 (rw-r--r--) is common for config files; 755 (rwxr-xr-x) is common for executables and directories.

chmod {3-digit octal} {file/directory}

In symbolic mode, combine a target (u=owner / g=group / o=others / a=all) with an operator (+add / -remove / =set) to change permissions incrementally.

chmod {target}{operator}{permission} {file}

Applies the permission change to all files and subdirectories under the specified directory.

chmod -R {mode} {directory}

Changes the owning user of a file. Requires root privileges. Use a colon to change the group at the same time.

sudo chown {user} {file}
sudo chown {user}:{group} {file}

Recursively changes ownership under a directory. Commonly used when transferring control to a web server.

sudo chown -R {user}:{group} {directory}

Changes only the owning group of a file. Use -R to apply recursively under a directory.

sudo chgrp {group} {file}
sudo chgrp -R {group} {directory}

Operation	Command	Description
Set permissions numerically	chmod {3-digit} {file}	Specifies owner, group, and others in order using the sum of r=4, w=2, x=1.
Add permissions symbolically	chmod {target}+{permission} {file}	Combines u (owner) / g (group) / o (others) / a (all) with r / w / x to add permissions.
Remove permissions symbolically	chmod {target}-{permission} {file}	Removes the specified permissions from the given target.
Set permissions symbolically	chmod {target}={permission} {file}	Replaces the target's permissions with exactly what is specified.
Recursively change a directory	chmod -R {mode} {directory}	Applies the change to all files and subdirectories under the directory.
Change the owning user	chown {user} {file}	Changes the owning user of a file. Requires root privileges.
Change the owning user and group	chown {user}:{group} {file}	Changes both the owning user and group at the same time.
Apply ownership recursively	chown -R {user}:{group} {directory}	Recursively changes ownership under the directory. Commonly used when transferring control to a web server.
Change the owning group	chgrp {group} {file}	Changes only the owning group of a file.
Change the owning group recursively	chgrp -R {group} {directory}	Changes the owning group for all files under the directory.
Check current permissions	ls -l {file}	Displays the permissions, owning user, and group of a file.
Check permissions numerically	stat -c "%a %n" {file}	Shows permissions in octal. Useful for verifying values set with chmod.

Check file permissions

Lists files along with their permissions and ownership.

$ ls -l /var/www/html/app/
total 24
-rw-r--r-- 1 www-data www-data 1024 Mar 25 12:00 config.php
-rwxr-xr-x 1 www-data www-data 2048 Mar 25 12:00 deploy.sh
drwxr-xr-x 2 www-data www-data 4096 Mar 25 12:00 storage
-rw------- 1 root     root      512 Mar 25 12:00 .env

Checks permissions in octal format. Useful for verifying values set with chmod.

$ stat -c "%a %n" /var/www/html/app/config.php
644 /var/www/html/app/config.php

Apply typical permission settings for a web application

Transfer ownership to the web server (www-data), set directories to 755 and static files to 644. Set writable directories (logs, cache, uploads) to 775, sensitive files like .env to 600, and grant execute permission (755) to shell scripts.

$ sudo chown -R www-data:www-data /var/www/html/jujutsu-app/
$ sudo find /var/www/html/jujutsu-app/ -type d -exec chmod 755 {} \;
$ sudo find /var/www/html/jujutsu-app/ -type f -exec chmod 644 {} \;
$ sudo chmod -R 775 /var/www/html/jujutsu-app/storage/
$ sudo chmod -R 775 /var/www/html/jujutsu-app/cache/
$ sudo chmod -R 775 /var/www/html/jujutsu-app/uploads/
$ sudo chmod 600 /var/www/html/jujutsu-app/.env
$ sudo chmod 755 /var/www/html/jujutsu-app/deploy.sh
$ stat -c "%a %n" /var/www/html/jujutsu-app/.env
600 /var/www/html/jujutsu-app/.env
$ stat -c "%a %n" /var/www/html/jujutsu-app/storage/
775 /var/www/html/jujutsu-app/storage/

Change permissions using symbolic mode

Adds execute permission for the owner. You can also remove write permission from group and others, set everyone to read-only, or apply multiple changes in a single command using a comma.

$ chmod u+x /home/gojo/scripts/barrier.sh
$ ls -l /home/gojo/scripts/barrier.sh
-rwxr--r-- 1 gojo gojo 256 Mar 25 12:00 /home/gojo/scripts/barrier.sh
$ chmod go-w /var/www/html/jujutsu-app/config.php
$ chmod a=r /var/www/html/jujutsu-app/maintenance.php
$ chmod u+x,o= /home/nanami/tools/analyze.sh
$ ls -l /home/nanami/tools/analyze.sh
-rwxr----- 1 nanami nanami 512 Mar 25 12:00 /home/nanami/tools/analyze.sh

Change the owning user and group

Changes the owner of a file to www-data. You can also change both the owner and group under a directory at once, or change only the group while keeping the owner as-is.

$ sudo chown www-data /var/www/html/jujutsu-app/uploads/itadori_curse.png
$ sudo chown -R www-data:www-data /var/www/html/jujutsu-app/uploads/
$ sudo chgrp -R developers /var/www/html/jujutsu-app/src/
$ ls -l /var/www/html/jujutsu-app/uploads/
total 8
-rw-r--r-- 1 www-data www-data 4096 Mar 25 12:00 itadori_curse.png
-rw-r--r-- 1 www-data www-data 2048 Mar 25 12:00 sukuna_finger.jpg

'chmod / chown / chgrp' are the fundamental Linux commands for managing file permissions. Permissions are divided into three categories — owner, group, and others — and each is configured using rwx (read=4, write=2, execute=1). Numeric mode allows you to set all permissions at once, as in chmod 644, while symbolic mode lets you make incremental changes while preserving existing permissions, as in chmod u+x. Typical web application settings are: 755 for directories, 644 for PHP files, 775 for writable directories such as storage and uploads, and 600 for sensitive files like .env. After making changes, get into the habit of verifying the actual values with ls -l or stat -c "%a %n" to catch misconfiguration early. See also the ls command for checking file permissions.