When working on the server we need to be aware of who can execute, write or read our files. The web server has a special folder for storing the html files that we want to serve on the web. In Ubuntu 14 this folder has the path:


We can open up this directory by issuing the command:

cd /var/www/html/

In the command line you can list the current directory with the -l for long flag:

ls -l

You should see a directory listing similar to the one below.


The files and directories are listed with their properties. In the first column first row of the listing, for the 'home' directory, the permissions are set to:


The 'd' indicates it is a directory. The next set of letters (rwx) indicate the owner's (ie the person who created it) privileges. In this case of the 'home' directory above, it is read, write and execute. The next three characters indicate the group permissions. In this case read and execute. The final set of characters indicate 'world' (ie anyone) privileges, also read and execute.

If the FTP (ie Filezilla) user is the owner then these file permissions can be changed via FTP, Permissions are changed on the command line via the chmod command.

chmod -R 755 home

This changes the home directory, and all its containing files and sub directories to the permissions in the above screenshot, that is read, write, execute for the owner and read, execute for user and world. Remember it is often the case that you will need to apply more restrictive permissions, say to prevent the world from writing or executing:

chmod -R 754 (directory or file).

File permissions can be represented by three numbers representing Owner, Group and World respectively. Each of the permissions has a numeric value: Read = 4 : Write = 2 : Execute = 1. These numbers are simply added to give the a number for each of the three user levels. The rwx translates to 4+2+1=7; r-x = 4+1 = 5. To apply a more restrictive privilege set, say rwxr---- (that is Owner: read write execute, User read only and world no privileges) would translate to 740.

We can also see form this listing that the home directory is owned by the user admin and is in the www-data group.

The www-data group is the group generally applied to files we wish to serve to the web. So our group permissions can apply to those accessing files from the web and to avoid web users gaining additional privileges. To change the 'home' folder to the www-data group enter the following command:

sudo chgrp -R www-data home

The -R flag here makes the changes propagate down the directory tree. Any file or folder in a sub directory of the home directory will also have its group changed.

We can change the owner of the file or folder using the chown command:

chown -R admin (file or directory).