714

I have a web directory /www and a folder in that directory called store.

Within store are several files and folders. I want to give the folder store and all files and folders within the store folder all permissions.

How do I do this? I am guessing via .htaccess.

General Grievance
  • 4,555
  • 31
  • 31
  • 45
RSM
  • 14,540
  • 34
  • 97
  • 144
  • 67
    You need to seriously think about giving 777 to all files and folders under /www directory, which means all your files and directories will be readable, writable and executable by whole world. – anubhava Nov 30 '11 at 15:52
  • 68
    Just to counter the alarmist misinformation in the comments: your files probably **won't** be writeable or even likely readable "by the whole world". You'd have to setup a web server that explicitly allowed these things, which would be very uncommon. These files will be readable, writeable, and executable by any user who's able to login to your system. – Josh Noe Apr 22 '17 at 23:28
  • 3
    @JoshNoe It isn't alarmist. Read the OWASP top 10 web application security vulnerabilities: A5 is "security misconfiguration" (e.g. 777 on upload directory) and A1 is "injection". *A1 + A5 = pwnd*. https://www.google.com/search?q=nginx+config+php+code+injection+jpg+comment On Linux the web server runs under a user (e.g. www-data) so every time the server serves a file it _is_ a user logged into the system. – Pocketsand Sep 16 '17 at 15:18
  • @Pocketsand Granting 777 to the user your web server runs under generally won't open your files to "the whole world". By default, most web servers don'y *serve* any files by default, until you explicitly set them up to. – Josh Noe Sep 18 '17 at 21:06
  • 1
    @JoshNoe I assume you're talking about whether directory listings are configured but that is not what is being discussed here. The comments are concerning basic defensive security principles to help prevent things like code injection and directory traversal attacks. What your saying is analogous to "It's alarmist to say people should lock their doors if their curtains are already shut." – Pocketsand Sep 19 '17 at 17:59
  • On top of what others have said, I would recommend the least secure permissions on such a directory to be `1777` (note the sticky bit - this is important), and the files should be at worst `775` (with the appropriate group and user ownership). There's almost always a better option than setting a directory to `777`. For example, on a properly configured machine, even though everyone can write to `/tmp`, it's not `777`. It's `1777`, which means that once someone creates a file there, that file's permissions determine who gets to delete/rename it, while `777` dirs by default let anyone do this. – Score_Under Feb 09 '18 at 00:15
  • That of course is all assuming that you have configured your webserver not to run scripts in that directory or process `.htaccess` files from there, etc. – Score_Under Feb 09 '18 at 00:18
  • Normally `755` or `a+x` (readable by User, Group and World, writable by User, executable by User, Group and World) is enough. –  Apr 14 '18 at 04:08
  • The question is very clear. Discussing security issues is off-topic. – IamDOM Jan 12 '23 at 17:06

7 Answers7

1285

If you are going for a console command it would be:

chmod -R 777 /www/store. The -R (or --recursive) options make it recursive.

Or if you want to make all the files in the current directory have all permissions type:

chmod -R 777 ./

If you need more info about chmod command see: File permission

tRuEsAtM
  • 3,517
  • 6
  • 43
  • 83
petervaz
  • 13,685
  • 1
  • 15
  • 15
211

If by all permissions you mean 777

Navigate to folder and

chmod -R 777 .
Daniel Elliott
  • 22,647
  • 10
  • 64
  • 82
196

You can give permission to folder and all its contents using option -R i.e Recursive permissions.

But I would suggest not to give 777 permission to all folder and it's all contents. You should give specific permission to each sub-folder in www directory folders.

Ideally, give 755 permission for security reasons to the web folder.

sudo chmod -R 755 /www/store

Each number has meaning in permission. Do not give full permission.

N   Description                      ls   binary    
0   No permissions at all            ---  000
1   Only execute                     --x  001
2   Only write                       -w-  010
3   Write and execute                -wx  011
4   Only read                        r--  100
5   Read and execute                 r-x  101
6   Read and write                   rw-  110
7   Read, write, and execute         rwx  111
  • First Number 7 - Read, write, and execute for the user.
  • Second Number 5 - Read and execute for the group.
  • Third Number 5 - Read and execute for others.

If your production web folder has multiple users, then you can set permissions and user groups accordingly.

More info :

  1. Understanding File Permissions: What Does “Chmod 777″ Mean?
  2. What file permissions should I set on web root?
  3. Why shouldn't /var/www have chmod 777
Community
  • 1
  • 1
Somnath Muluk
  • 55,015
  • 38
  • 216
  • 226
  • Why downvote? Is it wrong answer? Downvoter please explain so that I can improve quality of answer. – Somnath Muluk Aug 30 '16 at 05:23
  • 2
    I haven't downvoted, but I think the reason is that your answer does not cover the OPs question. It's still a good answer, just not for this topic. – Marijke Luttekes Sep 27 '16 at 10:30
  • 8
    @MarijkeLuttekes: There are already answers who are giving light on how to give 777 permissions to folder. That's not my intention to answer. I am saying not to give 777 permission to folder at all to `www` folder. See first comment for question of anubhava. Instead give 755 or required permissions. We understand sometimes from question that OP is heading in wrong direction. Then we should give path should be followed. It's not only OP will be requiring solution. With same question another person will come to this page for finding answer, then that person will understand what this answer. – Somnath Muluk Sep 27 '16 at 14:14
  • 7
    This should be marked the correct answer. While the other answers give the 'solution' to the problem, this one explains how a typical folder structure should be setup. Very rarely if ever would you want to make a web folder 777. Read the More info links that @SomnathMuluk has provided so that you can understand why. – Loligans Oct 25 '16 at 05:12
  • 1
    after reading it, i think, 754 is a good choice, also – FerdousTheWebCoder Mar 25 '19 at 20:40
  • 3
    +1 by far the best delivery I have seen of the binary permissions in an answer! Thanks for this `easy on the eyes` breakdown! – JayRizzo Oct 28 '19 at 06:17
31

You can also use chmod 777 *

This will give permissions to all files currently in the folder and files added in the future without giving permissions to the directory itself.

NOTE: This should be done in the folder where the files are located. For me it was an images that had an issue so I went to my images folder and did this.

spasticninja
  • 681
  • 8
  • 16
  • 1
    Nope, doesn't work on Ubuntu. New files appear to have different permissions than the ones that were already in the directory. – DanoPlu Nov 15 '18 at 15:30
20

Yes, very right that the -R option in chmod command makes the files/sub-directories under the given directory will get 777 permission. But generally, it's not a good practice to give 777 to all files and dirs as it can lead to data insecurity. Try to be very specific on giving all rights to all files and directories. And to answer your question:

chmod -R 777 your_directory_name

... will work

Yogesh Prajapati
  • 4,770
  • 2
  • 36
  • 77
Kuldip Singh Behal
  • 211
  • 2
  • 2
12

for mac, should be a ‘superuser do’;

so first :

sudo -s 
password:

and then 

chmod -R 777 directory_path
Community
  • 1
  • 1
hui
  • 591
  • 7
  • 22
10

This didn't work for me.

sudo chmod -R 777 /path/to/your/file/or/directory

I used -f also.

sudo chmod -R -f 777 /path/to/your/file/or/directory
tRuEsAtM
  • 3,517
  • 6
  • 43
  • 83
Janaka Pushpakumara
  • 4,769
  • 5
  • 29
  • 34