By using the chown and chmod utilities. Use "man chmod" or "man chown" for the manuals on how they are used. For better examples, search the Internet for better explanations such as the catcode site.
Originally Posted by Jacob72
The following examples should not actually be used for your site. They are examples to understand the process.
This example will set the ownership (individual and group-level) to be owned by the user "root" and the group called "www-data" for all .html files in the current working directory.
This example sets the file permissions for every .html in the corrent working folder to Read/Write (6) for the specific owner, Read-Only (4) for the owned group and Read-Only (4) for everyone else.
chown root:www-data *.html
Here are the same commands but instead of assuming the current directory, the exact path is used to ensure the action is not performed on the wrong files.
If all the files in the specified folder and all sub-folders need to be set, this is how it can be done using the recursive option:
chown root:www-data /var/www/*.html
chmod 0644 /var/www/*.html
Great care should be taken whenever you use wild cards (*) and recursion (-R). In some cases, you might need to run multiple commands to make sure all permissions are set correctly. For Example:
chown -R root:www-data /var/www/*.html
chmod -R 0644 /var/www/*.html
The above sets ownership for all files under the /var/www folder to www-data.
chown -R www-data:www-data /var/www/*
chmod -R 0664 /var/www/*
chmod 0666 /var/www/uploads
chmod -R 0444 /var/www/images/*
chmod -R 0444 /var/www/*.html
chmod -R 0444 /var/www/*.htm
It then sets permissions for all files under the /var/www to Read/Write for www-data and Read-Only for everyone else.
It then sets the upload folder to be Read/Write for anyone.
Then all images and html files are set to Read-Only for everyone.
Once I have my permissions setup correctly to ensure the site is usable with the least amount of permission necessary, I then write a bash script to set those permissions and schedule them via cron to run on a normal basis to ensure the permissions remain correct even if somebody messes them up.