Permission Symbolic Codes
Linux Symbolic Permission Codes
Symbolic permission codes let you modify file & directory permissions using readable expressions (u, g, o, a + + - = rwx). This is the most precise and safest method during WordPress server operations especially when editing specific access without breaking the whole structure.
What You Will Learn
- What symbolic permissions are and how they differ from numeric mode.
- Permission entities (u/g/o/a) what each controls.
- Permission operators (
+, ,=) and when to use them. - Practical web-server and WordPress examples.
- Mistake prevention (avoid accidental chmod -R issues).
- Verification commands.
- Real lab + cheat sheet + mini-quiz.
5W + 1H Framework
| Question | Answer |
|---|---|
| What | Symbolic chmod using letters instead of digits |
| Why | Fine-tune permissions without resetting all bits |
| Where | Linux filesystem, wp-content, config files, shell scripts |
| When | Security hardening, patch access, PHP logs, CLI tasks |
| Who | root admin, dev user, www-data/lsadm group |
| How | chmod u+r, chmod g-w, chmod o=rx, etc. |
Roles (Entities)
| Entity | Meaning | Typical WP Use |
|---|---|---|
u | user (owner) | WordPress system user |
g | group | www-data or lsadm |
o | others | public / web visitors |
a | all (u+g+o) | quick apply across all |
Permission Bits
| Symbol | Meaning |
|---|---|
r | read |
w | write |
x | execute (or enter directory) |
Operators
| Operator | Meaning | Example |
|---|---|---|
+ | add permission | chmod g+w file |
- | remove permission | chmod o-x file |
= | set exact permissions | chmod u=rwx,g=rx,o= file |
Key Difference vs Numeric Mode
| Method | Example | Use Case |
|---|---|---|
| Numeric | chmod 755 | apply base perms site-wide |
| Symbolic | chmod g+w uploads | modify one permission safely |
Numeric replaces everything; symbolic changes only whats specified.
Syntax Formula
chmod [WHO][OPERATOR][PERMISSION] file
Examples:
chmod u+r file
chmod g-w file
chmod o= file
chmod a+rx script.sh
Practical WordPress Examples
Add write to group for uploads folder (multi-user dev stack):
chmod g+w wp-content/uploads
Remove write access from public (hardening):
chmod o-w wp-config.php
Add execute only for owner on deployment script:
chmod u+x deploy.sh
Lock down config to owner only:
chmod go-rwx wp-config.php
Equivalent to numeric 600.
Expected Output
Command:
ls -l wp-config.php
Output:
-rw------- 1 www-data www-data wp-config.php
Special Flags in Symbolic
| Flag | Meaning | Usage |
|---|---|---|
X | only add execute to directories | chmod -R a+X project/ |
s | setuid/setgid | advanced case |
t | sticky | /tmp |
Example safe directory fix:
chmod -R a+rX /var/www/site/
Static vs Dynamic Framing
| Mode | Use |
|---|---|
| Static pattern | numeric 644/755 baseline |
| Dynamic symbolic patching | permission tuning on-the-fly |
Go-Live Checklist
| Action | Command |
|---|---|
| Remove public write | chmod o-w file |
| Add directory traversal | chmod a+X dir/ |
| Secure wp-config | chmod go-rwx wp-config.php |
| Verify | ls -l |
Troubleshooting Matrix
| Issue | Cause | Fix |
|---|---|---|
| Lockout editing theme | removed owner write | chmod u+w wp-content/themes |
| Public script exec | others have x | chmod o-x file.sh |
| Uploads forbidden | missing directory x | chmod a+X wp-content/uploads |
Quick Lab
**Objective: Secure wp-config and allow uploads behavior
cd /var/www/your-site/public_html
chmod go-rwx wp-config.php
chmod g+w wp-content/uploads
chmod a+X wp-content/uploads
ls -l wp-config.php
ls -ld wp-content/uploads
Verify:
- wp-config only owner access
- uploads folder writable by service user group
Cheat Sheet
u = user
g = group
o = others
a = all
+ add
- remove
= assign
r read
w write
x execute
X directory execute
Common:
chmod o-r file
chmod g+w dir
chmod u+x script.sh
chmod go-rwx wp-config.php
chmod a+X -R wp-content
Mini-Quiz
Command to remove other write?
chmod o-w file
Command to allow owner execute only?
chmod u+x script.sh
Which operator overwrites all bits?
=
Secure wp-config with symbolic mode?
chmod go-rwx wp-config.php