chmod is used to modify the permissions of a file or folder. Syntax is like chmod 664 filename. This will give Read&Write permissions to the owner and group of the filename and only Read permissions to other users
In order to Modify the permissions of a file, you have to either own that file or be an admin.
Now if for example, you are logged in as root and you want to give userA the ability to use chmod command on a file, then you should use the Chang Owner (chown) command.
Syntax is like chown userA:groupA filename. This will change the filename owner and group to userA and groupA respectively
I think it is important to mention particularly that files with config information like database details should have 600. Especially when in a shared environment.
I was contacted to cleanup a hacked WordPress website. Hacked due to an unsecure WordPress plugin. The hacker then uploaded what I consider a "beautiful script". What the script does is to bruteforce the config location of popular webapps in the /var/www directory...Some of them includes:
WHMCS and many more
It then created a symlink to these files. And just like that almost all the websites were hacked.
Now the ones that survived the attack are the ones that set their config files to 600 which was about 1 or 2 websites.
Think about it. 644 means:
I can read and write to this file
Anyone in my group can read this file but not write
All other people including an hacker can read this file but not write