I just launched an ec2 server and put all the php code on the server and I need to change the permissions so that a user cant go to the site like http:example.com/admin and see the list of php files....Do I need to change the permissions on the entire folder or each file or is there a recursive -R command that will work ...I think they are all currently 777 ...which is bad
If you are using Apache, then hiding things from being listed usually is handled in an .htaccess or the apache configuration, not with filesystem permissions.
To prevent people from being able to see what files are in a directory, with apache, you just need to turn "Indexes" off in the appropriate Directory directive. You can also override the default with an .htaccess file, but for a production server, the default should be no indexes.
For file permissions, I'd advocate switching nearly everything to read only, or read and execute if you have to (544 or 554). Leaving write permissions on files that don't need to be written is asking for trouble.
You need to set up rules in your .htaccess file and set permissions on directory. The last one is made by chmod -R 700 that is recursive change mode to make it readable, writable and executable only by owner (you)
To quickly change the permissions of all files in a directory tree (and yes, 777 is a horribly bad permission level to give them) you'll want a command like
find ./ -exec chmod go-w {} \;This will recursively go through all files and folders in that subdirectory and remove write access for people who aren't the owner.
You may also want to use
find ./ -type f -exec chmod -x {} \;to remove the executable bit from all non-directories. Apache doesn't need them to run php scripts.