Unix/Linux permissions are not as simple as those in DOS. If my memory serves correctly (though admittedly it's been a long time since) DOS uses a simple scheme with three attributes for each file: read, write and hidden. There's no exec permission, since both DOS and Windows determine if a file is a program based on its extension.
In Linux you have much more than that. The basic ones that should worry about are the read, write and exec permissions, but these are defined in three triplets: read (+r), write (+w) and exec (+x) for the owner of the file; read, write and exec for the group; and read, write and exec for the rest of persons. Also, the exec permission on directories mean "access". So you can't cd to a dir if you don't have the +x permission over it for your user. All this info can be seen with "ls -l" (or -ld for directories), for example, in /var/www you should have something similar to this:
$ ls -ld /var/www/
drwxr-xr-x 3 apache root 4,0K oct 29 2008 /var/www/
This means that the owner of the file is the user "apache", it's the ID under which the apache server usually runs. The group is "root", the permissions are "rwxr-xr-x", which means "rwx" for the user apache, "r-x" for all the users which belongs to the group "root", and "r-x" for the rest of the users. These are usual permissions for a web.
To set a permission you use chmod. For example, to set write permissions for everyone you would do "chmod a+w /var/www" (I hihgly advise against that
). "a" means all, "+w" means to set write permissions. After that, to remove the write permissions again from "group" and "others" you would use these two commands: "chmod g-w /var/www" and "chmod o-w /var/www", where "g" is "group" and "o" is "others", and "-w" is to remove write permissions.
So, first, you need to decide what do you mean when you say that you want to give read and write permissions to /var/www. It really shouldn't be world-writable, this would have many security implications, unless you are only serving it locally in a trusted intranet and can't be reached from the outside. And even then, there's no reason to use a so poor security policy.