Permissions can be very important when it comes to hosting your website. Permissions can allow our server computer to write and edit your files. Along with that, some files need to be protected from writing and editing, as a security measure. You can change your file permissions in many ways.
One of the easy and basic ways to change the permissions is through File manager in cPanel. To change the permissions for a file or folder in cpanel, please do the following:
Connect to FTP. Go to the file and right click. Choose Permissions or Attributes or Properties (depends on your program).
This can be done with chmod command.
File permissions determine what you are allowed to do and who is allowed to do it.
Owner | Group | World | |
Read | ✓ | ✓ | ✓ |
Write | ✓ | ||
Execute | ✓ | ✓ | ✓ |
The columns are the three types of users. First is the Owner; the owner is you, the person who has access to the cPanel or shell. Second is the Group; the group is other people on your server. Third is the World; the world is any visitor from the public (think world wide web).
Each row represents a permitted action for this file (or folder). Read means the user is allowed to view the file. Write means the user is allowed to edit the file. Execute means the user is allowed to run the file.
It is very important that Group and World be able to view your website files. However, there are some files which you may not want anyone to see. If you remove the check for Read under Group and World, then the file will not show in anyone's browser (instead visitors will see a 403 Forbidden error).
In the File Manager, permissions are expressed as numbers. We are only concerned with 3 digits, so if you see 4 digits, then ignore the first one. Thus 0755 is the same as 755.
The numbers represent a combination of each unique permission. Also, the first of the three digits represents the permissions for the Owner. The second digit represents the Group. The third digit represents the World.
Thus...
At this point, all you need to know is that your files should always have permissions of 644 or 755. (For most files, it doesn't matter if you give the executable permission or not. You won't see any difference.)
However, folders must always be 755.
One more rule. Any files inside the cgi-bin folder must have 755 permissions.
A common concern is using file permissions of 777.
Osirion does not allow 777 on files which process server-side (i.e. PHP). However, many scripts require you to change your files to 777.
I can tell you that 755 will work in lieu of 777. You will not need to use 777 on PHP files or folders.
The concern is giving writable permissions to Group and World. This allows hackers from the world wide web to edit your files. Thus, the last two digits of file permissions should never be 2, 3, 6, or 7.
The problem is when you install a PHP script, the script needs permission to edit files. Traditionally, PHP is treated as 'nobody' on the server. Therefore, PHP is treated the same an any unknown visitor and must obey the permissions granted to World.
The solution to this conflict is to treat PHP as the Owner. Osirion has done so by implementing a special PHP security environment known as suPHP (or phpSuExec).
With suPHP, all PHP scripts are allowed the same permissions as the Owner, and outside visitors are still restricted by the World permissions. Therefore, 755 is the perfect number; it allows all actions for PHP and only reading/viewing for potential hackers.
Permissions can be expressed many ways. You have already seen the two-dimensional matrix and the 3 or 4 digit numbers.
However, if you prefer to use the Linux shell (SSH), then file permissions will look like this:
You can ignore the very first character; it represents the file type rather than permissions. Next, you see three letters which represent the Owner's permissions.
The Owner will normally have all three permissions, which is represented by rwx.
The next three characters represent the Group's permissions. Finally, the last three characters represent the World's permissions.
Notice that Group and World do not get the writable permission. In place of the 'w' will be a hyphen, meaning that write is definitely not allowed: r-x.
Here are some conversions to consider.
2D Matrix | Numerical Representation | Linux Representation |
755 or 0755 Recommended! |
drwxr-xr-x | |
644 or 0644 | drw-r--r-- | |
700 or 0700 | drwx------ | |
777 or 0777 Not recommended! |
drwxrwxrwx |