Setting permissions on your website's files is a very important issue, because this operation allows the hosting server to operate correctly on the files themselves. The incorrect setting of permissions on server may cause your website's malfunction: that's the reason why you have to be extra careful in planning this operation.
Files permissions indicate what kind of operations each user is authorized to pursue in terms of writing, reading and executing files. There are usually three kind of authorized users: the "Owner", the webmaster owning the website's cPanel access, the "Group", representing all the eventual users on the server, and the "Public", representing all the ordinary users of www.
Each user has a specific permission in writing, reading and executing file. It's very important to provide the "Group" and the "Public" the possibility to read and visualize the website's files: otherwise, a 403 error may occur during the regular use of the website.
It's essential to know, that, inside the File Manager program, permissions are codified by numbers: sometimes numbers can be 4 (for example 0755) but you have to consider only the latest 3 of them (755).
Numbers represent an univocal combination of permissions accorded to file or to your website's folder: in the combination 755 the first number refers to the "Owner", the second one to "Group" and the third one to "Public". The permission to read is codified as number 4, the permission to write as number 2, the permission of execution as number 1 and the absence of a permission as the number 0.
Several combinations of the previous status are allowed, for example:
- Writing and execution codified as 3 (2+1);
- Reading and execution codified as 5 (4+1);
- Reading and writing codified as 6 (4+2);
- Reading, writing and execution codified as 7 (4+2+1);
Files must have permissions 644 or 755, folders must have attributes equal to 755. In terms of website, in many cases, the permission of execution of a file is almost indifferent. All files in the cgi-bin folder must have 755 permissions.
Advanced setting
During a website's debug procedure it may occur to set 777 permissions: this setting is not allowed on all servers and is equal to 755 on the majority of scripts on web. If a script requires the 777 permission it may depend on a code problem or it can be obsolete or not working anymore.
Security risks
The greatest problem in terms of website's security is in providing permissions to "Group" and "Public" users, enabling eventual bad users to modify or clear website's elements.
The latest two numbers of a combination of permissions usually don't have to be equal to 2,3,6,7. Some scripts are problematic in terms of permissions because they require 777 and the system could consider the PHP user as "nobody".
Permissions from Linux/Unix shell
As we said, permissions can be represented by a combination of three or four numbers. If you use SSH, permissions are about to look like this:
drwxr-xr-x
0123456789
The first character represents the type of file while the following three letters represent file's reading (r), writing (w) and execution (x). rwx represents all the "Owner" 's ordinary permissions, r-x the "Group" ones and the last three letters the Public ones: r-x means that writing is not allowed for that specific role.
Setting file permissions
There are 3 ways to modify permissions.
- Use File manager inside cPanel
One of the most immediate way to modify files' permissions is to use the cPanel control panel, especially File Manager (the same used to set the mod_rewrite). To modify permissions you need to follow the procedure below:
1.Enter your cPanel control panel;
2.Click on "File Manager";
3.Select the file you need to modify in terms of permissions;
4. Select "Change Permissions";
5.Type the required permissions;
6. Click on "Change" to confirm the operation. - Use an FTP client
An alternative way to modify permissions stands in the use FTP client. Here is the procedure you have to follow:
1. Connect to your website by using an FTP connection (for example, FileZilla);
2. Select the file;
3.Select "Permissions" or "Attributes" or, in case of FileZilla, "File permissions";
4. Set permissions by clicking on "Ok" to confirm.
The FTP connection can be very useful to set the permissions of a group of files or folders. - Use SSH or a dedicated script
The use of SSH or of a dedicated script is another alternative way to modify permissions. The operation can be processed using the CHMOD command.