How to set files & directory permissions for your website files
One of the greatest concerns that each website developer should put into consideration when developing their website or web app is its security.
Among the many ways that a website can be compromised by hackers is by giving too much privilege to the wrong people. For this reason, having the correct files and directories permissions is inevitable and should not be overlooked as far as improving the security of your website/app is concerned.
In this article, we will delve into detail what file permission means, what are the correct or preferable permissions and how to set them, both in web hosting cPanel and locally on your computer.
What are file permissions?
All files on UNIX (including Linux and other UNIX variants) machines have access permissions.
The file permissions tell the operating system how to deal with requests to access the files.
There are three types of access:
| Read(r) | Files with read access can be displayed to/viewed by the user. |
| Write(w) | Files with write access can be modified/edited by the user. |
| Execute(x) | Files with execute access can be executed as programs by the user. |
Access types are set for three types of user groups:
| User | The owner of the file |
| Group | Other files which are in the same folder or group |
| World | Everyone else |
The table below shows all the file permissions and their representation in numbers and symbols:
| Number | Permission Type | Symbol |
|---|---|---|
| 0 | No permission | --- |
| 1 | Execute | --x |
| 2 | Write | -w- |
| 3 | Execute + Write | -wx |
| 4 | Read | r-- |
| 5 | Read + Execute | r-x |
| 6 | Read + Write | rw- |
| 7 | Read + Write + Execute | rwx |
The web server needs to be able to read your web pages in order to display them in a browser.
The file permissions are denoted with a 3 digits number. The first number represents the permission to the user/owner, the second to the group, and the third to the world.
Example:
A file with permission of 777 means:
- The user has permission to read, write and execute on the file.
- Other files in the same folder or group can read, write and execute on the file.
- World/web visitors can read, write and execute on the file.
Many developers face challenges when implementing various functionalities in their websites and apps and result in setting permission to 777 for their directories or files as a way of bypassing permission issues. This is absolutely wrong and should never be done in production. By doing this, you are giving the world(your website visitors or app users) the permission to modify or edit files which is a very huge security concern.
Having the wrong permissions may also cause your website not to load properly(may lead to errors such as 500 Internal Server Error).
It's always advisable to set the minimum permission for your files to the world or to groups.
Below are the required permissions for your website to function properly.
644 for files
All website files such as html, php, javascript, css, images etc should have a file permission value of 644. This means that the user can read and write on them but the group and the world can only read them.
755 for folders
All folders should have a permission value for this is 755. This means that the user can read, write and execute on the folders but the group and world can only read and execute them.
In cPanel file manager, permissions are displayed as 4 digits in the permissions column with the first as zero(0). So 755 will be displayed as 0755, 644 as 0644 etc.
How to set files and directory permissions
1. Setting permissions via cPanel file manager
Step 1: Log in to cPanel
Step 2: Navigate to File Manager under Files section
Step 3: Right-click on any file or folder in which you want to change permission and select “Change Permissions”. Alternatively, you can select the file then click “Permissions” at the top menu.
Step 4: Tick the correct options depending on the permission you want to give for the file to the different categories of users and click “Change Permissions”.
Alternatively;
Double-click on the permission value in the permissions column, write the correct permission you want to assign it, and click “Save” to save changes.
2. Setting permissions via terminal/command prompt
This is an alternative method which especially very useful if you want to set the permissions for multiple files and folders within a certain directory. It allows you to set permissions for multiple files with just one-line command.
In cPanel, scroll to the Advanced section and click on the "Terminal" option.
If your files are stored locally, open your command prompt(for Windows) or Terminal if using any Linux distribution.
Change the directory using the cd command to your desired location under which you want to change the files/directories permissions.
cd /home/user/public_html
Use the chmod command below to change the permissions for all the directories and their subdirectories to 755.
find . -type d -exec chmod 0755 {} ;
Use the chmod command below to change the permissions for all the files in the directory and in all its subdirectories.
find . -type f -exec chmod 0644 {} ;
Conclusion
In this article, you have learned what file permissions are, why setting the correct permissions is important in your website or web application and how to set these permissions both in cPanel and locally in your laptop or desktop computer.
