How to set files & directory permissions for your website files

  John Mwaniki /    Updated on 07 Jul 2024

One of the greatest concerns that each website developer should put into consideration when developing their website or web app is its security.

Among the many ways that a website can be compromised by hackers is by giving too much privilege to the wrong people. For this reason, having the correct files and directories permissions is inevitable and should not be overlooked as far as improving the security of your website/app is concerned.

In this article, we will delve into detail what file permission means, what are the correct or preferable permissions and how to set them, both in web hosting cPanel and locally on your computer.

What are file permissions?

All files on UNIX (including Linux and other UNIX variants) machines have access permissions.

The file permissions tell the operating system how to deal with requests to access the files.

There are three types of access:

Read(r) Files with read access can be displayed to/viewed by the user.
Write(w) Files with write access can be modified/edited by the user.
Execute(x) Files with execute access can be executed as programs by the user.

Access types are set for three types of user groups:

User The owner of the file
Group Other files which are in the same folder or group
World Everyone else

The table below shows all the file permissions and their representation in numbers and symbols:

Number Permission Type Symbol
0 No permission ---
1 Execute --x
2 Write -w-
3 Execute + Write -wx
4 Read r--
5 Read + Execute r-x
6 Read + Write rw-
7 Read + Write + Execute rwx

The web server needs to be able to read your web pages in order to display them in a browser.

The file permissions are denoted with a 3 digits number. The first number represents the permission to the user/owner, the second to the group, and the third to the world.


A file with permission of 777 means:

  • The user has permission to read, write and execute on the file.
  • Other files in the same folder or group can read, write and execute on the file.
  • World/web visitors can read, write and execute on the file.

Many developers face challenges when implementing various functionalities in their websites and apps and result in setting permission to 777 for their directories or files as a way of bypassing permission issues. This is absolutely wrong and should never be done in production. By doing this, you are giving the world(your website visitors or app users) the permission to modify or edit files which is a very huge security concern.

Having the wrong permissions may also cause your website not to load properly(may lead to errors such as 500 Internal Server Error).

It's always advisable to set the minimum permission for your files to the world or to groups.

Below are the required permissions for your website to function properly.

644 for files
All website files such as html, php, javascript, css, images etc should have a file permission value of 644. This means that the user can read and write on them but the group and the world can only read them.

755 for folders
All folders should have a permission value for this is 755. This means that the user can read, write and execute on the folders but the group and world can only read and execute them.

In cPanel file manager, permissions are displayed as 4 digits in the permissions column with the first as zero(0). So 755 will be displayed as 0755, 644 as 0644 etc.

How to set files and directory permissions

1. Setting permissions via cPanel file manager

Step 1: Log in to cPanel

Step 2: Navigate to File Manager under Files section

cPanel File Manager

Step 3: Right-click on any file or folder in which you want to change permission and select “Change Permissions”. Alternatively, you can select the file then click “Permissions” at the top menu.

Choosing change permission on a file in cPanel file manager

Step 4: Tick the correct options depending on the permission you want to give for the file to the different categories of users and click “Change Permissions”.

Setting new file permission for a file/folder in cpanel

Double-click on the permission value in the permissions column, write the correct permission you want to assign it, and click “Save” to save changes.

Changing file permission by double-clicking on permission value in cpanel

2. Setting permissions via terminal/command prompt

This is an alternative method which especially very useful if you want to set the permissions for multiple files and folders within a certain directory. It allows you to set permissions for multiple files with just one-line command.

In cPanel, scroll to the Advanced section and click on the "Terminal" option.

Opening terminal in cpanel

If your files are stored locally, open your command prompt(for Windows) or Terminal if using any Linux distribution.

Change the directory using the cd command to your desired location under which you want to change the files/directories permissions.

  cd /home/user/public_html

Use the chmod command below to change the permissions for all the directories and their subdirectories to 755.

  find . -type d -exec chmod 0755 {} ;

Use the chmod command below to change the permissions for all the files in the directory and in all its subdirectories.

  find . -type f -exec chmod 0644 {} ;


In this article, you have learned what file permissions are, why setting the correct permissions is important in your website or web application and how to set these permissions both in cPanel and locally in your laptop or desktop computer.