File System Permissions
Unix-based Systems
-: doesn’t allowr: allows readw: allows writex: allows execute, or on directories, allows access to contents| Number | Permission | Symbolic Notation |
|---|---|---|
| 0 | None | — |
| 1 | Execute only | –x |
| 2 | Write only | -w- |
| 3 | Execute and write (1 + 2 = 3) | -wx |
| 4 | Read only | r– |
| 5 | Read and execute (4 + 1 = 5) | r-x |
| 6 | Read and write (4 + 2 = 6) | rw- |
| 7 | Read, write, and execute (4 + 2 + 1 = 7) | rwx |
permission groups
| owner | group | others | |
|---|---|---|---|
| read | r - - | r - - | r - - |
| write | - w - | - w - | - w - |
| execute | - - x | - - x | - - x |
| Symbolic Notation | Numeric Notation | English |
|---|---|---|
---------- | 0000 | no permissions |
-rwx------ | 0700 | read, write, & execute only for owner |
-rwxrwx--- | 0770 | read, write, & execute for owner and group |
-rwxrwxrwx | 0777 | read, write, & execute for owner, group and others SECURITY RISK |
---x--x--x | 0111 | execute |
--w--w--w- | 0222 | write |
--wx-wx-wx | 0333 | write & execute |
-r--r--r-- | 0444 | read |
-r-xr-xr-x | 0555 | read & execute |
-rw-rw-rw- | 0666 | read & write |
-rwxr----- | 0740 | owner can read, write, & execute; group can only read; others have no permissions |
Numeric Notation: octal integer, precedes the number with a 0 (zero), e.g. 0644
Directory and File Permissions
| Permissions | Directory | File |
|---|---|---|
| Most secure | 755 | 644 |
| Least secure | 777 | 666 |
Directories need to allow for access to their contents, so for each scope (owner, group, world), directory permissions will nearly always be one of the execute permissions: 1, 3, 5, or 7.
In a web application, no files themselves need execute privileges because the web server is controlling the process that actually executes the PHP. So the typical options will be 4 or 6.
Usually only the owner needs write permissions, and group/world just need read.