Setting File Permissions
Also available in Deutsch, Español, Français?, Русский, 简体中文.
1. Unix permissions
All the files and folders permissions are set according to current web server configuration.
There could be some different situations when the webserver runs:
-
owner
- with the same username as file/directory owner -
group
- with the same group name as file/directory owner/user group -
others
- as nobody - as root
Permissions | Directory | File | Notes |
---|---|---|---|
1. owner | |||
read
| 0500 | 0400 | |
write
| 0700 | 0600 | |
2. group | |||
read
| 0550 | 0440 | |
write
| 0770 | 0660 | |
3. others | |||
read
| 0555 | 0444 | |
write
| 0777 | 0666 | SECURITY RISK |
2. Package / Repository
The default permission are:
Permissions | Directory | File |
---|---|---|
default | 0755 | 0644 |
3. Installation / Upgrade
Change the permissions on the following directories and files to be writable.
3.1. Directories
-
_cache/config/
-
_cache/feed/
-
_cache/page/
-
_cache/query/
-
_cache/session/
-
_cache/template/
-
file/backup/
-
file/global/
-
file/perpage/
-
file/thumb/
-
file/thumb_local/
-
xml/
Example:
chmod 0755 _cache/config/ _cache/feed/ _cache/page/ _cache/query/ _cache/session/ _cache/template/ file/backup/ file/global/ file/perpage/ file/thumb/ file/thumb_local/ xml/
3.2. Files
-
config/config.php
-
config/lock
-
config/lock_ap
Example:
chmod 0660 config/lock config/lock_ap
reset after installation / upgrade
chmod 640 config/config.php
3.3. Defaults
constant.php
const CHMOD_SAFE = 0640; // better to use 0600 in production const CHMOD_FILE = 0644; // file creation mode const CHMOD_DIR = 0755; // directory creation mode
4. Production / Server
Ensure that you've set the permissions as restrictive as possible -- let config files be only readable for owner and webserver and nobody else.
Files require chmod 400
if the webserver runs as file owner username or 440
if the webserver runs as file owner usergroup:
- config.php
- constant.php
5. How to set up File Permissions
In most cases on hosting servers webserver runs as file owner username so the required chmod values are 644 for files and 755 for folders to make them readable and writable for both owner and webserver, and readable for group and others.
To make all files chmod 644 run in SSH console:
find /your_site_public_html -type f -exec chmod 644 {} \;
To make all directories chmod 755 run in SSH console::
find /your_site_public_html -type d -exec chmod 755 {} \;
6. Changing ownership
whoami
id -gn
ls -ld /home/user/workspace/wackowiki/
sudo chown -R user:group /home/user/workspace/wackowiki/