//Also available in ((../Deutsch/Dateiberechtigungen Deutsch)), ((../Español/PermisosDeArchivos Español)), ((../Français/FilePermissions Français)), ((../Русский/ФайловыеРазрешения Русский)), ((/Doc/简体中文/文件系统权限 简体中文)).//
{{toc numerate=1}}
===Unix permissions===
All the ((/Dev/Guidelines/FileSystemPermissions files and folders permissions)) are set according to current web server configuration.
There could be some different situations when the webserver runs:
1. ##owner## - with the same username as file/directory owner
2. ##group## - with the same group name as file/directory owner/user group
3. ##others## - as nobody
4. as root
#|
*| Permissions | Directory | File | Notes |*
|| **1. owner** ||
|| read | ##0500## | ##0400## | ||
|| write | ##0700## | ##0600## | ||
|| **2. group** ||
|| read | ##0550## | ##0440## | ||
|| write | ##0770## | ##0660## | ||
|| **3. others** ||
|| read | ##0555## | ##0444## | ||
|| write | ##0777## | ##0666## | **SECURITY RISK** ||
|#
===Package / Repository===
The default permission are:
#|
*| Permissions | Directory | File |*
|| default | ##0755## | ##0644## ||
|#
===Installation / Upgrade===
Change the permissions on the following directories and files to be writable
====Directories====
* ##_cache/config/##
* ##_cache/feed/##
* ##_cache/page/##
* ##_cache/query/##
* ##_cache/session/##
* ##_cache/template/##
* ##file/backup/##
* ##file/global/##
* ##file/perpage/##
* ##file/thumb/##
* ##file/thumb_local/##
* ##xml/##
Example:
##chmod 0755 _cache/config/ _cache/feed/ _cache/page/ _cache/query/ _cache/session/ _cache/template/ file/backup/ file/global/ file/perpage/ file/thumb/ file/thumb_local/ xml/##
====Files====
* ##config/config.php##
* ##config/lock##
* ##config/lock_ap##
Example:
##chmod 0660 config/lock config/lock_ap##
reset after installation / upgrade
##chmod 640 config/config.php##
====Defaults====
constant.php
%%
const CHMOD_SAFE = 0640; // better to use 0600 in production
const CHMOD_FILE = 0644; // file creation mode
const CHMOD_DIR = 0755; // directory creation mode
%%
===Production / Server===
Ensure that you've set the permissions as restrictive as possible -- let config files be only readable for owner and webserver and nobody else.
Files require ##chmod 400## if the webserver runs as file owner username or ##440## if the webserver runs as file owner usergroup:
* config.php
* constant.php
===How to set up File Permissions===
In most cases on hosting servers webserver runs as file owner username so the required chmod values are 644 for files and 755 for folders to make them readable and writable for both owner and webserver, and readable for group and others.
To make all files chmod 644 run in SSH console:
%%
find /your_site_public_html -type f -exec chmod 644 {} \;
%%
To make all directories chmod 755 run in SSH console::
%%
find /your_site_public_html -type d -exec chmod 755 {} \;
%%
===Changing ownership===
%% whoami %%
%% id -gn %%
%%ls -ld /home/user/workspace/wackowiki/%%
%%sudo chown -R user:group /home/user/workspace/wackowiki/%%