Setting File Permissions

Also available in Deutsch, Español, Français?, Русский, 简体中文.



1. Unix permissions

All the files and folders permissions are set according to current web server configuration.


There could be some different situations when the webserver runs:

  1. owner - with the same username as file/directory owner
  2. group - with the same group name as file/directory owner/user group
  3. others - as nobody
  4. as root

Permissions Directory File Notes
1. owner
read
0500 0400
write
0700 0600
2. group
read
0550 0440
write
0770 0660
3. others
read
0555 0444
write
0777 0666 SECURITY RISK

2. Package / Repository

The default permission are:


Permissions Directory File
default 0755 0644

3. Installation / Upgrade

Change the permissions on the following directories and files to be writable

3.1. Directories

  • _cache/config/
  • _cache/feed/
  • _cache/page/
  • _cache/query/
  • _cache/session/
  • _cache/template/
  • file/backup/
  • file/global/
  • file/perpage/
  • file/thumb/
  • file/thumb_local/
  • xml/

Example:

chmod 0755 _cache/config/ _cache/feed/ _cache/page/ _cache/query/ _cache/session/ _cache/template/ file/backup/ file/global/ file/perpage/ file/thumb/ file/thumb_local/ xml/	

3.2. Files

  • config/config.php
  • config/lock
  • config/lock_ap

Example:
chmod 0660 config/lock config/lock_ap


reset after installation / upgrade
chmod 640 config/config.php

3.3. Defaults


constant.php

const CHMOD_SAFE	= 0640;			// better to use 0600 in production
const CHMOD_FILE	= 0644;			// file creation mode
const CHMOD_DIR		= 0755;			// directory creation mode	

4. Production / Server

Ensure that you've set the permissions as restrictive as possible -- let config files be only readable for owner and webserver and nobody else.


Files require chmod 400 if the webserver runs as file owner username or 440 if the webserver runs as file owner usergroup:

  • config.php
  • constant.php

5. How to set up File Permissions


In most cases on hosting servers webserver runs as file owner username so the required chmod values are 644 for files and 755 for folders to make them readable and writable for both owner and webserver, and readable for group and others.


To make all files chmod 644 run in SSH console:


find /your_site_public_html -type f -exec chmod 644 {} \;	

To make all directories chmod 755 run in SSH console::


find /your_site_public_html -type d -exec chmod 755 {} \;	

6. Changing ownership

 whoami	

 id -gn	

ls -ld /home/user/workspace/wackowiki/	

sudo chown -R user:group /home/user/workspace/wackowiki/	

Comments

  1. setting permissions for files and directories

    to make files -rw- r-- r--:
    su find /your/location -type f -exec chmod 644 {} \;	


    to make directories rwx r-x r-x:
    su find /your/location -type d -exec chmod 755 {} \;	



    There could be some different situations when the webserver runs:

    1. with the same username as file/directory owner
    2. with the same group name as file/directory owneruser group
    3. as nobody
    4. as root


    This permission will work well for #1, #4:

    0644 (rw-r--r--) system files
    0644 (rw-r--r--) server writable files
    0755 (rwxr-xr-x) system directories
    0755 (rwxr-xr-x) server writable directories

    or

    0600 (rw-------) system files
    0600 (rw-------) server writable files
    0700 (rwx------) system directories
    0700 (rwx------) server writable directories


    This permission will work well for #1, #2, #4:

    0644 (rw-r--r--) system files
    0664 (rw-rw-r--) server writable files
    0755 (rwxr-xr-x) system directories
    0775 (rwxrwxr-x) server writable directories

    and

    0640 (rw-r-----) system files
    0660 (rw-rw----) server writable files
    0750 (rwxr-x---) system directories
    0770 (rwxrwx---) server writable directories


    This permission will work well for #3:

    0644 (rw-r--r--) system files
    0666 (rw-rw-rw-) server writable files
    0755 (rwxr-xr-x) system directories
    0777 (rwxrwxrwx) server writable directories


    So I guess there should be 4 variables tested and if works set in config during installation:
    system_files = 0644
    server_writable_files = 0644
    system_directories = 0755
    server_writable_directories = 0755

    • WikiAdmin
    • 02.09.2019 18:09 edited