Setting File Permissions
Also available in Deutsch, Español, Français?, Русский, 简体中文.
1. Unix permissions
All the files and folders permissions are set according to current web server configuration.
There could be some different situations when the webserver runs:
-
owner
- with the same username as file/directory owner -
group
- with the same group name as file/directory owner/user group -
others
- as nobody - as root
Permissions | Directory | File | Notes |
---|---|---|---|
1. owner | |||
read
| 0500 | 0400 | |
write
| 0700 | 0600 | |
2. group | |||
read
| 0550 | 0440 | |
write
| 0770 | 0660 | |
3. others | |||
read
| 0555 | 0444 | |
write
| 0777 | 0666 | SECURITY RISK |
2. Package / Repository
The default permission are:
Permissions | Directory | File |
---|---|---|
default | 0755 | 0644 |
3. Installation / Upgrade
Change the permissions on the following directories and files to be writable
3.1. Directories
-
_cache/config/
-
_cache/feed/
-
_cache/page/
-
_cache/query/
-
_cache/session/
-
_cache/template/
-
file/backup/
-
file/global/
-
file/perpage/
-
file/thumb/
-
file/thumb_local/
-
xml/
Example:
chmod 0755 _cache/config/ _cache/feed/ _cache/page/ _cache/query/ _cache/session/ _cache/template/ file/backup/ file/global/ file/perpage/ file/thumb/ file/thumb_local/ xml/
3.2. Files
-
config/config.php
-
config/lock
-
config/lock_ap
Example:
chmod 0660 config/lock config/lock_ap
reset after installation / upgrade
chmod 640 config/config.php
3.3. Defaults
constant.php
const CHMOD_SAFE = 0640; // better to use 0600 in production const CHMOD_FILE = 0644; // file creation mode const CHMOD_DIR = 0755; // directory creation mode
4. Production / Server
Ensure that you've set the permissions as restrictive as possible -- let config files be only readable for owner and webserver and nobody else.
Files require chmod 400
if the webserver runs as file owner username or 440
if the webserver runs as file owner usergroup:
- config.php
- constant.php
5. How to set up File Permissions
In most cases on hosting servers webserver runs as file owner username so the required chmod values are 644 for files and 755 for folders to make them readable and writable for both owner and webserver, and readable for group and others.
To make all files chmod 644 run in SSH console:
find /your_site_public_html -type f -exec chmod 644 {} \;
To make all directories chmod 755 run in SSH console::
find /your_site_public_html -type d -exec chmod 755 {} \;
6. Changing ownership
whoami
id -gn
ls -ld /home/user/workspace/wackowiki/
sudo chown -R user:group /home/user/workspace/wackowiki/
setting permissions for files and directories
-rw- r-- r--
:to make directories
rwx r-x r-x
:There could be some different situations when the webserver runs:
1. with the same username as file/directory owner
2. with the same group name as file/directory owneruser group
3. as nobody
4. as root
This permission will work well for #1, #4:
0644 (rw-r--r--) system files
0644 (rw-r--r--) server writable files
0755 (rwxr-xr-x) system directories
0755 (rwxr-xr-x) server writable directories
or
0600 (rw-------) system files
0600 (rw-------) server writable files
0700 (rwx------) system directories
0700 (rwx------) server writable directories
This permission will work well for #1, #2, #4:
0644 (rw-r--r--) system files
0664 (rw-rw-r--) server writable files
0755 (rwxr-xr-x) system directories
0775 (rwxrwxr-x) server writable directories
and
0640 (rw-r-----) system files
0660 (rw-rw----) server writable files
0750 (rwxr-x---) system directories
0770 (rwxrwx---) server writable directories
This permission will work well for #3:
0644 (rw-r--r--) system files
0666 (rw-rw-rw-) server writable files
0755 (rwxr-xr-x) system directories
0777 (rwxrwxrwx) server writable directories
So I guess there should be 4 variables tested and if works set in config during installation:
system_files = 0644
server_writable_files = 0644
system_directories = 0755
server_writable_directories = 0755