File permissions can be set and modified through your FTP program or in Unix shell via SSH. Below is an introduction to file permissions and what they mean. We also have a separate FAQ-entry on how to set secure file permissons a>.
Advanced use:
File permissions for different users
File permissions distinguish between three different categories of users who have separate rights to both files and directories / folders:
- user ("owner")
- group
- other ("public"/"anyone"/"everyone")
Different types of permissions
Each of the above-mentioned categories may have the following rights, individually or in combination:
- read
- write ("modify")
- execute
Default file permissions
Default file permissions are as follows:
- Files: owner has read and write permissions, group and others have read permissions.
- Directories (folders): the owner has read, write and execute privileges, group and others have read and execute permissions
The web server is one of those "other", and need access to serve your files. All files with regular content must be readable for "other". If this is not true the web server will respond with "403 Forbidden" (Internet Explorer will display the "page can not be displayed"). See also separate rules for PHP and CGI file permissions.
Setting file permissions using a FTP-program
In a FTP program with a graphical user interface setting the file permissions will usually be done in a "properties" menu for the file or folder.
Advanced use
Setting/changing file permissions in a command line FTP-program og Unix shell
In the Unix shell there is a separate command to change file permissions called chmod
. This command is also used in text-based FTP programs.
Permission categories abbreviated to the following letters in the chmod command:
- user:
u
("user")
- group:
g
("group")
- other:
o
("other")
- read:
r
("read")
- write:
w
("write")
- execute:
x
("execute")
Plus (+) and minus (-) are used to add or remove rights and the equal (=) is used to set rights.
-
Example, remove the write permissions for other users:
chmod o-w filnavn.php
-
Example, remove the read permissions for other users:
chmod o-r filnavn.php
-
Example, remove all permissions for other users:
chmod o= filnavn.php
Note that there's nothing after the equal sign. The chmod
command should be entered accurately, specially with regards to the use of space, and capitalization. The examples above are chosen to show commands that you can do to normal to remove the insecure permissions.
It is also possible to use the numeric codes to set file permissions, but there are no synonyms for the plus and minus notation above, you need to know what rights you want to achieve.
chmod 640 filename.php
corresponds to chmod u=rw,g=r,o= filname.php
chmod 755 wordpress/
corresponds to chmod a=rx,u+w wordpress/