If you don't know what file permissions are, you should read a bit about them first.
When you upload new files and directories to your website with FTP or SSH, they will normally get the correct file permissions. Your user can read and change/delete them, while the web server and other users are only permitted to read them. But configuration files with passwords etc. should not be readable by others.
The installation instructions for some PHP software will instruct you to use the command
chmod 777 or
chmod 666 to set the "correct" permissions. In most cases, this is wrong.
Wrong file permissions may result in malfunctioning webpages ("Internal server error" or other error messages), and introduce security risks: other people can damage or deface your website.
See below for a more detailed description of what's correct and necessary for our customers.
PHP files must not be writable by others/public, even if e.g. Joomla or WordPress installation instructions claim so.
PHP files also don't need to be executable, and it's unnecessary for them to be readable by others/public
Files with secret settings, admin passwords, database passwords, etc., should not be readable by others. This information may be used to modify your web pages!
Feel free to read some technical information about PHP.
On our web servers, PHP uses uWSGI with
register_globals=Off. PHP programs run with your Unix/FTP username's permissions, and not as a part of the webserver.
You will get an "Internal server error" message if other users than your Unix user can write to these files. You can remedy this in the Unix shell with the following command:
chmod og-rwx filename.php (the numeric chmod code can be e.g. 640 or 600).
Configuration files ("config.php", "configuration.php", etc.) with database passwords and similar information should not be readable for others, since this can be abused to modify your data. You can remedy this in the Unix shell with the following command:
chmod og-rwx configuration.php (the numeric chmod code can be e.g. 640 or 600).
In FTP programs remove the read permissions for "others".
All CGI scripts must be executable, i.e. the 'x' bit must be set. Do this by executing the command
chmod ug+x filename.cgi in a Unix shell. FTP software uses similar terminology.
Please note that on our web servers, CGI scripts run as your Unix user, not the user www. Files and directories that CGI scripts write to need only to be writable for your user.
All CGI scripts must be owned by your Unix user and may not be writable for others than yourself. You may not place them in directories writable for others than yourself. The Unix shell command is
chmod og-rwx filename.cgi (the numerical code is 640 or 600).
Configuration files ("config.cgi", "config.pl", "configuration.cgi", etc.) containing e.g. database passwords should not be readable by others, since this information can be abused to modify your data. The Unix shell command is
chmod og-rwx configuration.cgi (the numerical code is 640 or 600).
Similar functionality exists in FTP clients, remove the permission to read for "others".