The following information refers to Unix/Linux based server. If your web server is a Microsoft Windows based server(IIS), you should read:How do Windows file permissions work?. Then apply the applicable recommended settings below to your Windows based server.
- Depending on the security configuration of your Web server the recommended default permissions are:
- 755 for directories
- 644 for files
- Don't use extensions that require 777 permissions!
How to Locate them
There are a variety of methods to view the permissions of your website's files. For example, your host's cpanel file browser or a common FTP(File Transfer Protocol) program.
Depending on what you are using, you should see something like this image.
Again, depending on what method you are using, changing the permissions.
Correct file permissions
Learning the numbers
Each octal digit corresponds to a group of three letters in a specific group. Therefore, the three digits also corresponds to each group as a set of permissions:
-rwxrwxrwx (is broken up into the three distinct groups) \ \ \ -(rwx)(rwx)(rwx) / / / Owner Group Others (always in this order, Owner, Group, Others) 7 7 7 d stands for directory and shows as: drwxrwxrwx instead of -drwxrwxrwx
- First digit = owner, or User
- second digit = group (other Users on your server)
- third digit = others (everyone else, the world!)
Note: On some servers you may not see the numbers as shown above, what you see is -rwxrwxrwx or something similar.
Meaning of the numbers
It is much easier to say the "octal" sum of a file or directory has 755 permissions than to call out the permissions:
The permission # is a three-digit octal number where the three digits correspond to the access rights of the user who owns the file, the group and other users. Each octal digit is the sum of the permissions granted. To make it easy to understand, just remember:
r = Read = 4 w = Write = 2 x = Execute = 1
If read permission is granted the "octal" number is 4. Add 2 to 4 for a 6 if write permission is granted along with read permission. Then you can finally add 1 if execute permission is granted along with the Read and Write permission. If there are no permission at all, the sum is 0. Just do the Octal Math:
|"Octal" #||(r)ead||(w)rite||e(x)ecute||User or Group or Others|
Now it is time to put it all together. User, Group, Others(Everyone or the World) into a 3 digit "octal" permission number.
- 777 means EVERYONE can read, write and execute ANY file or
This something you NEVER want to be allowed on your server/website unless you are absolutely sure you know what you are doing.
- 755 is rwx (owner), r-x (group) and r-x (others) or in other words everyone may read and execute (run) but only the owner(you) may make changes to the file. It would look like this when it is all put together:
- 644 is rw-, r--, r-- or EVERYONE can read the file but only the owner may write to the file or
- Permissions can be applied to directories as well which is why you might see this
drwxrwxrwx, the "d" is for directory. Of course this is a 777 permission and not recommended!
- For a complete explanation read the Wikipedia article: Filesystem permissions