Difference between revisions of "Verifying permissions"
From Joomla! Documentation
m (→Meaning of the numbers: wikfy interwiki link) |
m (→Recommended settings: fix to marker template warning notification) |
||
| (11 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | |||
{{RightTOC}} | {{RightTOC}} | ||
| − | |||
== Recommended settings == | == Recommended settings == | ||
| − | * Depending on the security configuration of your Web server the recommended default permissions | + | The following information refers to Unix/Linux based server. If your web server is a Microsoft Windows based server(IIS), you should read:[[How do Windows file permissions work?]]. Then apply the applicable recommended settings below to your Windows based server. |
| + | * Depending on the security configuration of your Web server the recommended default permissions are: | ||
** 755 for directories | ** 755 for directories | ||
** 644 for files | ** 644 for files | ||
| + | ** Don't use extensions that require 777 permissions! | ||
| + | {{warning|imagesize=25px|'''Note:''' On file permissions, in general never use 777 if you don't know what you are doing.}} | ||
| − | '' | + | == How to Locate them == |
| − | + | There are a variety of methods to view the permissions of your website's files. For example, your host's cpanel file browser or a common [[wikipedia:File_Transfer_Protocol|FTP(File Transfer Protocol)]] program. | |
| + | Depending on what you are using, you should see something like this image. | ||
| + | [[File:Verifying Permissions FTP.png|center|frame]] | ||
| + | Again, depending on what method you are using, changing the permissions. | ||
| + | [[File:Verifying Permissions FTP Changing.png|center|frame]] | ||
| + | Correct file permissions | ||
| + | [[File:Verifying Permissions FTP Correct.png|center|frame]] | ||
== Learning the numbers == | == Learning the numbers == | ||
| − | Each digit corresponds to a group of three letters | + | Each octal digit corresponds to a group of three letters in a specific group. Therefore, the three digits also corresponds to each group as a set of permissions: |
| − | + | <pre> | |
| − | + | -rwxrwxrwx (is broken up into the three distinct groups) | |
| − | + | \ \ \ | |
| + | -(rwx)(rwx)(rwx) | ||
| + | / / / | ||
| + | Owner Group Others (always in this order, Owner, Group, Others) | ||
| + | 7 7 7 | ||
| + | d stands for directory and shows as: drwxrwxrwx instead of -drwxrwxrwx | ||
| + | </pre> | ||
| − | + | ====Remember==== | |
| + | * First digit = owner, or User | ||
| + | * second digit = group (other Users on your server) | ||
| + | * third digit = others (everyone else, the world!) | ||
| + | |||
| + | '''Note:''' On some servers you may not see the numbers as shown above, what you see is -rwxrwxrwx or something similar. | ||
== Meaning of the numbers == | == Meaning of the numbers == | ||
| − | + | It is much easier to say the "octal" sum of a file or directory has 755 permissions than to call out the permissions:<code>-rwxr-xr-x</code> | |
| − | + | ||
| − | + | The permission # is a three-digit octal number where the three digits correspond to the access rights of the user who owns the file, the group and other users. Each octal digit is the sum of the permissions granted. To make it easy to understand, just remember: | |
| − | + | <pre> | |
| + | r = Read = 4 | ||
| + | w = Write = 2 | ||
| + | x = Execute = 1 | ||
| + | </pre> | ||
| + | |||
| + | If read permission is granted the "octal" number is 4. Add 2 to 4 for a 6 if write permission is granted along with read permission. Then you can finally add 1 if execute permission is granted along with the Read and Write permission. If there are no permission at all, the sum is 0. Just do the Octal Math: | ||
| + | |||
| + | {| class="wikitable" style="text-align:center;" | ||
| + | |- | ||
| + | !"Octal" # | ||
| + | !(r)ead | ||
| + | !(w)rite | ||
| + | !e(x)ecute | ||
| + | !User or Group or Others | ||
| + | |- | ||
| + | |0 | ||
| + | |no | ||
| + | |no | ||
| + | |no | ||
| + | |<code>---</code> 0+0+0 = 0 | ||
| + | |- | ||
| + | |1 | ||
| + | |no | ||
| + | |no | ||
| + | |yes | ||
| + | |<code>--x</code> 0+0+1 = 1 | ||
| + | |- | ||
| + | |2 | ||
| + | |no | ||
| + | |yes | ||
| + | |no | ||
| + | |<code>-w-</code> 0+2+0 = 2 | ||
| + | |- | ||
| + | |3 | ||
| + | |no | ||
| + | |yes | ||
| + | |yes | ||
| + | |<code>-wx</code> 0+2+1 = 3 | ||
| + | |- | ||
| + | |4 | ||
| + | |yes | ||
| + | |no | ||
| + | |no | ||
| + | |<code>r--</code> 4+0+0 = 4 | ||
| + | |- | ||
| + | |5 | ||
| + | |yes | ||
| + | |no | ||
| + | |yes | ||
| + | |<code>r-x</code> 4+0+1 = 5 | ||
| + | |- | ||
| + | |6 | ||
| + | |yes | ||
| + | |yes | ||
| + | |no | ||
| + | |<code>rw-</code> 4+2+0 = 6 | ||
| + | |- | ||
| + | |7 | ||
| + | |yes | ||
| + | |yes | ||
| + | |yes | ||
| + | |<code>rwx</code> 4+2+1 = 7 | ||
| + | |- | ||
| + | |} | ||
| + | Now it is time to put it all together. User, Group, Others(Everyone or the World) into a 3 digit "octal" permission number. | ||
| − | ''' | + | * 777 means EVERYONE can read, write and execute ANY file or <code>-rwxrwxrwx</code> |
| − | * For a complete explanation read the Wikipedia article: [[wikipedia:Filesystem_permissions| | + | {{warning|imagesize=30px|This something you '''NEVER''' want to be allowed on your server/website unless you are absolutely sure you know what you are doing.}} |
| + | * 755 is rwx (owner), r-x (group) and r-x (others) or in other words everyone may read and execute (run) but only the owner(you) may make changes to the file. It would look like this when it is all put together: <code>-rwxr-xr-x</code> | ||
| + | * 644 is rw-, r--, r-- or EVERYONE can read the file but only the owner may write to the file or <code>-rw-r--r--</code> | ||
| + | * Permissions can be applied to directories as well which is why you might see this <code>drwxrwxrwx</code>, the "d" is for directory. Of course this is a 777 permission and not recommended! | ||
| + | * For a complete explanation read the Wikipedia article: [[wikipedia:Filesystem_permissions|Filesystem permissions]] | ||
== Additional reading == | == Additional reading == | ||
| Line 40: | Line 127: | ||
| − | <noinclude>[[Category: | + | <noinclude>[[Category:Security]][[Category:Server configurations]]</noinclude> |
Latest revision as of 17:44, 1 December 2012
Recommended settings[edit]
The following information refers to Unix/Linux based server. If your web server is a Microsoft Windows based server(IIS), you should read:How do Windows file permissions work?. Then apply the applicable recommended settings below to your Windows based server.
- Depending on the security configuration of your Web server the recommended default permissions are:
- 755 for directories
- 644 for files
- Don't use extensions that require 777 permissions!
Warning!
Note: On file permissions, in general never use 777 if you don't know what you are doing.
How to Locate them[edit]
There are a variety of methods to view the permissions of your website's files. For example, your host's cpanel file browser or a common FTP(File Transfer Protocol) program.
Depending on what you are using, you should see something like this image.
Again, depending on what method you are using, changing the permissions.
Correct file permissions
Learning the numbers[edit]
Each octal digit corresponds to a group of three letters in a specific group. Therefore, the three digits also corresponds to each group as a set of permissions:
-rwxrwxrwx (is broken up into the three distinct groups)
\ \ \
-(rwx)(rwx)(rwx)
/ / /
Owner Group Others (always in this order, Owner, Group, Others)
7 7 7
d stands for directory and shows as: drwxrwxrwx instead of -drwxrwxrwx
Remember[edit]
- First digit = owner, or User
- second digit = group (other Users on your server)
- third digit = others (everyone else, the world!)
Note: On some servers you may not see the numbers as shown above, what you see is -rwxrwxrwx or something similar.
Meaning of the numbers[edit]
It is much easier to say the "octal" sum of a file or directory has 755 permissions than to call out the permissions:-rwxr-xr-x
The permission # is a three-digit octal number where the three digits correspond to the access rights of the user who owns the file, the group and other users. Each octal digit is the sum of the permissions granted. To make it easy to understand, just remember:
r = Read = 4 w = Write = 2 x = Execute = 1
If read permission is granted the "octal" number is 4. Add 2 to 4 for a 6 if write permission is granted along with read permission. Then you can finally add 1 if execute permission is granted along with the Read and Write permission. If there are no permission at all, the sum is 0. Just do the Octal Math:
| "Octal" # | (r)ead | (w)rite | e(x)ecute | User or Group or Others |
|---|---|---|---|---|
| 0 | no | no | no | --- 0+0+0 = 0
|
| 1 | no | no | yes | --x 0+0+1 = 1
|
| 2 | no | yes | no | -w- 0+2+0 = 2
|
| 3 | no | yes | yes | -wx 0+2+1 = 3
|
| 4 | yes | no | no | r-- 4+0+0 = 4
|
| 5 | yes | no | yes | r-x 4+0+1 = 5
|
| 6 | yes | yes | no | rw- 4+2+0 = 6
|
| 7 | yes | yes | yes | rwx 4+2+1 = 7
|
Now it is time to put it all together. User, Group, Others(Everyone or the World) into a 3 digit "octal" permission number.
- 777 means EVERYONE can read, write and execute ANY file or
-rwxrwxrwx
Warning!
This something you NEVER want to be allowed on your server/website unless you are absolutely sure you know what you are doing.
- 755 is rwx (owner), r-x (group) and r-x (others) or in other words everyone may read and execute (run) but only the owner(you) may make changes to the file. It would look like this when it is all put together:
-rwxr-xr-x - 644 is rw-, r--, r-- or EVERYONE can read the file but only the owner may write to the file or
-rw-r--r-- - Permissions can be applied to directories as well which is why you might see this
drwxrwxrwx, the "d" is for directory. Of course this is a 777 permission and not recommended! - For a complete explanation read the Wikipedia article: Filesystem permissions