Verifying permissions

From Joomla! Documentation

Revision as of 22:44, 1 December 2012 by Tom Hutchison (talk | contribs) (→‎Recommended settings: fix to marker template warning notification)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Recommended settings[edit]

The following information refers to Unix/Linux based server. If your web server is a Microsoft Windows based server(IIS), you should read:How do Windows file permissions work?. Then apply the applicable recommended settings below to your Windows based server.

  • Depending on the security configuration of your Web server the recommended default permissions are:
    • 755 for directories
    • 644 for files
    • Don't use extensions that require 777 permissions!
Stop hand nuvola.svg.png
Warning!

Note: On file permissions, in general never use 777 if you don't know what you are doing.


How to Locate them[edit]

There are a variety of methods to view the permissions of your website's files. For example, your host's cpanel file browser or a common FTP(File Transfer Protocol) program.

Depending on what you are using, you should see something like this image.

Verifying Permissions FTP.png

Again, depending on what method you are using, changing the permissions.

Verifying Permissions FTP Changing.png

Correct file permissions

Verifying Permissions FTP Correct.png

Learning the numbers[edit]

Each octal digit corresponds to a group of three letters in a specific group. Therefore, the three digits also corresponds to each group as a set of permissions:

  -rwxrwxrwx (is broken up into the three distinct groups)
    \   \   \
 -(rwx)(rwx)(rwx)
    /   /    /
Owner Group Others (always in this order, Owner, Group, Others)
  7    7     7

 d stands for directory and shows as: drwxrwxrwx instead of -drwxrwxrwx

Remember[edit]

  • First digit = owner, or User
  • second digit = group (other Users on your server)
  • third digit = others (everyone else, the world!)


Note: On some servers you may not see the numbers as shown above, what you see is -rwxrwxrwx or something similar.

Meaning of the numbers[edit]

It is much easier to say the "octal" sum of a file or directory has 755 permissions than to call out the permissions:-rwxr-xr-x

The permission # is a three-digit octal number where the three digits correspond to the access rights of the user who owns the file, the group and other users. Each octal digit is the sum of the permissions granted. To make it easy to understand, just remember:

 r = Read    = 4
 w = Write   = 2
 x = Execute = 1

If read permission is granted the "octal" number is 4. Add 2 to 4 for a 6 if write permission is granted along with read permission. Then you can finally add 1 if execute permission is granted along with the Read and Write permission. If there are no permission at all, the sum is 0. Just do the Octal Math:

"Octal" # (r)ead (w)rite e(x)ecute User or Group or Others
0 no no no --- 0+0+0 = 0
1 no no yes --x 0+0+1 = 1
2 no yes no -w- 0+2+0 = 2
3 no yes yes -wx 0+2+1 = 3
4 yes no no r-- 4+0+0 = 4
5 yes no yes r-x 4+0+1 = 5
6 yes yes no rw- 4+2+0 = 6
7 yes yes yes rwx 4+2+1 = 7

Now it is time to put it all together. User, Group, Others(Everyone or the World) into a 3 digit "octal" permission number.

  • 777 means EVERYONE can read, write and execute ANY file or -rwxrwxrwx
Stop hand nuvola.svg.png
Warning!

This something you NEVER want to be allowed on your server/website unless you are absolutely sure you know what you are doing.

  • 755 is rwx (owner), r-x (group) and r-x (others) or in other words everyone may read and execute (run) but only the owner(you) may make changes to the file. It would look like this when it is all put together: -rwxr-xr-x
  • 644 is rw-, r--, r-- or EVERYONE can read the file but only the owner may write to the file or -rw-r--r--
  • Permissions can be applied to directories as well which is why you might see this drwxrwxrwx, the "d" is for directory. Of course this is a 777 permission and not recommended!
  • For a complete explanation read the Wikipedia article: Filesystem permissions

Additional reading[edit]