Correct file permissions for a website

Hi all,
 Today I’m going to talk about file permissions on a Linux environment.  Setting file permissions on your Web server should be the first thing you do.

Users and groups

To put it simply, a user is an account that has access to the computer, and a group just is an identifier for a certain set of users. This means that every time you transfer files using FTP, you are using a user account on your server. And depending on how your host has set up your account, you (the user) might belong to one or more groups.Users and groups are important because they help to identify privileges for all of our files and folders. Owners of a file normally would have full privileges on it; other users who belong to the same group would have fewer privileges on it; while everyone else might have no privileges on it. These privileges are what we call permissions.

File permissions

Permissions dictate what users can do with a file. A permission is represented by a set of numbers, such as 644 or 777, referred to as a permission mode. By changing the file’s permissions, you are allowing the Web server to gain access to that file or folder.

  • First digit 
          What the user of the account that owns the file can do.
  • Second digit
          What other user accounts in the owner’s group can do.
  • Third digit
          What the user accounts of everyone else (including website visitors) can do.

Next, the number corresponds to the “what” part of the statement and is a sum of a combination of any these digits:

  • 4
    Read a file, or read the names of the files in a folder
  • 2
    Write or modify a file, or modify the contents of a folder
  • 1
    Execute or run a file, or access the files in a folder

If you have access to your server’s terminal, you can also use the chmod command to change the permission mode of a file or folder:

sudo chmod 644 <file>

Permissions for WORDPRESS

If you are using  wordpress All of our files and folders should now have the correct ownership. Now it’s time to adjust the permission modes. To make things simpler, you’ll only need to remember the following:

  • All files should be 664.
  • All folders should be 775.
  • wp-config.php should be 660.

Here’s what we’re trying to achieve with this set of permission modes:

  • Our user account may read and modify our files.
  • WordPress (via our Web server) may read and modify our scripts.
  • WordPress may create, modify or delete files and folders.
  • Other people may not see our database credentials in wp-config.php.

Recursively give directories read & execute privileges:

find /path/to/base/dir -type d -exec chmod 755 {} +

To recursively give files read privileges:

find /path/to/base/dir -type f -exec chmod 644 {} +

Or, if there are many objects to process:

chmod 755 $(find /path/to/base/dir -type d)
chmod 644 $(find /path/to/base/dir -type f)

Or, to reduce chmod spawning:

find /path/to/base/dir -type d -print0 | xargs -0 chmod 755 
find /path/to/base/dir -type f -print0 | xargs -0 chmod 644

Hopefully, you can implement these tips to keep your  website safe and secure. If you have any additional tips regarding permissions and security, please share them in the comments below. 🙂

 

Leave a Reply