Hi all,
Today I’m going to talk about file permissions on a Linux environment. Setting file permissions on your Web server should be the first thing you do.
Users and groups
To put it simply, a user is an account that has access to the computer, and a group just is an identifier for a certain set of users. This means that every time you transfer files using FTP, you are using a user account on your server. And depending on how your host has set up your account, you (the user) might belong to one or more groups.Users and groups are important because they help to identify privileges for all of our files and folders. Owners of a file normally would have full privileges on it; other users who belong to the same group would have fewer privileges on it; while everyone else might have no privileges on it. These privileges are what we call permissions.
File permissions
Permissions dictate what users can do with a file. A permission is represented by a set of numbers, such as 644 or 777, referred to as a permission mode. By changing the file’s permissions, you are allowing the Web server to gain access to that file or folder.
- First digit
What the user of the account that owns the file can do. - Second digit
What other user accounts in the owner’s group can do. - Third digit
What the user accounts of everyone else (including website visitors) can do.
Next, the number corresponds to the “what” part of the statement and is a sum of a combination of any these digits:
4
Read a file, or read the names of the files in a folder2
Write or modify a file, or modify the contents of a folder1
Execute or run a file, or access the files in a folder
If you have access to your server’s terminal, you can also use the chmod command to change the permission mode of a file or folder:
sudo chmod 644 <file>
Permissions for WORDPRESS
If you are using wordpress All of our files and folders should now have the correct ownership. Now it’s time to adjust the permission modes. To make things simpler, you’ll only need to remember the following:
- All files should be
664
. - All folders should be
775
. wp-config.php
should be660
.
Here’s what we’re trying to achieve with this set of permission modes:
- Our user account may read and modify our files.
- WordPress (via our Web server) may read and modify our scripts.
- WordPress may create, modify or delete files and folders.
- Other people may not see our database credentials in
wp-config.php
.
Recursively give directories read & execute privileges:
find /path/to/base/dir -type d -exec chmod 755 {} +
To recursively give files read privileges:
find /path/to/base/dir -type f -exec chmod 644 {} +
Or, if there are many objects to process:
chmod 755 $(find /path/to/base/dir -type d)
chmod 644 $(find /path/to/base/dir -type f)
Or, to reduce chmod
spawning:
find /path/to/base/dir -type d -print0 | xargs -0 chmod 755 find /path/to/base/dir -type f -print0 | xargs -0 chmod 644
Hopefully, you can implement these tips to keep your website safe and secure. If you have any additional tips regarding permissions and security, please share them in the comments below. 🙂