File Permissions Explained with CHMOD
Setting file permissions is one of the most common tasks involved in uploading files to your hosting account, especially if you are using various scripts, eg. installing scripts the old fashioned way without Fantastico!
CHMOD refers to the command line option for setting file permissions first used on Unix systems and widely in use today.
For everyday users setting file permissions has been made even easier and you can set permissions for files and directors from both your cPanel File Manager, and also with an FTP client such as FileZilla.
CHMOD refers to the command for setting file permissions first used on Unix systems and commonly used today.
File permissions are divided into 3 categories
- r if the read bit is set, - if it is not.
- w if the write bit is set, - if it is not.
- x if the execute bit is set, - if it is not.
These permissions are also applied across 3 groups – UGO which represents User, Group, Other.
Using the example permissions:
(rwx) (r-x) (r-x) | | | User Group Other
The first set of permissions (rwx) represents read, write, and execute permission for the User.
The second set (r-x) represents read and execute permissions the Group, and members belonging to the group.
The last set (r-x) represents read and execute permissions for Others, or the world/public at large!
A common way to represent these permission values and the values used in your cPanel File Manager and via the CHMOD option in your FTP client is in Octal notation.
You may have seen file permissions set to three digit values such as 755 above. Each permission setting can be represented by a numerical value:
- The read “r” bit adds 4 to its total (in binary 100),
- The write “w” bit adds 2 to its total (in binary 010), and
- The execute “x” bit adds 1 to its total (in binary 001).
When these values are added together, the total is used to set specific permissions.
For example, a file index.php, with the following permissions rwx-r-x-r-x
(rwx) (r-x) (r-x) | | | 4+2+1 4+0+1 4+0+1
When converted to Octal notation, this gives you the permission setting of 755
Beware 666 and 777
Biblical implications aside, setting permissions to 666 or 777 will allow everyone to read and write to a file or directory. Such settings as these could allow tampering with sensitive files so in general, it’s not a good idea to allow these settings.
Setting files and directories to 777 will commonly result in HTTP 500 Errors.
Here are a list of some common settings, numerical values and their meanings:
- -rw------- = (600) Only the user has read and write permissions.
- -rw-r--r-- = (644) Only user has read and write permissions; the group and others can read only.
- -rwx------ = (700) Only the user has read, write and execute permissions.
- -rwxr-xr-x = (755) The user has read, write and execute permissions; the group and others can only read and execute.
- -rwx--x--x = (711) The user has read, write and execute permissions; the group and others can only execute.
- -rw-rw-rw- = (666) Everyone can read and write to the file. Bad idea.
- -rwxrwxrwx = (777) Everyone can read, write and execute. Another bad idea.
Here are a couple of common settings for directories (note the d at the beginning for directory/folder permissions):
- drwx------ = (700) Only the user can read, write in this directory.
- drwxr-xr-x = (755) Everyone can read the directory, but its contents can only be changed by the user.