How to change permissions for files/folders with Cpanel

Permissions can be very important when it comes to hosting your website. Permissions can allow our server computer to write and edit your files. Along with that, some files need to be protected from writing and editing, as a security measure. You can change your file permissions in many ways.

Using File Manager in cPanel

All files on UNIX (including Linux and other UNIX variants) machines have access permissions. In this way the operating system knows how to deal with requests to access the files. There are three types of access:

  • Read - Denoted as r, files with read access can be displayed to the user.
  • Write - Denoted as w, files with write access can be modified by the user.
  • Execute - Denoted as x, files with execute access can be executed as programs by the user.

Access types are set for three types of user group:

  • User - The owner of the file.
  • Group - Other files which are in the same folder or group.
  • World - Everyone else.

The web server needs to be able to read your web pages in order to be able to display them in a browser. The following permissions need to be set in order for your web site to function properly.

  • All HTML files and images need to be readable by others. The value for this is 644 (readable by User, Group and World, and writable by User). It is set automatically when you upload files.
  • All folders need to be executable by others. The value for this is 755 (readable by User, Group and World, writable by User, executable by User, Group and World). It is set automatically when you create a folder.
  • All CGI files (all files in the cgi-bin folder) need to be executable by other. The value for this is 755 (readable by User, Group, and World, writable by User, executable by User, Group, and World). It is not set automatically when you upload files. You need to change file permissions manually.

Step 1: Open your File Manager and navigate to the file or folder that you need to change.

Step 2: Click on the name of the file or folder.

Step 3: Click on the Change Permissions link in the top menu of the File Manager page.

Step 4: Click on as many check boxes as you require to create the right permission. The permission numbers underneath the check boxes will update automatically.

Step 5: Click on the Change Permissions button when you are ready. The new permission level is saved and the display updated to show the modified file.

 

Using FTP

Connect to FTP. Go to the file and right click. Choose Permissions or Attributes or Properties (depends on your program).

So, what do these permissions and numbers mean?

File permissions determine what you are allowed to do and who is allowed to do it.

  Owner Group World
Read
Write
Execute

The columns are the three types of users. First is the Owner; the owner is you, the person who has access to the cPanel or shell. Second is the Group; the group is other people on your server. Third is the World; the world is any visitor from the public (think world wide web).

Each row represents a permitted action for this file (or folder). Read means the user is allowed to view the file. Write means the user is allowed to edit the file. Execute means the user is allowed to run the file.

It is very important that Group and World be able to view your website files. However, there are some files which you may not want anyone to see. If you remove the check for Read under Group and World, then the file will not show in anyone's browser (instead visitors will see a 403 Forbidden error).

In the File Manager, permissions are expressed as numbers. We are only concerned with 3 digits, so if you see 4 digits, then ignore the first one. Thus 0755 is the same as 755.

The numbers represent a combination of each unique permission. Also, the first of the three digits represents the permissions for the Owner. The second digit represents the Group. The third digit represents the World.

  • Read is equal to 4.
  • Write is equal to 2.
  • Execute is equal to 1.
  • No permissions for a user is equal to 0.

Thus...

  • Write and Execute without Read is equal to 3.
  • Read and Execute without Write is equal to 5.
  • Read and Write without Execute is equal to 6.
  • Read and Write and Execute is equal to 7.

At this point, all you need to know is that your files should always have permissions of 644 or 755. (For most files, it doesn't matter if you give the executable permission or not. You won't see any difference.)

However, folders must always be 755.

One more rule. Any files inside the cgi-bin folder must have 755 permissions.


Advanced

A common concern is using file permissions of 777.

Our system does not allow 777 on files which process server-side (i.e. PHP). However, many scripts require you to change your files to 777.

I can tell you that 755 will work in lieu of 777. You will not need to use 777 on PHP files or folders.

What's the big deal?

The concern is giving writable permissions to Group and World. This allows hackers from the world wide web to edit your files. Thus, the last two digits of file permissions should never be 2, 3, 6, or 7.

The problem is when you install a PHP script, the script needs permission to edit files. Traditionally, PHP is treated as 'nobody' on the server. Therefore, PHP is treated the same an any unknown visitor and must obey the permissions granted to World.

The solution to this conflict is to treat PHP as the Owner. We have done so by implementing a special PHP security environment known as suPHP (or phpSuExec).

With suPHP, all PHP scripts are allowed the same permissions as the Owner, and outside visitors are still restricted by the World permissions. Therefore, 755 is the perfect number; it allows all actions for PHP and only reading/viewing for potential hackers.

Other formats

Permissions can be expressed many ways. You have already seen the two-dimensional matrix and the 3 or 4 digit numbers.

However, if you prefer to use the Linux shell (SSH), then file permissions will look like this:

drwxr-xr-x

You can ignore the very first character; it represents the file type rather than permissions. Next, you see three letters which represent the Owner's permissions.

  • r = read
  • w = write
  • x = execute
  • - (hyphen) = no permission

The Owner will normally have all three permissions, which is represented by rwx.

The next three characters represent the Group's permissions. Finally, the last three characters represent the World's permissions.

Notice that Group and World do not get the writable permission. In place of the 'w' will be a hyphen, meaning that write is definitely not allowed: r-x.



  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

Website Setup Tips

The best way to get started building your web site is to select an authoring tool and refer to...

How do I login to my Cpanel Account?

If your domain is hosted with Interactive Villages, you can login by typing the url:...

How do I use the Cpanel tools?

To learn more about Cpanel, please browse to the Cpanel help files...

Bandwidth Limits

I'm getting email that says:The domain yourdomain.xyz (yourusername) has reached 90% ofits...

Connecting with FTP

ow do I connect to my Cpanel website with FTP or Dreamweaver?     If your account is...

Powered by WHMCompleteSolution