Hosting Tutorial & Guide

File Permissions & What Do They Mean to Shared Web Hosting Security

updated on Sep 14, 2014
File Permissions & What Do They Mean to Shared Web Hosting Security File permissions can be confusing for beginners with no experience in coding, but they do matter in the security of your website files and codes placed in a Linux based system. It is important to make them right to control others' access to your files. As the term might be unfamiliar to some people, this tutorial is written to give detailed definition on it, offer guides on recognizing it, and clarify its importance to shared web hosting security.

What Are File Permissions?

When files are created, usually they are given default permissions which grant a certain group of people the right to read, write or execute them. Every file and folder on your account has its own permissions to control which level of access people have, which allows you to determine how people can access your website thus to protect files against the access from unauthorized users.

There are 3 levels of user based access you can give to a file. Owner permissions control the access of the owner of the files or directories; Group permissions control the access of all people in your group that has been assigned to the file or directory; and All Users (Others) permissions apply to all other users on the same system as yours.

In addition, there are 3 types of file permissions while fall into read, write and execute. Just as the name indicates, read allows people to read the content of the file only; write means that you are able to modify files or directories, and execute refers to the ability to execute a file.

How to Recognize Different Permissions?

How to Recognize Different Permissions As you may know, file permissions are usually presented in a numeric value like 777 and 755. However, what do these numbers mean? In fact, each permission type is given a numeric value, and a set of 3 numbers stands for the permissions for a certain level of access. 4 refers to r (read); 2 refers to w (write), and 1 refers to x (execute). For permissions like 777, the first number represents the permissions for Owner; the second one represents those for Group; and the last one represents the permissions for All Users.

To be specific, when you set the 755 permissions, you give the Owner the right to read, write and execute the file as 7=4+2+1. Being in the same rule, the Group and All Others are granted the access to read and execute the file only. All the numbers of permissions can be translated in this way. Besides, 0 indicates that the access is denied.

What Do File Permissions Mean to Shared Web Hosting Security?

You should control the file permissions strictly to restrict others' access to your files or directories because errors and wrong settings may pose danger to your website. For example, if someone gets the write permission incidentally, he/she has the ability to upload, delete and rename files. When malicious codes or files are uploaded, they can steal your private information or even break the whole system. Too much access for other people increases the vulnerabilities of you site and brings terrible loss.

What Do File Permissions Mean to Shared Web Hosting Security On shared web servers, you should pay attention to another potential danger caused by file permission settings in the installation of software. For instance, when you install Joomla, the script runs with "nobody" username by default which is defined as "All Users" by the system.

Here comes the problem. Since the username is not you or a member in your group, you need to give the permissions of 7 to other people because things like 750 or 744 do not allow the software to be installed as the web server is not able to run the required files. However, as long as others are given too much access, your site is in danger. This problem can be resolved by utilizing suPHP, a PHP extension that allows you to create a user role to run scripts instead of using "nobody".