Hosting Tutorial & Guide

File Permissions & What Do They Mean to Shared Web Hosting Security

updated on Jul 27, 2017
File Permissions & What Do They Mean to Shared Web Hosting Security File permissions can be confusing for beginners with no experience in coding, but they do matter in the security of your website files and codes placed in a Linux based system. It is important to make them right to control others' access to your files. As the term might be unfamiliar to some people, this tutorial is written to give detailed definition on it, offer guides on recognizing it, and clarify its importance to shared web hosting security.

What Are File Permissions?

When files are created, usually they are given default permissions which grant a certain group of people the right to read, write or execute them. Every file and folder on your account has its own permissions to control which level of access people have, which allows you to determine how people can access your website thus to protect files against the access from unauthorized users.

There are 3 levels of user based access you can give to a file. Owner permissions control the access of the owner of the files or directories; Group permissions control the access of all people in your group that has been assigned to the file or directory; and All Users (Others) permissions apply to all other users on the same system as yours.

In addition, there are 3 types of file permissions while fall into read, write and execute. Just as the name indicates, read allows people to read the content of the file only; write means that you are able to modify files or directories, and execute refers to the ability to execute a file.

How to Recognize Different Permissions?

How to Recognize Different Permissions As you may know, file permissions are usually presented in a numeric value like 777 and 755. However, what do these numbers mean? In fact, each permission type is given a numeric value, and a set of 3 numbers stands for the permissions for a certain level of access. 4 refers to r (read); 2 refers to w (write), and 1 refers to x (execute). For permissions like 777, the first number represents the permissions for Owner; the second one represents those for Group; and the last one represents the permissions for All Users.

To be specific, when you set the 755 permissions, you give the Owner the right to read, write and execute the file as 7=4+2+1. Being in the same rule, the Group and All Others are granted the access to read and execute the file only. All the numbers of permissions can be translated in this way. Besides, 0 indicates that the access is denied.

What Do File Permissions Mean to Shared Web Hosting Security?

You should control the file permissions strictly to restrict others' access to your files or directories because errors and wrong settings may pose danger to your website. For example, if someone gets the write permission incidentally, he/she has the ability to upload, delete and rename files. When malicious codes or files are uploaded, they can steal your private information or even break the whole system. Too much access for other people increases the vulnerabilities of you site and brings terrible loss.

What Do File Permissions Mean to Shared Web Hosting Security On shared web servers, you should pay attention to another potential danger caused by file permission settings in the installation of software. For instance, when you install Joomla, the script runs with "nobody" username by default which is defined as "All Users" by the system.

Here comes the problem. Since the username is not you or a member in your group, you need to give the permissions of 7 to other people because things like 750 or 744 do not allow the software to be installed as the web server is not able to run the required files. However, as long as others are given too much access, your site is in danger. This problem can be resolved by utilizing suPHP, a PHP extension that allows you to create a user role to run scripts instead of using "nobody".

Special Note

The reason why you change the file permissions is to reduce the possibility of hackers to modify the files on your website. It is useful in the most cases, but it may also cause problems in some special occasions. For instance, if you want to install a PHP based script to your website, the script needs to have the permission to edit some of your files. As PHP generally is treated as a strange visitor on the server, it cannot modify your files if you set the last 2 numbers as 2, 1, or 3.

In fact, if your web server has the suPHP integrated, then the issue can be resolved easily as suPHP can run PHP as the file owner.

How to Change File Permission

After getting the basic knowledge, the changing process can be easy. Here, we highly recommend you to use the File Manger that can be found from almost all the popular control panels. Generally, you can get to this tool under the File tab.

Then, you can see a long list of files included within your website. You simply need to right click the one that you want to change the permission, and then choose the Change Permissions button. Note that you can check the file permissions of your files from the last Perms column by figuring out the numbers we have introduced previously.

Now, you can see a small window appeared allowing you to set the permissions easily. You only need to check the right boxes based on the actions and targets. The corresponding number can be figured out clearly. Then, don’t forget to click the Change Permissions button.

In addition to the File Manager, you can also make use your FTP. After connecting to your FTP server, you only need to focus on your targeting file and right click it to choose the Properties. Then, things can be the same as the former method. You simply need to change the values by clicking the boxes, and then click the OK button.