Uploading anything more complicated than basic HTML (for example, a PHP script), usually requires some fiddling with permissions settings to make things work properly. Whether you’re battling an error or just following the instructions to install a new script on your server, you at least need to know how to set permissions.

However, many webmasters successfully set their permissions without realizing that’s what they’re doing OR why it’s so important. This can lead to serious mistakes that can, in turn, lead to security and reliability issues.

Here’s the good news: permissions are easy to understand and virtually anyone can grasp them in a few minutes; all it takes is an understanding of the underlying concepts. Even the mysterious numbers we see when we use the CHMOD command will become much clearer.

The Basics of File Permissions

The basic principle of file permissions is that not every file on your server is meant to be accessed by everyone. In this regard your server is no different than your personal computer. If you have multiple accounts on the same machine, Person A may not be able to access the files of Person B for privacy reasons. However, an administrator has a higher level account that lets them access everything.

So, for example, if you have a father with two children, the two children can not access each other’s files and they can’t access the father’s. However, the father, who is an admin, can access both his files and his children’s files as needed. This is done for security reasons, to ensure that the two children can’t harm more than their files should they mess something up.

Server permissions work pretty much the same way. There are three different kinds of users: guests, which for our purposes will mean visitors to the site; users, in this case webmasters and the accounts they create; and administrators, meaning the hosting provider (or yourself if you have “root” access to the server, such as with a VPS).

Since there’s no way to give or take away permissions from an admin, those permissions aren’t editable- they always have permission to do anything at any time.

The permissions you set, on the other hand, determine what your account and your visitors can do with your files. That is where the CHMOD command comes in.

Understanding CHMOD

CHMOD, which stands for CHange MODe, is the Unix or Linux command commonly accessed via FTP programs to change or set permissions for both files and folders.

Typically, CHMOD represents the permission of a file or folder as a series of three numbers ranging from 0 to 7. Generally, the higher the number the more “open” the permissions on the file.

The numbers each represent a different “groups” of permission:

1. User: This is the owner of the file or folder, meaning the account that uploaded it or created it.
2. Group: The group the user belongs in. For example, if your hosting account allows you to create multiple FTP logins, they likely belong to the same group.
3. World: Everyone else, including visitors to your site.

The three groups then have three activities that can be either allowed or denied. Those activities are:

1. Read: The ability to read a file or list files in a folder. Without read access, a file can only be accessed by admins.
2. Write: The ability to edit/delete/rename a file or the ability to create/delete/rename files in a folder.
3. Execute: The ability to run a script or run a script in a folder.

The three actions are then given a numerical value. With “Read” being “4″, “Write” being “2″ and “Execute” being “1″.

A file without any permissions, meaning no one but an admin could access it, is a 000. A file that can be read by anyone is a 444. A file that can be read, written and executed by anyone is a 777.

Each group can have a different value so, for example, a file with a permission of 755 can be read, written and executed by the user, but everyone else can only read or execute it, not write to it. This prevents others from editing the file.

Generally, the user of the file will have full access to it, meaning a 7, but typically others will have more restricted access. For most script files, 755 is considered the ideal.

However, there are times other permissions are needed. For example, if you have a folder you need to upload files to regularly, it might need to be 666, meaning that it can be read and written to, but not executed.

Generally though, you should try to have the permission number as low as possible, otherwise, there are very serious security risks that can come back to bite you.

A Quick Word on Security

The problem with permissions is that, the more you give away, the more likely it is that someone else can misuse your permissions to launch an attack on your server. The lower the number, meaning the fewer rights granted, the better.

For example, if a script is editable when it doesn’t have to be, one might be able to inject malicious code into it. Likewise, if a file can be executed by an outside user, it may be able to be used against the server or other visitors.

You need to be careful to set your permissions to only what is required, no more. You should be very cautions about EVER designating a file or folder as 777 and generally want to avoid giving execute permissions when not needed.

If you’re smart about the file permissions you set up, you will be a lot more secure down the road.

Bottom Line

All in all, file permissions are not that confusing or that difficult. There are many great guides on the Web that further explain the principles.

There’s no magic or mystery behind the CHMOD command. Although the way the information is displayed can be a bit confusing, the principles behind file permissions are easy to grasp and crucial to understand.

In the end, understanding how and why permissions work will make you a better webmaster and help you sleep a little bit better at night.

Related posts:

1. Do You Make These 5 Server Security Mistakes? Web servers are a prime target for hackers, not to...
2. File Hosting: Is It Right For Your Site? Previously we discussed why a content delivery network (CDN) can...
3. Decompress ZIP Archives via SSH Uploading an entire site or script in a ZIP archive...
4. Hardening WordPress WordPress is far and away the most popular blogging platform...
5. 5 Reasons to Avoid One-Click Installs One-click installs are a feature you can find on almost...