Directory permissions are important for the security and usability of your websites and files. What are the default permissions?
Sometimes, when migrating servers or changing PHP handlers, your site can become unresponsive due to permissions errors. This document will help return your permissions to default.
Answer
These permissions change based on the configuration of your server
In most situations, the default permissions should be used:
By default, when using FileProtect, enabling mod_itk or mod_ruid2 will allow public_html to be owned entirely by the user. More information is available here.
/home/cptest/public_html - p1 -# ls -la
total 16
drwxr-x--- 4 cptest cptest 84 Jul 1 04:37 .
drwx--x--x 15 cptest cptest 4096 Jun 28 03:41 ..
drwxr-xr-x 2 cptest cptest 6 Jun 13 02:58 cgi-bin
-rw-r--r-- 1 cptest cptest 128 Jul 1 04:37 index.php
drwxr-xr-x 2 cptest cptest 22 Jul 1 00:41 test
-rw-r--r-- 1 cptest cptest 128 Jul 1 00:39 test1.php
-rw-r--r-- 1 cptest cptest 82 Jul 1 00:40 test2.php
Without FileProtect, the permissions require the nobody group to have access to the directory:
/home/cptest/public_html - p1 -# ls -la
total 16
drwxr-x--- 4 cptest nobody 84 Jul 1 04:37 .
drwx--x--x 15 cptest cptest 4096 Jun 28 03:41 ..
drwxr-xr-x 2 cptest cptest 6 Jun 13 02:58 cgi-bin
-rw-r--r-- 1 cptest cptest 128 Jul 1 04:37 index.php
drwxr-xr-x 2 cptest cptest 22 Jul 1 00:41 test
-rw-r--r-- 1 cptest cptest 128 Jul 1 00:39 test1.php
-rw-r--r-- 1 cptest cptest 82 Jul 1 00:40 test2.php
- public_html is owned by the user, the group "nobody" and has permissions of 750
- Files and directories inside are owned by the user and the user's group
- Files have 644 permissions
- Directories have 755 permissions
When using both an Apache module (mod_ruid2, mod_suexec) and a PHP handler (suPHP, LSAPI, PHP-FPM), you can limit permissions further. This is an example of the most restricted you could set your permissions to when using mod_suexec and suPHP:
/home/cptest/public_html - p1 -# ls -la
total 24
drwxr-x--- 4 cptest nobody 118 Jul 1 05:12 .
drwx--x--x 15 cptest cptest 4096 Jun 28 03:41 ..
drwxr-xr-x 2 cptest cptest 6 Jun 13 02:58 cgi-bin
-rw-r--r-- 1 cptest cptest 281 Jul 1 05:04 .htaccess
-r-------- 1 cptest cptest 128 Jul 1 04:37 index.php
drwx--x--- 2 cptest nobody 39 Jul 1 05:16 test
-r-------- 1 cptest cptest 128 Jul 1 00:39 test1.php
-r-------- 1 cptest cptest 82 Jul 1 00:40 test2.php
- All directories can be limited to 710 when owned by the group "nobody"
- All files can be limited to 400
When using suPHP, the permissions checks listed here should be considered.
Comments
0 comments
Article is closed for comments.