1. WebsitePlanet
  2. >
  3. Glossary
  4. >
  5. Web hosting
  6. >
  7. What are permissions?

What are permissions?

Sayb Saad Written by:
Christine Hoang Reviewed by: Christine Hoang
24 October 2024
When you host a website, permissions control who can view, change, or run files on your server. These permissions are your first line of defense, protecting your data from unauthorized access and potential attacks. If permissions aren’t set correctly, your files could be exposed, putting your website at risk.

By understanding how permissions work, you can manage your files more securely. There are three types of permissions: read, write, and execute. Each one controls specific actions users can perform on your server. Learning how to configure them correctly will help you protect your site, manage access, and keep everything running smoothly.

Definition of Permissions in Hosting

Permissions in hosting determine who can access, modify, or run specific files or directories on your server. They help you manage access to important data and keep your site secure from malicious actors. Every file or directory comes with a set of permissions, typically divided into three categories:

  • Owner permissions: As the owner, you have the highest level of control, which typically includes the ability to read, write, and execute files or directories (shown as rwx). This allows you to modify, delete, or execute the file. Additionally, you can adjust permissions for other users or groups using commands.
  • Group permissions: Group permissions apply to a specific set of users who share the same access level to a file or directory. Instead of managing individual permissions for each user, groups make permission management simpler.
  • World (Other) permissions: These permissions apply to everyone who isn’t the owner or part of the group. Usually, these permissions are the most restrictive, often allowing only read access. Limiting public access protects your sensitive files.
Each of these categories has 3 types of permissions:

  • Read (r): Read permissions let you open and read a file’s contents but not make changes. For directories, you can view the list of files inside, though you’ll require execute permission to access the files.
  • Write (w): Write permission lets you modify a file’s contents, delete it, or create new content. For directories, it allows you to add, delete, or rename files. However, you’ll need both write and execute permissions to move or rename items.
  • Execute (x): Execute permission allows you to run a file, like a script or program. You can also navigate your directories and access all files, even if you can’t see the directory’s file list.
Permissions are often represented in numeric (octal) form, like 755. This means the owner has full control (read, write, execute), while the group and others have read and execute access. Setting incorrect permissions can expose your site to security risks by allowing unauthorized changes.

Access Control Lists (ACLs) provide finer control for advanced setups. They let you specify which users can access a file beyond the basic owner-group-world system. Special permissions like ‘setuid,’ ‘setgid,’ and the ‘sticky bit’ can also be used to secure files further by controlling how they’re accessed and executed.

How Do Permissions Work in Hosting?

When you or a program tries to access a file, the server checks the file’s permissions to determine if an action like reading or writing is allowed. If you have the right permissions, the server lets you proceed. If not, it blocks the action.

Permissions are represented as letters: “r” (read), “w” (write), and “x” (execute). Each digit represents a different permission level for the owner, group, and world (others). Here’s how it works:

  • Read (r): 4
  • Write (w): 2
  • Execute (x): 1
You add these numbers to form a permission level for each user category. For example, 755 in numeric notation is the same as “rwxr-xr-x” in letter notation. It gives the owner full control and allows group members and everyone else to read and execute, but not modify the file.

  • 7 (Owner): The owner has full control. Read (4) + Write (2) + Execute (1) = 7.
  • 5 (Group): The group can only read and execute. Read (4) + Execute (1) = 5.
  • 5 (World): Others can also only read and execute. Read (4) + Execute (1) = 5
To ensure your website runs properly, your web server (like Apache or Nginx) also needs specific permissions. Servers usually operate under user groups like www-data, which require enough access to serve your content and handle tasks like file uploads.

However, granting too many permissions, especially write access to everyone, can expose your site to serious risks. Hackers might upload malicious scripts, overwrite key files, or even delete crucial data. Always balance permissions carefully to maintain security without compromising your site’s functionality.

How to Set the Right Permissions

File and directory permissions are the backbone of how your server manages access. Setting them correctly makes your site function smoothly and maintains the necessary boundaries for user actions. Here’s how you can set the right permissions:

File Permissions

  • 644 (rw-r–r–): Use this for most files, such as HTML, CSS, and JavaScript. As the owner, you have read and write access, while others can only read the file. This prevents unauthorized changes by other users while allowing them to view the file.
  • 600 (rw——-): This is ideal for sensitive configuration files, such as wp-config.php in WordPress. Only you can access and modify these files, protecting critical data like database credentials from other users and processes.
  • 400 (r——–): Set this for files that should be read-only for everyone, including you, unless changes are necessary. It’s often used for .htaccess files to prevent accidental or malicious alterations.

Directory Permissions

  • 755 (rwxr-xr-x): This is the standard setting for directories. You have full control (read, write, execute), while others can only read and navigate through the directory. It’s commonly used for public directories, where users need access but shouldn’t be able to modify the contents.
  • 700 (rwx——): Use this for private directories where only you need access. This is useful for directories containing backups or uploads, where it’s important to restrict access to avoid unauthorized changes.
These guidelines cover most common cases, but your specific hosting setup might require adjustments. Always be cautious with permission settings like 777, which allows anyone to read, write, and execute files. This level of access can create serious security vulnerabilities by allowing unauthorized users to modify critical files.

How to Modify Permissions

You can modify permissions for your files and directories in several ways, depending on your access level and preferences:

File Manager

Most web hosting control panels, like cPanel, have a built-in File Manager. This gives you a simple, graphical interface to view and adjust permissions. Right-click on a file or folder, choose ‘Change Permissions,’ and modify the settings using checkboxes or numeric values. To apply changes to all files within a folder, use the recursive option to apply the settings to all files.

FTP/SFTP Client

If you prefer using an FTP or SFTP client like FileZilla, you can right-click any file or folder and select ‘File Permissions’ or ‘File Attributes’ to make changes. Like the File Manager, you can apply these changes recursively to all contents within a directory, ensuring all files inherit the same permissions.

SSH Command Line

For advanced control, you can use the SSH command line and the chmod command to modify permissions. The basic format is chmod [permissions] [file/folder]. You can also use the symbolic form, such as chmod u+x file, or the numeric form, which should look like, chmod 644 file.

If you want to change permissions for all files in a directory, use the ‘-R’ option to apply the changes recursively. For example, chmod -R 755 folder applies the same permission settings to the folder and everything inside it. The ‘-R’ stands for “recursive,” meaning the command will affect every file and subdirectory within the selected folder.

Common Permission Issues and Solutions

Incorrect permissions can cause various issues on your website. Here are some common problems and how to solve them:

403 Forbidden Error

  • Issue: This error occurs when the web server doesn’t have the required permissions to access a file or directory. It usually happens due to incorrect file or directory permissions.
  • Solution: Ensure the file permissions are set to 644 and directory permissions to 755. If the error persists, check your .htaccess file for misconfigurations – these can also cause the issue.

500 Internal Server Error

  • Issue: This general error can occur because of incorrect permissions on a script like a PHP file or an issue with the server configuration or a corrupted .htaccess file.
  • Solution: Ensure the file has the correct execute permissions, usually 755 for PHP scripts. Review the server’s error logs to pinpoint the issue. If the problem continues, regenerate the .htaccess file to fix potential misconfigurations.

WordPress “Unable to Write to Directory” Error

  • Issue: This happens when WordPress doesn’t have permission to write to a directory, preventing tasks like media uploads or plugin updates.
  • Solution: Set the directory permissions to 755 or 775, depending on your hosting environment. If that doesn’t work, you may need to change the directory ownership to the web server user using the chown command, which lets WordPress write to the directory.

Files Not Uploading via FTP

  • Issue: If you can’t upload files through FTP, the directory you’re trying to upload to may not have the correct write permissions.
  • Solution: Make sure the directory has 755 or 775 permissions, allowing write access for your FTP user. Also, check that the FTP user has the correct ownership of the directory to ensure proper access.

Best Practices for Permission Management

Managing permissions properly is essential for both security and functionality in your hosting environment. Here are some key best practices to follow:

  • Principle of Least Privilege: Always give users and processes the minimum permissions to complete their tasks. Limiting access reduces the chances of security breaches or malware infections. Even if an account is compromised, limiting permissions ensures attackers can only access a small part of your system.
  • Regular Permission Audits: Periodically review the permissions on your files and directories to spot any unnecessary or overly permissive access. Audits help prevent “privilege creep,” where users accumulate more access than they need. Remove outdated permissions or inactive accounts to keep your system secure.
  • Consistent Permission Scheme: Set up a clear and consistent permission scheme for all your files and directories. Document this scheme and make sure everyone follows it. This keeps permissions organized and ensures new files and systems follow the same rules.
  • Separate User Accounts: Always create separate user accounts instead of sharing one. This makes it easier to manage access and track who’s responsible for what. Use role-based access control (RBAC) to assign permissions based on job roles, giving users only the access they need.
  • Secure Sensitive Files: Pay attention to files containing sensitive information, like configuration files or database credentials. Restrict access by setting permissions to 600 (owner-only access) and ensure only necessary users have access. This prevents unauthorized access to critical data.
  • Backup and Version Control: Regularly back up your files and directories, including their permission settings. Use version control to track changes, so if a permission setting is mistakenly altered, you can quickly revert it.
  • Educate and Train Users: Make sure everyone understands how to manage permissions safely. Provide training and clear guidelines to prevent users from accidentally misconfiguring access, which could expose your system to risks.

Summary

Setting the correct permissions keeps your website secure and ensures smooth operation. By carefully managing file, directory, and sensitive data permissions, you control who can access or modify content, preventing common errors like “403 Forbidden” or “500 Internal Server Error.” Proper permissions also reduce your exposure to security risks and unauthorized changes.

Beyond preventing immediate issues, correct permissions help you maintain long-term stability. Tools like File Manager, FTP/SFTP, or SSH make it easy to adjust permissions when necessary. Stick to best practices by granting only the access users need, separating accounts, and securing sensitive files.

Rate this Article
5.0 Voted by 2 users
You already voted! Undo
This field is required Maximal length of comment is equal 80000 chars Minimal length of comment is equal 10 chars
Related posts
Show more related posts
We check all user comments within 48 hours to make sure they are from real people like you. We're glad you found this article useful - we would appreciate it if you let more people know about it.
Popup final window
Share this blog post with friends and co-workers right now:
1 1 1

We check all comments within 48 hours to make sure they're from real users like you. In the meantime, you can share your comment with others to let more people know what you think.

Once a month you will receive interesting, insightful tips, tricks, and advice to improve your website performance and reach your digital marketing goals!

So happy you liked it!

Share it with your friends!

1 1 1

Or review us on 1

3418609
50
5000
97148155