You are here: start » filesystem_permissions

Filesystem Permissions

To restrict the access to files and folders, any decent filesystem supports the concept of filesystem permissions. The most basic form are the traditional Unix permissions (and that's what you most likely have to deal with on your webserver). Basically each file and folder has three attributes:

  • readable (4)
  • writable (2)
  • executable (1)

For CMSimple_XH no file has to be executable, but most folders have to (for folders executable means, that the content of the folder may be accessed). The numbers in parentheses are the value for the respective attribute. Just add these to get the resulting permissions. E.g.:

  • 4: readable, but neither writable nor executable
  • 5: readable and executable, but not writable
  • 6: readable and writable, but not executable
  • 7: readable, writeable and executable

Furthermore every file and folder has an owner and belongs to a group. The permissions can be set individually for the owner, the group (i.e. all users that are member of the group) and for everybody. So the permissions for a file are expressed as three digits 1), e.g. 640 means the file owner may read and write the file, any member of the file group may read the file, and all other users may not even read it.

That might sound very complicated, but in practice it's quite simple, as it just matters if a file/folder is writable or not:

  • files: 4 resp. 6 (write protected resp. writable)
  • folders: 5 resp. 7 (write protected resp. writable)

And it's important which user accesses the file: the owner or somebody else. This depends on how PHP is executed by the webserver. If it is running as (F)CGI, the user is typically the owner of the file, otherwise not. You can look up how it's handled on your server in the PHP info under “Server API”.

If PHP's safe mode is enabled on your server, there may be further restrictions. It is recommended to run CMSimple_XH on a server with safe mode disabled.

Conclusion

If the user is the owner of the file, it's sufficient to set any write permissions only for the owner:

  • folders: 555 resp. 755 (write protected resp. writable)
  • files: 444 resp. 644 (write protected resp. writable)

Otherwise you should set write permissions for everybody:

  • folders: 555 resp. 777 (write protected resp. writable)
  • files: 444 resp. 666 (write protected resp. writable)

If in doubt – try it out! ;-)

How to change permissions

This can be done with any decent FTP client. How it works exactly depends on the FTP client, so you should look that up in its documentation. For FileZilla there's a short video tutorial on Youtube.

Security

Of course you can give full permissions to all files and folders (i.e. 777), and CMSimple_XH will work well. But that sacrifices security, as somebody might be able to modify a file, that shouldn't be modified. So for maximum security set only the necessary permissions, i.e. write protect all files and folders except those who need write permissions. Which files and folders need write permissions is explained in installation.

1)
actually this is an octal number, so usually it's written e.g. 0755; for simplicity we'll omit the leading zero in the following
 
You are here: start » filesystem_permissions
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
Valid XHTML 1.0 Valid CSS Driven by DokuWiki