All About File Permissions

Understanding how permissions work when you set them within your cPanel or using SSH (Shell) access is very important. If permissions are too lax, they may be accessed by unwanted users who may alter or remove them. If the permissions are too strict, then they may not be accessed by the right users to perform tasks as needed. This guide discusses permissions and how they work so you can set them with the proper amount of security.

User types

All users fall into one of three categories. These categories are User, Group, and World. The User type is the individual account that creates the file or folder. The Group is listed as the group that the user belongs to, and the World setting encompasses everyone else.

User TypeFile definitionFolder definition
UserAllows the file to be opened and its contents read.Allows the user to view (list) the contents of the folder (also requires the execute permission).
GroupAllows a file to be opened, read, and edited.Allows the user to add or remove files within a folder (also requires the execute permission).
WorldAllows the contents of the file to be executed in the server’s memory as well as shell scripts.Allows the user to be able to enter the folder as well as manipulate its contents.

Permission types

Just like there are three types of users to which permissions can be assigned, there are also three types of permissions. These are Read, Write, and Execute. Note in the chart below that each permission has an numeric value. This is used for calculating the value for displaying in the octal mode.

PermissionDescriptionOctal value
Read (r)This permission allows the file to be opened and read by the user, ie: they can see the contents of the file or folder.4
Write (w)This permission allows the user to make changes to the file.2
Execute (x)This permission allows the execution of the file’s contents.1

The Mode

Every file and folder on the server has file permissions information attached to it. The term mode is used to define the collection of three sets of permissions that each file or folder has. The mode can be viewed in two different formats. The default in the command line console is the long form. This is where the permissions are displayed as a string of all the permissions as one long alphabetic line. The cPanel user interface, however, displays the permissions in numeric, or octal, format.

Long Form

The long form may look difficult at first, but once you understand how it is formatted it is quite easy. It is divided up into three different sections. The User section comprises the first three columns, followed by the Group section and then the World section. They are displayed all together like this example where we show a permission structure that grants all three permissions to all three user types.

rwxrwxrwx

If you separate the different sections visually, they make more sense. Below we show a permission structure where all users are granted all permissions broken apart so you can understand them a bit better.

rwx  rwx  rwx

If a permission is granted to a user type, the representative letter will appear in the mode. If the permission is not granted, it is displayed as a dash ‘-‘. Below is the example of a popular permission setup where the Group and World user types do not have Write permissions.

rwx  r-x  r-x

Octal Mode

When viewing your file structure in the cPanel GUI (graphical user interface) the permissions are displayed as a three digit number. This is known as the octal form. Instead of three columns for each user type, there is a single column. The number in that column is the total of the values of their permissions granted to that user type. Below is an example of how the permissions display in the cPanel File Manager.

File Permissions

To read the octal format is very easy, below is a chart that displays the range of possible permissions.

NumberPermissions
0None
1Execute
2Write
3Write and Execute
4Read
5Read and Execute
6Read and Write
7Read Write and Execute

The octal format is laid out in the same format for user types as the long format. The first column is the User, the second is the Group and the third is the World. The mode is always displayed together, so 755 is a popular mode that gives all permissions (7) to the User, but only Read and Execute permissions (5) to the Group and World user types.

4 thoughts on “All About File Permissions

  1. How does this work in conjunction with password protected directories? Do you need to give files 644 to be world visible, and if so, is the password still required?

    1. Hi Howard, happy to explain further. Password protection on a directory is controlled in the .htaccess file, which is at the level of the web server. File permissions, when set, exist at the level of the kernel/file system.

      If Apache doesn’t have access to read the file due to file permissions, no one on the web will be able to see it regardless of directory protection, since the web server cannot access it. Hope that helps!

  2. Wow…if only all responses was always more then you bargained for…I was looking for a simple permissions list…this explained how it WORKS. Great ..thanks.

Was this article helpful? Join the conversation!

Questions about our MailChannels Deployment? We have answers and are here to help!Learn More
+