In this tutorial:
Understanding how permissions work when you set them within your cPanel or using SSH (Shell) access is very important. If permissions are too lax, they may be accessed by unwanted users who may alter or remove them. If the permissions are too strict, then they may not be accessed by the right users to perform tasks as needed. This guide discusses permissions and how they work so you can set them with the proper amount of security.
User types
All users fall into one of three categories. These categories are User, Group, and World. The User type is the individual account that creates the file or folder. The Group is listed as the group that the user belongs to, and the World setting encompasses everyone else.
| User Type | File definition | Folder definition |
|---|---|---|
| User | Allows the file to be opened and its contents read. | Allows the user to view (list) the contents of the folder (also requires the execute permission). |
| Group | Allows a file to be opened, read, and edited. | Allows the user to add or remove files within a folder (also requires the execute permission). |
| World | Allows the contents of the file to be executed in the server’s memory as well as shell scripts. | Allows the user to be able to enter the folder as well as manipulate its contents. |
Permission types
Just like there are three types of users to which permissions can be assigned, there are also three types of permissions. These are Read, Write, and Execute. Note in the chart below that each permission has an numeric value. This is used for calculating the value for displaying in the octal mode.
| Permission | Description | Octal value |
|---|---|---|
| Read (r) | This permission allows the file to be opened and read by the user, ie: they can see the contents of the file or folder. | 4 |
| Write (w) | This permission allows the user to make changes to the file. | 2 |
| Execute (x) | This permission allows the execution of the file’s contents. | 1 |
The Mode
Every file and folder on the server has file permissions information attached to it. The term mode is used to define the collection of three sets of permissions that each file or folder has. The mode can be viewed in two different formats. The default in the command line console is the long form. This is where the permissions are displayed as a string of all the permissions as one long alphabetic line. The cPanel user interface, however, displays the permissions in numeric, or octal, format.
Long Form
The long form may look difficult at first, but once you understand how it is formatted it is quite easy. It is divided up into three different sections. The User section comprises the first three columns, followed by the Group section and then the World section. They are displayed all together like this example where we show a permission structure that grants all three permissions to all three user types.
rwxrwxrwx
If you separate the different sections visually, they make more sense. Below we show a permission structure where all users are granted all permissions broken apart so you can understand them a bit better.
rwx rwx rwx
If a permission is granted to a user type, the representative letter will appear in the mode. If the permission is not granted, it is displayed as a dash ‘-‘. Below is the example of a popular permission setup where the Group and World user types do not have Write permissions.
rwx r-x r-x
Octal Mode
When viewing your file structure in the cPanel GUI (graphical user interface) the permissions are displayed as a three digit number. This is known as the octal form. Instead of three columns for each user type, there is a single column. The number in that column is the total of the values of their permissions granted to that user type. Below is an example of how the permissions display in the cPanel File Manager.
To read the octal format is very easy, below is a chart that displays the range of possible permissions.
| Number | Permissions |
|---|---|
| 0 | None |
| 1 | Execute |
| 2 | Write |
| 3 | Write and Execute |
| 4 | Read |
| 5 | Read and Execute |
| 6 | Read and Write |
| 7 | Read Write and Execute |
The octal format is laid out in the same format for user types as the long format. The first column is the User, the second is the Group and the third is the World. The mode is always displayed together, so 755 is a popular mode that gives all permissions (7) to the User, but only Read and Execute permissions (5) to the Group and World user types.
How does this work in conjunction with password protected directories? Do you need to give files 644 to be world visible, and if so, is the password still required?
Hi Howard, happy to explain further. Password protection on a directory is controlled in the .htaccess file, which is at the level of the web server. File permissions, when set, exist at the level of the kernel/file system.
If Apache doesn’t have access to read the file due to file permissions, no one on the web will be able to see it regardless of directory protection, since the web server cannot access it. Hope that helps!
Wow…if only all responses was always more then you bargained for…I was looking for a simple permissions list…this explained how it WORKS. Great ..thanks.
We appreciate your comment! Let us know if you have any further questions!