Understanding Permission Types for Website Security


If you are running a website on a Unix or Linux server, it is important to know that many of your files and directories must be provided with the right permissions in order to function properly.   In the world of Unix-like platforms, the process of giving permissions is known as change mode or simply, CHMOD.  While you definitely want the files and directories of your website to work properly, it is also imperative to set the right permissions for security purposes.

CHMOD Permission Types

There are three types of permission in the Unix environment: Read, Write and Execute.  Below is an explanation on what each type of access means:

Read – This permission provides access that allows files to be read.  When applied to directory, it allows the names of files in a particular directory to read.  However, it does not disclose the type, size, permissions or any other information about the files.

ALSO READ:  The Transition from Shared Hosting to the Cloud

Write – This permission provides access that allows a file to be modified.  When applied to a directory, it allows files in a particular directory to be modified.  This includes creating, renaming and deleting files.

Execute – This permission provides access that allows a file to be executed.  The execute permission must be set for shell scripts and executable binaries in order for them to be run on the underlying operating system. When applied to a directory, it provides access that allows files and subdirectories to be accessed, but not read.  Files and subdirectories can only be viewed if the directory that contains them is set to read.

CHMOD User Types

The above permissions apply to three types of users: the User, Group and Other. The User is the owner of the file and the one that has complete control.  The Group is the group of users that own the file.  This permission can be useful for a website that has group of people working on a project.  In this instance, you could give access to those users and restrict it from others.  Other refers to anyone that does not own in a file or belong in a group of users associated with the file.   So if you set a file to this permission, it will automatically affect everyone else.  For this reason, Other is often referred to as “the rest of the world”.

ALSO READ:  Seven Basic Ingredients of Unix Hosting

Defaults and Warnings

Files on a Unix server are usually set to 644 by default.  This simply means that the owner of the file has the ability to read and write to it, while everyone else only have read access.  Directories in the Unix environment are usually set to 755.  This means that the owner has complete authority over the directory while every else can only read and execute the files it contains.  One permission you definitely want to be careful with is CHMOD 777.  When applying this setting, anyone will have the ability to read, write and execute your files or directories.  This is equivalent to leaving your website open to the world and making it easy for hackers to compromise.

ALSO READ:  Introduction to Webmin


While a shell prompt can be used to set permissions, many website owners choose to take the easy route by using an FTP client.  The CHMOD option can usually be accessed through menus or by hovering the mouse over a file or directory and choosing the correct option.  How you access it all depends on the FTP software.  In most cases, you simply check the properties, or enter the corresponding permission numbers in the provided text box to set permissions.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>