File permissions are one of the most important security features on your server. They allow you to fine-tune who can read, write, and execute files. It would be impossible to host multiple users’ websites and data without them.
Incorrect permissions, on the other hand, frequently cause difficult-to-diagnose problems. If a website fails to load properly or software crashes, misconfigured permissions are most likely to blame. They can also be difficult to manage with chmod, the standard Linux permissions manager.
In this article, we will define permissions and explain how they work before showing you how easy it is to assign them in cPanel.
File Permission Settings
Permissions are assigned to each file and folder on your server. On the command line, use the ls command to see them.
The -l flag instructs ls to display a detailed listing with additional information.
The first, third, and fourth columns are of particular interest to us. The second column displays the number of links in a file that are not related to permissions.
Before we get to the permissions, let’s take a look at the owner and group columns. The definition of “owner” is straightforward: The file is owned by the user, in this case, user1.
Files are also assigned to a group. Groups are collections of users that can be used to manage the permissions of multiple users at once. In this case, the group is also referred to as user1. Every user has a group, and when they create a file, permissions are automatically granted to its members.
Let’s zoom in even more and look at the permissions themselves.
The filetype is indicated by the letter on the left. It’s a d here, so we know the file is a directory. If it were a normal file, this column would have a dash (-), as shown in the first image.
Following that, there are three groups of three letters. These denote read (r), write (w), and execute (x) operations for the owner, group, and others. Others, also known as “the world,” refers to any account on the server that is not the user or a member of the group.
In our example, all three can read, write, and execute the file, but this is uncommon on a server because it is prudent to limit access, particularly for the other category.
Changing File Permissions with Chmod
Assume you want the owner and group members to be able to read and write the file, but only other users to be able to read it. In a moment, we’ll show you a more convenient way to do this in cPanel, but for now, we’ll use chmod, a command-line tool for managing permissions.
chmod a-wx example.html
chmod og+w example.html
We use plus (+) to add permissions and minus (-) to remove them to tell chmod what to change. We also specify who should be affected by the changes: o for the owner, g for the group, o for others, and a for everyone.
The first command instructs chmod to remove the write (w) and execute (x) permissions from all users. The second gives the owner and group write permissions again. The file’s permissions are now as follows:
The dashes are used to indicate the lack of a particular permission.
File Permissions with Numbers
Another way to tell chmod which permissions to use is often simpler to understand, which is why we use it in cPanel’s File Manager.
We use a number instead of a letter:
- No permissions is 0
- Read is 4
- Write is 2
- Execute is 1
The numbers are simply added together to set permissions. For example, we could use 6 to set read (4) and write (2). We’d use the following command to get the same permissions as in the previous example:
chmod 664 example.html
That’s 6 (read plus write) for the owner and group, and 4 (read-only) for others. To grant the same permissions to the group and others while also allowing the file’s owner to execute it, we’d use:
chmod 764 example.html
We add 4, 2, and 1 for a total of 7 to indicate read, write, and execute.
If you’re wondering why those specific numbers were chosen, it’s because 7 is the binary 111’s octal (base-8) representation. We’re instructing chmod to set the read (100), write (010), and execute bits (001).
File Permissions for Directories
There’s one more thing to understand: what do read and execute mean for a directory? After all, you can run code from a file, but not from a directory.
When applied to a directory, the permissions have a different meaning:
- Read (r or 4) allows users to list files in the directory.
- Write (w or 2) allows users to create, rename, and delete files in the directory.
- Execute (x or 1) allows users to access the files and folders the directory contains.
How to Assign Permissions to Files and Folders With File Manager
Within the File Manager, cPanel provides an easy-to-use interface for setting file permissions. Navigate to the Files section of the main page and launch File Manager.
File permissions are displayed numerically in the rightmost column of the File Manager.
To change them, select a file and click Permissions in the menu bar.
It’s as simple as checking and unchecking read, write, and execute for the user, group, and world (others). Changes are reflected in the box at the bottom as you make them, but they will not be applied until you confirm by clicking Change Permissions.
File permissions are a critical component of server security, particularly on shared hosting servers with a large number of users. Setting the wrong permissions can break software and expose you to dangerous vulnerabilities, so learning how they work is worthwhile. Permission management is a breeze with cPanel & WHM’s user-friendly interface.