So what should you have done? Well you can’t seal off your website no-one would see it and indeed some files need to talk to each other for the site to work. Below is information on what those permissions are and what fundamental steps you need to take.
This post is for new users to explain what file permissions are and why it is important to set them to the correct levels. On a Linux-based system (which if you are using Joomla is the most likely system your ISP is using) you can change your permissions for each file and folder on your web site. This is usually most easily done using a FTP program such as File Zilla.
You connect to your site
- select a folder by right clicking on it
- from the menu choose file permissions
- then set the permission level for that folder
Example of setting permissions on a folder having connected to your site files with FileZilla
To set the permission level for file access do exactly the same thing as you did for the folder permission change except you may want to set a different level.
Windows does not have this same system you usually have to save any scripts to the cgi folder.
You can see from the examples shown that our folder has been set to a numeric value of 755 and if you look above you can see that there are three rows of users owner, group and public. The permissions for each group are shown by the tick boxes and those boxes chosen affects the number below and vice versa.
You can see the three permission levels Read Write and Execute. If all tick boxes were selected the permission number would read 777 which would literally mean anyone can do anything to that folder. This is a situation that should never be allowed.
By setting the numeric value to 755 you are removing the write permission from the Group and Public. To reduce permissions any lower om your folders risks the program not being able to access or modify itself. However on certain files we can tighten things up a bit and in the example shown for the configuration file the numeric attributes have been set at 640, stopping the public from accessing this file at all and reducing the Group only to read from it.
If you are now comfortable with changing these permissions I suggest you follow the settings recommended in my security tips blog straight away Security .
tip: if your ISP allows only 777 permissions change your ISP.
Want to know a little more?…….read on
Often references to file permissions in Linux-based systems you will come across the command chmod. This is in fact a Unix command that is being implemented behind the permissions form when you select the attributes in the above diagrams. e.g. chmod 0777 would be giving full permissions to a selected file or folder.
Lets go down a layer and see whats happening – “chmod changes the permissions of each given file according to mode, where mode describes the permissions to modify. Mode can be specified with octal numbers or with letters.”
The octal digits are assigned values for a particular permission. In numeric mode they are one to four octal digits, any digits omitted are assumed to be leading zeros. For the second,third and fourth digit (which our 755 example shows) we are attributing a value of 4 to read, a value of 2 to write and a value of 1 to execute (remember no value is interpreted as a leading zero. We have then selected our values for the User(the person who owns the file), Group (Users in the files Groups) and Public (Rest of the world not in the files groups).
This is a diagram showing our attribute options.
This is a diagram showing how the numeric value is calculated, and in brackets the equivalent letter code.
R = read
W = write
X = execute
There are many articles on this subject and many ISPs have their own articles on the subject, hopefully I have managed to present a refined version of this subject giving you enough to get by or furnish you with enough information for you to explore the subject further.