Guiding the Joomla novice on their way

Minimising problems maximising opportunity

File Permissions

on Saturday, 07 July 2012. Posted in Security

640attribute-150x150Imagine the scenario you have built a lovely Joomla website you’ve filled it full of  content and all is well. 

Then one day it is hacked and becomes corrupted, unusable.   Someone or something has managed to enter your file system and corrupt it.

You seek advice and are told that you left your folders and files open allowing easy access for the hackers program. The attack could have been thwarted had you locked down the permissions on your files and folders.

So what should you have done?  Well you can’t seal off your website no-one would see it and indeed some files need to talk to each other for the site to work. Below is information on what those permissions are and what fundamental steps you need to take.

This post is  for new users to explain what file permissions are  and why it is important to set them to the correct levels.  On a Linux-based system (which if you are using Joomla  is the most likely system your ISP is using) you can change your permissions for each file and folder on your web site.  This is usually most easily done using a FTP program such as File Zilla.

You connect to your site
  • select a folder by right clicking on it
  • from the menu choose file permissions
  • then set the permission level for that folder

Example of setting permissions on a folder having connected to your site files with FileZilla

file permissions2-500x163


To set the permission level for file access do exactly the same thing as you did for the folder permission change except you may want to set a different level.

Windows does not have this same system you usually have to save any scripts to the cgi folder.

You can see from the examples shown that our folder has been set to a numeric value of 755 and if you look above you can see that there are three rows of users owner, group and public.  The permissions for each group are shown by the tick boxes and those boxes chosen affects the number below and vice versa. 

You can see the three permission levels Read Write and Execute. If all tick boxes were selected the permission number would read 777 which would literally mean anyone can do anything to that folder.  This is a situation that should never be allowed. 

By setting the numeric value to 755 you are removing the write permission from the Group and Public. To reduce permissions any lower om your folders risks the program not being able to access or modify itself.  However on certain files we can tighten things up a bit and in the example shown for the configuration file the numeric attributes have been set at 640, stopping the public from accessing this file at all and reducing the Group only to read from it.



640 attribute

If you are now comfortable with changing these permissions I suggest you follow the settings recommended in my security tips blog straight away  Security .

tip: if your ISP allows only 777 permissions change your ISP.

Want to know a little more?…….read on

Often references to file permissions in Linux-based systems you will come across the command chmod.  This is in fact a Unix command that is being implemented behind the permissions form when you select the attributes in the above diagrams.  e.g. chmod 0777 would be giving full permissions to a selected file or folder.

Lets go down a layer and see whats happening – “chmod changes the permissions of each given file according to mode, where mode describes the permissions to modify. Mode can be specified with octal numbers or with letters.”

The octal digits are assigned values for a particular permission. In numeric mode they are one to four octal digits, any digits omitted are assumed to be leading zeros. For the second,third and fourth digit (which our 755 example shows) we are attributing a value of 4 to read, a value of 2 to write and a value of 1 to execute (remember no value is interpreted as a leading zero.  We have then  selected our values for the User(the person who owns the file), Group (Users in the files Groups) and Public (Rest of the world not in the files groups).

 This is a diagram showing our attribute options.

attribute options-300x300











attribute options

 This is a diagram showing how the numeric value is calculated, and in brackets the equivalent letter code.
R = read
W = write
X = execute











permissions numeric value

 There are many articles on this subject and many ISPs have their own articles on the subject, hopefully I have managed to present a refined version of this subject giving you enough to get by or furnish you with enough information for you to explore the subject further.



Comments (0)

Leave a comment

You are commenting as guest.


No tweets found.