Understanding how permissions work when you set them within your cPanel or using SSH (Shell) access is very important. If permissions are too lax, they may be accessed by unwanted users who may alter or remove them. If the permissions are too strict, then they may not be accessed by the right users to perform tasks as needed. This guide discusses permissions and how they work so you can set them with the proper amount of security.
All users fall into one of three categories. These categories are User, Group, and World. The User type is the individual account that creates the file or folder. The Group is listed as the group that the user belongs to, and the World setting encompasses everyone else.
|User Type||File definition||Folder definition|
|User||Allows the file to be opened and its contents read.||Allows the user to view (list) the contents of the folder (also requires the execute permission).|
|Group||Allows a file to be opened, read, and edited.||Allows the user to add or remove files within a folder (also requires the execute permission).|
|World||Allows the contents of the file to be executed in the server’s memory as well as shell scripts.||Allows the user to be able to enter the folder as well as manipulate its contents.|
Just like there are three types of users to which permissions can be assigned, there are also three types of permissions. These are Read, Write, and Execute. Note in the chart below that each permission has an numeric value. This is used for calculating the value for displaying in the octal mode.
|Read (r)||This permission allows the file to be opened and read by the user, ie: they can see the contents of the file or folder.||4|
|Write (w)||This permission allows the user to make changes to the file.||2|
|Execute (x)||This permission allows the execution of the file’s contents.||1|
Every file and folder on the server has file permissions information attached to it. The term mode is used to define the collection of three sets of permissions that each file or folder has. The mode can be viewed in two different formats. The default in the command line console is the long form. This is where the permissions are displayed as a string of all the permissions as one long alphabetic line. The cPanel user interface, however, displays the permissions in numeric, or octal, format.
The long form may look difficult at first, but once you understand how it is formatted it is quite easy. It is divided up into three different sections. The User section comprises the first three columns, followed by the Group section and then the World section. They are displayed all together like this example where we show a permission structure that grants all three permissions to all three user types.
If you separate the different sections visually, they make more sense. Below we show a permission structure where all users are granted all permissions broken apart so you can understand them a bit better.
rwx rwx rwx
If a permission is granted to a user type, the representative letter will appear in the mode. If the permission is not granted, it is displayed as a dash ‘-‘. Below is the example of a popular permission setup where the Group and World user types do not have Write permissions.
rwx r-x r-x
When viewing your file structure in the cPanel GUI (graphical user interface) the permissions are displayed as a three digit number. This is known as the octal form. Instead of three columns for each user type, there is a single column. The number in that column is the total of the values of their permissions granted to that user type. Below is an example of how the permissions display in the cPanel File Manager.
To read the octal format is very easy, below is a chart that displays the range of possible permissions.
|3||Write and Execute|
|5||Read and Execute|
|6||Read and Write|
|7||Read Write and Execute|
The octal format is laid out in the same format for user types as the long format. The first column is the User, the second is the Group and the third is the World. The mode is always displayed together, so 755 is a popular mode that gives all permissions (7) to the User, but only Read and Execute permissions (5) to the Group and World user types.