File permissions (chmod) for files / folders
File permissions (chmod) contribute to the security of your web hosting account. The following entry describes how you can change the file permissions in your web hosting packages. At the same time, there are a few conditions that need to be considered.
Where can I set file permissions?
- In file browser of your web hosting package.
- Via FTP client.
- Via SSH client.
Please note that files and folders should always have the following permissions.
Files and folders in the "cgi-bin" folder must always have permission 0755.
File permissions (chmod) 0777
Many of your PHP scripts (especially older ones) claim the 0777 file permission.
Please note that setting these permissions is not allowed for your own safety.
In such a case, leave the default of a folder 0755. This value will also meet the requirements of your script with the default 0777.
File permissions (chmod) / Example: 0400
File permissions like 0400 and many others are of course possible without any problems. The system will only deny you unsafe conditions like 0777 or similar defaults.
What's behind all this?
Such file permissions as 0777 allow outsiders from the World Wide Web to edit your files if necessary. In general, the last two digits of the file permissions should never have values of 2, 3, 6, or 7.
The problem with the actual thing is that some PHP scripts need file permissions to edit files. Usually PHP is then run with a user like "nobody" on the server. PHP would be treated the same as an unknown visitor to your website in this configuration mode. Visitors to your website or potential attackers would have the same executable rights as your PHP scripts within your environment.
To solve such problems, we run your PHP processes exclusively with your users. phpSuExec]
With this solution we ensure that all your PHP scripts have the same rights as your user and at the same time do not need separate CHMOD rights to write or edit files. Whereby outsiders and potential attackers still have to be content with read-only rights. Therefore 0755 is the perfect choice. It allows all actions for PHP and only read / view for potential attackers.
In general, you should always make sure to secure your applications with strong and unique passwords. Once an outsider has access to your environment, even the listed security features are of no use to you.
Note on the surroundings
The environment listed here makes the daily work on your web projects easier for us and for you! Many end users are already overwhelmed with the correct assignment of proper CHMOD rights.
In some articles phpSuExec or even variations like suPHP are described as safe but too slow in contrast to their alternatives. This is fundamentally correct, but is rendered unnecessary by the use of PHP LiteSpeed SAPI.
Please also note that this article is not intended to talk down the sense of CHMOD rights. Both variants have their advantages and disadvantages for you as an end customer and for us as an operator.
In this case, you are in possession of a largely secure environment and your PHP scripts like WordPress remain safe for the automatic update routines.
Alternative environment with CHMOD allocation
An alternative environment for fans of CHMOD allocation is not currently available at STREAMPANEL.
We recommend you to test the webhosting packages according to your requirements and to ask in case of doubt!
If you do not have the time for this, we recommend that you look for alternative providers on the net.
In any case, you should give it a try. STREAMPANEL already offers a lot of premium services in the basic version which you would have to pay extra for with other providers!