Server File Permissions

On computer filesystems, different files and directories have permissions that specify who and what can read, write, modify and access them. This is important because

Permission Modes

  7       7     7
 user   group  world
 r+w+x  r+x    r+x
 4+2+1  4+0+1  4+0+1  = 755

The permission mode is computed by adding up the following values for the user, the file group, and for everyone else. The diagram shows how.

  • Read 4 – Allowed to read files
  • Write 2 – Allowed to write/modify files
  • eXecute1 – Read/write/delete/modify/directory
  7       7      4
 user   group  world
 r+w+x    r      r
 4+2+1  4+0+0  4+0+0  = 644

Example Permission Modes

Mode Str Perms Explanation
0477 -r–rwxrwx owner has read only (4), other and group has rwx (7)
0677 -rw-rwxrwx owner has rw only(6), other and group has rwx (7)
0444 -r–r–r– all have read only (4)
0666 -rw-rw-rw- all have rw only (6)
0400 -r——– owner has read only(4), group and others have no permission(0)
0600 -rw——- owner has rw only, group and others have no permission
0470 -r–rwx— owner has read only, group has rwx, others have no permission
0407 -r—–rwx owner has read only, other has rwx, group has no permission
0670 -rw-rwx— owner has rw only, group has rwx, others have no permission
0607 -rw—-rwx owner has rw only, group has no permission and others have rwx
See full list 0000 to 0777.

Permission Scheme for WordPress

All files should be owned by your user account on your web server, and should be writable by your username. Any file that needs write access from WordPress should be group-owned by the user account used by the webserver. For example, you may have a user account that lets you FTP files back and forth to your server, but your server itself may run using a separate user, in a separate usergroup. A user such as dhapache or nobody.

The file and folder permissions of wordpress should be the same for most users, depending on the type of installation you performed and the umask settings of your system environment at the time of install.

NOTE: If you installed WordPress yourself, you likely do not need to modify file permissions. Unless you are experiencing problems with permission errors, or you want to, you probably should not mess with this.

For core WordPress files, all should be writable only by your user account. However, if you utilize mod_rewrite Permalinks or other .htaccess features you should make sure that WordPress can also write to your /.htaccess file.
If you want to use the built-in theme editor, all files need to be group writable. Try using it before modifying file permissions, it should work.

Some plugins require the /wp-content/ folder be made writeable, but in such cases they will let you know during installation. In some cases, this may require assigning 755 permissions or higher (e.g. 777 on some hosts). The same is true for /wp-content/cache/ and maybe /wp-content/uploads/

Additional directories under /wp-content/ should be documented by whatever plugin / theme requires them. Permissions will vary.

/
|- index.php
|- wp-admin
|   `- wp-admin.css
|- wp-blog-header.php
|- wp-comments-post.php
|- wp-commentsrss2.php
|- wp-config.php
|- wp-content
|   |- cache
|   |- plugins
|   |- themes
|   `- uploads
|- wp-cron.php
|- wp-includes
`- xmlrpc.php

5 Responses to “Server File Permissions”

  1. Polprav says:

    Hello from Russia!
    Can I quote a post in your blog with the link to you?

  2. AllelsSedaY says:

    Other variant is possible also but never lose sight of your customer.
    You are right.

    Thank you.

  3. Sam says:

    I love your site and enjoy what you have to say.
    http://weddingfavorsidea.com/

  4. Site Review says:

    Hey very nice blog!! Man .. Beautiful .. Amazing .. I will bookmark your blog and take the feeds also…

  5. Consider Free Blog Templates for Your Website…

    My blog is about free and low cast professional website templates for Joomla, themes for WordPress, …
    http://www.1webMaker.com