Understanding how permissions work when you set them within your cPanel or using SSH (Shell) access is very important. If permissions are too lenient, they could be accessed by unwanted users who may alter or remove them. If the permissions are too strict, then they may not be accessed by the right users to perform tasks as needed. This guide will discuss permissions and how they work so you can set them with the proper amount of security.
All users fall into one of three categories. These categories are User, Group, and World. The User type is the individual account that creates the file or folder. The Group is listed as the group that the user belongs to, and the World setting is everyone else.
Just like there are three types of users to which permissions can be assigned, there are also three types of permissions. These are Read, Write, and Execute.
Read designated by a lowercase r allows the file to be opened and read by the user. They can see the contents of the file or folder.
Write designated by a lowercase w allows the user to make changes to the file.
Execute designated by a lowercase x allows the execution of the file contents.
Every file and folder on the server has file permissions information attached to it. The term mode is used to define the collection of three sets of permissions that each file or folder has. The mode can be viewed in two different formats. The default in the command line console is the long form. This is where the permissions are displayed as a string of all the permissions in one long alphabetic line. The cPanel user interface, however, displays the permissions in numeric, or octal, format.
The long form may look difficult at first, but once you understand how it’s formatted it is really quite easy. There are three separate sections. The User section comprises the first three columns, followed by the Group section and then the World section. They are displayed all together like the example below where a permission structure is shown that grants all three permissions to all three user types.
rwx rwx rwx
If a permission is granted to a user type, the representative letter will appear in the mode. If the permission is not granted, it is displayed as a dash ‘-‘. Below is the example of a permission setup where the Group and World user types do not have Write permissions.
rwx r-x r-x
When viewing a file structure in the cPanel File Manager the permissions are displayed as a three digit number with a 0 preceding them. This is known as the octal form. Instead of three columns for each user type, there is a single column. The number in that column is the total of the values of their permissions granted to that user type.
You can see this in more detail if you select a file and then click Permissions along the top menu bar.
To read the octal format is very easy. Below you will see the range of possible permissions.
- 0 None
- 1 Execute
- 2 Write
- 3 Write and Execute
- 4 Read
- 5 Read and Execute
- 6 Read and Write
- 7 Read Write and Execute
The octal format is laid out in the same format for user types as the long format. Remember to disregard the first 0 when viewing permissions in the cPanel File Manager. The first number is the User, the second is the Group and the third is the World. The mode is always displayed together, so 755 is a popular mode that gives all permissions (7) to the User , but only Read and Execute permissions (5) to the Group and World user types.