1. Knowledge Base
  2. >
  3. Plesk
  4. >
  5. Plesk File Manager: Basic Linux File Permissions

Plesk File Manager: Basic Linux File Permissions

 

In the File Manager's file listing, there is a column labeled Permissions that has a string of symbols which represent who may access the file or the directory's contents. These permissions are divided into three sets of symbols containing r (read), w (write) and x (execute); a dash (-) in place of one of these symbols represents permission not given. Clicking on the permissions symbols in the listing will allow you to change them according to your needs.

User, Group and Other Permissions

User - The first set of three permission symbols determines what the owner of the file (the user listed in the User column) can do with it. It's possible for a user to allow other users on the same system to both read and write to a file. It's also possible for a user to deny write access to themselves such as when ensuring that an important document cannot be accidentally deleted.

Group - The next set of permissions represents what all users in the file's group (the group listed in the Group column) can do.

Other - The last set of permissions applies to everyone else not otherwise specified.

Numerical Permissions

Sometimes Linux files and permissions are given in sets of three or four digits instead of the rwx symbols in File Manager with the three digits corresponding to different combinations of rwx in each of the three groups. While numerical permissions are also valid for setting permissions on files; however, the meanings of these numbers is sometimes quite obscure and only the most common ones are usually important.

In general, the last three numbers of a numerical permission represent the user, group and other permissions respectively. If there is a fourth column, the first column is for any special permissions. Setting a zero in any of the last 3numeric columns disables all permissions in the corresponding rwx symbol set. These are the numeric file and directory permissions you may see most often referred to in documentation:

Common File Permissions
Numeric*SymbolsMeaningCommon Usage
0777rwxrwxrwxEveryone: read, write, and executeNONE - BIG security risk!
0755rwxr-xr-xRead, write and execute; everyone else, read and executecommon for scripts and programs
0700rwx------Read write and execute; everyone else, no permissionsPrivate scripts and programs
0666rw-rw-rw-Everyone: read and writeShared files
0644rw-r--r--Read and write; everyone else, readShared files (read-only)
0600rw-------Read and write; everyone else, no permissionsPrivate files
Common Directory Permissions
Numeric*SymbolsMeaningContained files are
0777rwxrwxrwxEveryone: list, create/delete, and traverseWorld-writeable - security risk!
0755rwxr-xr-xList, create/delete, and traverse; everyone else, list and traversePublic - potential security risk!
0700rwxr------List, create/delete, and traverse; everyone else, no permissionsPrivate
* The leading zero is usually omitted
 

Changing File Permissions

Files

On files, the execute permission is set on scripts and binaries so the server knows it can be run. In general, files should not be executable unless truly necessary; for instance, it's not necessary for the files installed by WordPress to be executable on the server, but scripts in cgi-bin should be.

Directories

For directories, the permissions look the same but have a slightly different meaning. The read permission means that files can be listed, write means that files can be created and deleted, and execute means that it can be "traversed" - or, put more simply, that you can go into other directories inside it. In general, most directories should be read-write-execute for the owner, and read-execute for everyone else; there are some cases where directories have more restrictive permissions for security reasons.

 
Be careful when setting permissions in Linux. Setting a directory under htdocs as world-writeable is an invitation to be hacked, as is putting a file with sensitive information (such as error logs) in a public directory.

If you don't want a file viewable to the public, do not put it under htdocs, and make sure the web server cannot write the files it executes.

For detailed instructions on how to change file permissions in Plesk, please read the following article:

Next: FTP Access


Introduction to Plesk Administration