For a web document root, the best permissions are 755
for directories/folders & 644
for files. The key is making sure the directories/folders as well as the files are owned by the same user connected to the web server. Which in Linux systems is usually www-data
. I actually gave a fairly detailed explanation on why 777
permissions are not good for any reason over here and here is an edited version for your question.
When you set permissions to 777
it means that 100% anyone with access to your machine on any level can read
, write
& execute
the file. Meaning if your site gets hacked, a hacker than then use the execute permissions to launch scripts to get deeper in your system. Or someone else on the system—since they can read
, write
& execute
the file—can simply delete your files without you ever knowing.
Setting directories to 755
and setting files to 644
is the best way to go as long as the ownership of the file is solid & correct. 644
permissions basically break down as follows:
- The first
6
means the owner of the file canread
&write
to it. - The next
4
means members of the group connected to that file can onlyread
it. - The next
4
means others—who are neither the owner or a member of the group—canread
it.
As for 755
they are best for directories/folders because directories/folders need to have execute
rights to allow you to view the contents inside of them. So it breaks down like this:
- The first
7
means the owner of the file canread
,write
&execute
it. - The next
5
means members of the group connected to that directory/folder can onlyread
&execute
it. - The next
5
means others—who are neither the owner or a member of the group—can can onlyread
&execute
it.