The purpose of setting file permissions is to restrict access to your files and directories. The permissions ultimately determine who can read, write and/or execute your files. As such, they are clearly a security risk if not implemented correctly.
To begin with, it's important you understand the three categories of permissions you can assign rights to, which are:
In most cases this is not so much of a concern, as typically you are the owner of your own files.
The setting makes it possible for a specific group of users to access the file.
This is the arguably most important category. Public, or "world" permissions determine what ANYBODY on the system can and cannot do with your files.
Each of the above categories can be assigned a number, determining the level of access.
0 No permissions
5 Read / Execute
6 Read / Write
7 Read / Write / Execute
755 = Read / Write / Execute for the Owner; Read / Execute for the Group; Read / Execute for the Public.
644 = Read / Write for the Owner; Read for the Group; Read for the Public.
To set file permissions:
These instructions should work for most popular FTP software. If not, please consult their manual. You can also change file permissions via the "File Manager" in your cPanel.
1. Login with your FTP client
2. Locate the file you wish to change
3. Right click on the file and select CHMOD
At this point you should be able to select the individual permissions you want, or simply enter the 3 digit number if you know what it is. Most downloaded scripts will include instructions indicating the required permissions. If you're not sure, stick with the system defaults and don't change anything.
By default, all files uploaded to the server automatically have permissions set to 644. This is relatively safe, as 644 provides "Read" and "Write" access to the owner, while limiting the rest of the public to "Read Only" access. Crucially, other users on the server cannot "write" to the file. The security implications of allowing random users to modify to your files and scripts can be significant.
Setting permissions on files is a relatively simple task, however PLEASE be sure you fully understand what it is you're allowing people to do with your files.
Some users have been known to make the mistake of setting all of their files and folders to 777. Put simply, this is how web sites get hacked.
While most visitors have good intentions, all it takes is one person seeking an open back door. Should they find one, permissions of 777 potentially gives them the ability to do anything from defacing your website to deleting it entirely.
You may encounter website scripts that require a directory to be writeable by the server. Because we run suPHP on our servers, your PHP scripts are executed under your username (rather than "nobody"), and are therefore able to write to directories with the standard, default permissions. You should rarely, if ever, need to resort to 777, and we advise against it where possible.