File permissions are one of your server’s most important security features. They give you fine-grained control over who can read, write, and execute files. Without them, it would be impossible to safely host multiple users’ websites and data.
However, incorrect permissions often cause hard-to-diagnose issues. If a website doesn’t load properly or software crashes, there’s a good chance misconfigured permissions are the culprit. They can also be challenging to manage with chmod, the standard Linux permission management tool.
In this article, we explain what permissions are and how they work, before showing you how simple it is to assign them in cPanel.
File Permission Settings
Every file and folder on your server has a set of permissions. One way to see them is on the command line with the ls command.
The -l option tells ls to display a detailed listing with extra information.
We’re interested in the first, third, and fourth columns. The second column shows how many links a file has, which isn’t related to permissions.
Before we get to the permissions, let’s look at the owner and group columns. The meaning of “owner” is straightforward: It’s the user who owns the file; in this case, user1.
Files also have an associated group. Groups are collections of users, and they’re useful for managing the permissions of multiple users at once. Here the group is also called user1. Every user has a group, and when they create a file, permissions are automatically granted to its members.
Now, let’s zoom in even further and look at the permissions themselves.
The leftmost letter indicates the filetype. Here it’s a d so we know the file is a directory. If it was a normal file there would be a dash (-) in this column, as you can see in the first image.
Next, there are three groups of three letters. These indicate read (r), write (w), and execute (x) for the owner, the group, and others. Others, sometimes called “the world,” means every account on the server that isn’t the user and isn’t in the group.
In our example, all three can read, write, and execute the file, but you will rarely see this on a server because it’s prudent to limit access, especially for the other category.
Changing File Permissions with Chmod
Let’s say you want the owner and group members to read and write the file, but only allow other users to read it. We’ll show you an easier way to do this in cPanel in a moment, but for now, we’ll use chmod, a command-line tool for managing permissions.
chmod a-wx example.html chmod og+w example.html
To tell chmod what to change, we use plus (+) to add permissions and minus (-) to remove them. We also tell it to whom the changes should apply: o for the owner, g for the group, o for others, and a for everyone.
The first command tells chmod to remove write (w) and execute (x) from all users. The second then adds write permissions back to the owner and group. The file’s permissions now look like this:
The dashes are used to indicate the lack of a particular permission.
File Permissions with Numbers
There is another way to tell chmod which permissions to use, and it’s often easier to understand, which is why we use it in cPanel’s File Manager.
Instead of a letter, we use a number:
- No permissions is 0
- Read is 4
- Write is 2
- Execute is 1
To set permissions, the numbers are simply added together. For example, to set read (4) and write (2), we’d use 6. To achieve the same permissions as in the previous example, we’d use the following command:
chmod 664 example.html
That’s 6 (read plus write) for the owner and group, and 4 (read-only) for others. To give the same permissions to the group and others, but also allow the owner to execute the file, we’d use:
chmod 764 example.html
To indicate read, write, and execute we add 4, 2, and 1 for a total of 7.
If you’re wondering why those particular numbers were chosen, it’s because 7 is the octal (base-8) representation of the binary 111. We’re telling chmod which bits to set for read (100), write (010), and execute (001).
File Permissions for Directories
There is one last wrinkle to understand: what do read and execute mean for a directory? After all, you can execute a file with code in it, but you can’t execute a directory.
In fact, the permissions have a different meaning when applied to a directory:
- Read (r or 4) allows users to list files in the directory.
- Write (w or 2) allows users to create, rename, and delete files in the directory.
- Execute (x or 1) allows users to access the files and folders the directory contains.
How to Assign Permissions to Files and Folders With File Manager
cPanel provides an easy-to-use interface for setting file permissions within the File Manager. Open File Manager, which you will find in the Files section of the main page.
File permissions are displayed in the rightmost column of the File Manager, using the numerical notation.
To change them, select a file and click Permissions in the menu bar.
Setting new permissions for the user, group, and world (others) is as simple as checking and unchecking read, write, and execute. As you make changes, they are reflected in the box at the bottom, but they won’t be applied until you confirm by clicking Change Permissions.
File permissions are an essential component of server security, especially on shared hosting servers with many users. Setting the wrong permissions can break software and open you to dangerous vulnerabilities, so it’s worth taking time to understand how they work. With cPanel & WHM’s intuitive interface, permission management is a breeze.
As always, if you have any feedback or comments, please let us know. We are here to help in the best ways we can. You’ll find us on Discord, the cPanel forums, and Reddit.