Access Forbidden – Proper Permissions for Websites

Ownership and Permissions

  • chmod – You must specify a numeric argument here. As a quick refresher:
    • The first number is user permissions.
    • The second number is group permissions.
    • The third number is overall permissions.
    • Values are cumulative in each number.
    • 1 is executable.

Permission Primer For Shared Environments

The right permissions are about finding the least permissive settings while still ensure that your web server is running. In an Ubuntu server running Apache, the web user is www-data by default. Your web user (aka www-data) must be able to execute your folders and view your files. If one of these steps fails, your web page will not be displayed to your users.

In an very simple implementation, www-data would be the group for your file. Shared environments where a user has a special web home directory (such as CUCS),  however, will not have this setup. For the purposes of this segment, we are providing recommended settings for a shared web environment.

  • Numerical permissions typical for web files would be 644 or 664. If the file needs to be accessible by people in your group, use 664. Otherwise, use 644 to keep write permissions limited to you.
    • Do not assign 666, as this means any user can write to your file, overwrite your changes, or delete your file.
  • Numerical permissions typical for web folders would be 711 or 751. If the folder needs to be viewed by people in your group, use 751. Otherwise, use 711 to keep write and read permissions to yourself.
    • Do not use 777, as any logged in user will be able to add new files to this folder, or move the folder, taking it offline.
    • Do not use 775 or 755 unless you intend to show users your directory structure when there is no index available.