File and Directory Permissions in cPanel/Plesk

When you upload files and directories to your web hosting space, they are automatically assigned permissions. These permissions determine who can access, read, modify, or execute each file and directory.

Permissions Overview

Your cPanel/Plesk account is hosted on a Linux-based server, which uses a permission system based on three Classes of access:

- User: This is the owner of the file or directory, typically your cPanel/plesk username.
- Group: This is also associated with your cPanel/Plesk username—each user has their own group by default.
- Other: Represents all other users who may access the file or directory from outside your account.

Each of these Classes can be assigned three types of permissions:

- Read [r]: Allows the file’s contents to be read.
- Write [w]: Allows the file to be modified, renamed, or deleted.
- Execute [x]: For files, this allows them to be executed (like a script); for directories, it allows them to be accessed or opened.

Understanding Permission Values

Each permission type is represented by a number:
- Read = 4
- Write = 2
- Execute = 1

By adding these numbers, you can assign permissions for each Class. For example:
- 600: User can read and write (4+2=6), while Group and Other have no permissions (0).
- 755: User can read, write, and execute (4+2+1=7), and both Group and Other can read and execute (4+1=5).

Permissions can also be shown using letter codes, such as -rw-r--r--, where:
- The first character indicates if it’s a file (-) or directory (d).
- The next three characters represent User permissions, followed by Group, and finally Other.

Examples

File Permissions Example

If we say a file should be chmod 600:
- User: Can Read (4) and Write (2), totalling 6.
- Group: No permissions (0).
- Other: No permissions (0).

This can also be expressed as -rw-------.

Directory Permissions Example

If a directory should be chmod 755:
- User: Can Read (4), Write (2), and Execute (1) = 7.
- Group: Can Read (4) and Execute (1) = 5.
- Other: Can Read (4) and Execute (1) = 5.

This is expressed as drwxr-xr-x, where d indicates a directory.

How Permissions Affect Files vs. Directories

The meaning of Read, Write, and Execute permissions changes when applied to directories:

- Read: Allows listing the contents of the directory.
- Write: Allows creating, renaming, or deleting files within the directory.
- Execute: Allows access to the directory and its files.

For example, files and directories in public_html/ might look like this:

public_html/ 
├── [drwxr-xr-x] dir1 
│ ├── [-rw-r--r--] file1.txt 
│ ├── [drwx------] dir3 
│ └── [-rw-r--r--] file3.txt 
├── [drwxr-xr-x] dir2 
└── [-rw-r--r--] file0.txt

If accessed as Other (like a visitor to your website):

- file0.txt: Can be read because it has r permission for Other.
- file1.txt: Can be read because dir1 has the Execute x bit for Other, allowing access to file1.txt.
- file3.txt: Cannot be read because dir3 has no permissions for Other.

Important Note on Directory Permissions

To access a file within nested directories, each directory in the path must have the Execute x permission for Other. For example, if we change permissions as follows:

public_html/ 
├── [drwxr-xr--] dir1
│ ├── [-rw-r--r--] file1.txt 
│ ├── [drwxr-xr-x] dir3 
│ └── [-rw-r--r--] file3.txt 
├── [drwxr-xr-x] dir2 
└── [-rw-r--r--] file0.txt

Since dir1 lacks the Execute x permission for Other, access to file3.txt is blocked, even though dir3 has the required Execute permission. Each directory in the chain must grant the necessary permissions for the final file to be accessible.

For more detailed guidance, feel free to reach out to the VoltHosting support team for assistance.

Updated on: 08/11/2024