Knowledgebase
Webinova Online Customer Support > Webinova Help Desk > Knowledgebase

Search help:


File permissions based security issues in Joomla

Solution

SiteGround utilizes Linux OS for all shared hosting servers and every file or folder in Linux has access permissions. There are three types of permissions (what is allowed to do with a file): 

  • read access – r
  • write access – w
  • execute access – e

Permissions are defined for three types of users: 

  • the owner of the file
  • the group that the owner belongs to
  • other users

Thus, Linux file permissions are nine bits of information (3 types x 3 type of users), each of them may have just one of two values: allowed or denied. Simply put, for each file it can be specified who can read or write from/to the file. For programs or scripts it also can be set if they are allowed to be executed.

One simple way to protect your script is to ensure that the correct permissions are applied to your files and folders. The following settings are the recommended permissions:

  • .htaccess file – 644 (Read and Write granted to you, Read-only to anyone else)
  • configuration.php (while site in development) – 644 (Read and Write granted to you, Read-only to anyone else)
  • configuration.php (when site is live) – 444 (Read access only)
  • Directories – 755 (Read/Write/Execute to you, Read and Execute to anyone else)
  • Files – 644 (Read/Write to you, Read-only to anyone else)

A common error is to make your templates folder world readable/writable (777). Although this directory contains your visual files, it is very important to have the right set of permissions. You should never set the permissions to be higher than 755.

 
Was this article helpful? yes / no
Article details
Article ID: 285
Category: General Joomla FAQ
Date added: 2012-12-11 15:26:51
Views: 19
Rating (Votes): Article rated 3.0/5.0 (6)

 
« Go back

 
Powered by Help Desk Software HESK - brought to you by Help Desk Software SysAid