Why are 644 and 755 unix permissions ideal for files/directories in public directories?

Question:

dave

2009-11-01 21:14:48 UTC

I've been searching around and I still can't figure out why most scripts and developers recommend that the ideal unix permissions for public_html/other public files and folders are ... 644 permissions for files and 755 permissions for folders...

The reason why I'm confused that scripts and others recommend this is if you install a script in a shared hosting environment, even if you're using SuPHP or open_basedir or other security practices, someone on that server could still possibly "view" your files which could include database config files and other files that you wouldn't want someone to read/access.

It would make sense that files should be 640 and folders 750 so that the world user (and executed processes/scripts PHP, CGI, PERL, SSH etc) can NOT access your files/folders.

So why is this not recommended as it seems to be the more secure permission set for files/directories? Is 644 or 755 a security risk?

Three answers:

2016-05-22 05:32:54 UTC

It sounds you are not keeping well. You are low on energy. You may like to follow undermentioned routines to get better energy levels. I hope you will be able to avoid the things that you pour in your drinks. Do not sleep for at least 3 hours after a meal. This is most important. 1. First 3 days Drink 2 glasses of water before each meal. So total should be 6 glasses a day. Stop all other liquids. For example if you take lunch at 2.00 pm, take 1 glass each at 1.00 and 1.30 pm. Some deviations from suggested times are ok. Do not drink water after 7 PM. 2. Next 2 days Reduce water intake to 3 glasses day. 1 Glass before each meal. 3. Next 2 days Reduce water intake to 1 glass day. 4. Next Repeat 2 and 3 again and again. After 1 month repeat 1,2and 3.

martinthurn

2009-11-02 08:53:34 UTC

Well for one thing, any file related to a web server needs to be readable by the effective ID of the server process, therefore by definition everything in public_html MUST be world-readable... Otherwise it's not public, is it?

Also, if a "bad person" gets access to your server, your database configuration is NOT very important in the grand scheme of things -- your sysadmin will have much more important things to worry about than your database!

fran

2009-11-01 21:30:03 UTC

Normally the files with 0644 and 0755 are those that you extract from the .tar.gz files, so in any case they are already public.

For the configuration files or for those with private data, 0600 is recommended instead. Even some applications refuse to work (or even they automatically run chmod on them) when more permissive permissions are granted to configuration files.

ⓘ

This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.

about - legalese