Getting to grips with ownership
and permissions
Ruth Cheesley Virya Technologies
@RCheesley / @ViryaTech
Did you tell people you're at @JoomlaSuffolk this evening? Did
you check in at Basepoint?
In an interconnected world, we need to control who can access
what!
Data is everything in the digital age with vital information no
longer entrusted to lock and key but being stored on computers
often thousands of miles away from where they were deposited.
Controlling who can access this data whether it be your bank
account or your facebook photos comes down to a simple matter of
ownership, and permissions.
People often get totally baffled by these core concepts so
hopefully this should make a bit of sense and help you understand
how it works.
Once you 'get' this you're over a large hurdle when it comes to
web design and hosting issues!
Emergency Phone Number
(share with all who know where to find it)
I might want to sharesomething with just thisgroupSome things I
mightwant to share with
these groups
Some things I want to Share with everyone(the world)
Some things I mightonly want to be availableto me (owner)
Facebook
So how does it all work
'behind the scenes'?
World
(The world, the universe, and everything not in the same groupas
the owner)Group
(A set of users in the same group as the owner)Owner
(owns the file)
Read (r)
Write (w)
Execute (x)
Can view the fileChmod +r / -rNumerical value = 4
Can make changes or modify the fileChmod +w / -wNumerical value
= 2
Can run the file (generally applicable at command line)Chmod +x
/ -xNumerical value = 1
NOTE: Folders cannot be listed and files within can't be
accessed if the folder does not have execute permissions
So what about 7's and 6's
All permission combinations are derived by adding these basic
permissions
7 represents Read (4) + Write (2) + Execute (1)
6 represents Read (4) + Write (2)
Basic file permissions
NumberPermission
0Deny all
1Execute (x) only
2Write (w) only
3Write & Execute (2+1)
4Read only
5Read & Execute (4+1)
6Read & Write (4+2)
7Read + Write + Execute (4+2+1)
Important considerations
Write permissions are required for moving a file
You must be owner of a file/folder to change its
permissions
You need read permission on a folder to show the
contents
Generally permissions are tighter for 'world', less so for
'group' and least for 'owner'
So what does 755 and 644 mean?
In Joomla! Folders should be 755 and files 644 configuration.php
should be 444
What does this mean?
Let's work it out!
Joomla! permissions
OwnerGroupWorld
7(Read + Write + Execute)rwx5(Read + Execute)r-x5(Read +
Execute)r-x
6(Read + Write)rw-4(Read)(r--)4(Read)(r--)
What is chmod all about?
A command you can use to change the permissions on files and
folders
Used in command line
Example:
chmod [options] [permissions] [item]
chmod +R 644 MyFolder
Why does this cause problems?
Generally down to poor setup by hosting providers (or simply
lack of awareness)
Usually relates to how Joomla! was originally
installed
Which user 'owns' the files and folders, and therefore has or
doesn't have permissions
FTP username is joebloggs
Therefore OWNED by joebloggs
joebloggs is in the managers group
File and folder has permissions which restrict who can:
Read
Write
Execute
Trying to access and/or movefiles and/or folders, or listfolders
will result in:
If file/folder is not available with appropriate access, 403
forbidden
If file/folder is available with appropriate access, access
granted
Where it goes wrong
World
(The world, the universe, and everything not in the same groupas
the owner)Group
(A set of users in the same group as the owner)Owner
(owns the file)
How to fix this
Chmod the files & folders to the correct permissions, if
permission is an issue (or use Admin Tools!)
Set up the server correctly -
www.virya.co.uk/joomlaserversetup
The geeky stuff
If your server runs mod_phpDocument root: 750
Directories: 755 (711 if you're paranoid only if not listed)
Files: 644
If your server runs fast-cgi, suphp or cgiDocument root: 750
Directories: 755 (711 if you're paranoid only if not listed)
HTML & Image files: 644 (444 if you're paranoid)
PHP files: 600 (400 if you're paranoid)
SOURCE: www.virya.co.uk/joomlaserversetup
A word of warning
It's very useful to have a basic understanding of ownership
& permissions to help you troubleshoot, but TAKE
BACKUPS!
You can completely break things by tinkering with permissions if
you don't know what you're doing!
If in doubt, speak to a geek!
Thank you!
Any questions?
Ruth Cheesley@Rcheesley / @ViryaTech
