Thread

I had a tech at the hosting company take it upon himself to change file permissions on an existing site that was functioning fine. It messed the site up. I think everything is back to normal but I want to conform what the Expression Engine tech support folks feel permissions should be. What I have is on all files:

All files should be 644 except what is called out in the docs on the install page:

* /system/expressionengine/config/config.php
* /system/expressionengine/config/database.php

All folders 755 except the following folders which should be 777:

* /system/expressionengine/cache/
* /images/avatars/uploads/
* /images/captchas/
* /images/member_photos/
* /images/pm_attachments/
* /images/signature_attachments/
* /images/uploads/

What about index.php files in all folders? I noticed that some are still owned by root. This is wrong. Should file permissions for index.php files be 644 as well?

What about folders and files inside folders that are set to 777? Should they also be 777 as well?

What about the templates folder? Should all subfolders and files be 777 as well?

What are the exceptions to folders set to 755 and files set to 644?

Hi, Eric. It depends on where you are hosted, whether or not you need 777 verus 755 and 666 versus 644.

For instance, on EngineHosting, I don’t have to fiddle with setting permissions to anything. It’s all done for me.

On MediaTemple, I have to set various folders and files before the install occurs.

I just checked my index.php file in the /images/avatars folder, the owner is set to the domain name, not root or anything else. You’ll have problems deleting those files down the line..

Hmmm….I don’t seem to be getting emails from Expression Engine forums.

I checked and when I create a new template group and edit the index page inside the test template group the brand new folder inside the template group is 777 and the file is 666.

I checked a few index pages and they were all 644 except the index pages inside the templates folder which are 755.

It looks like:

Default folder: 755
Default file: 644

Exceptions - writable folders or files:
Writable folders: 777
Writable file: 666

Writable folders:
* /system/expressionengine/cache/
* /images/avatars/uploads/
* /images/captchas/
* /images/member_photos/
* /images/pm_attachments/
* /images/signature_attachments/
* /images/uploads/
* /system/expressionengine/templates
* Any file upload folder

Possibly the best solutions for straightening out issues would be to set all folders to 755 and all files to 644 and then go back and change the writable folders to 777 and the writable files to 666.

Make sense? Does anybody see any exceptions to this general policy?

Makes sense to me. I cheat and make all the folders in the images folder writable, it’s easier that way.

We can leave this alone for a few more days, let us know when you’re ready to close the thread.

Looking at index.php and index.html files…Seems that all of them should never be writable - even in the images folders. I understand that this is a security risk if they are. Other than in the templates folder, are there any index.html or php files that need to be writable?

Possibly the best solutions for straightening out issues would be to set all folders to 755 and all files to 644 and then go back and change the writable folders to 777 and the writable files to 666.

Yes, I think that is a sensible approach.

Looking at index.php and index.html files…Seems that all of them should never be writable - even in the images folders. I understand that this is a security risk if they are. Other than in the templates folder, are there any index.html or php files that need to be writable?

No, no regular index.html (or any EE file for that matter) needs to be writable. Exceptions are mentioned in the docs.