Support

Documentation

Fixing the permissions of files and directories

As any web site administrator knows, file and directories permissions are the first gatekeeper on the way to having a site hacked. Having 0777 permissions lying around is a big mistake and could prove fatal to your site. For more information, read my blog post. Ideally, you should only have 0755 permissions for your directories and 0644 for your files.

On other occasions, we have all run across a misconfigured server which gives newly created files and directories impractical permissions, like 0600. This has the immediate effect that newly uploaded or created files are not accessible from the web. Fixing those permissions is a tedious process, hunting down the files with FTP and changing their permissions manually. Ever so often this becomes so tedious that we are tempted to just give 0777 permissions to everything and get done with it. Big, fatal mistake.

The solution to those permissions problems is the Fix permissions tool of Admin Tools. Its mission is as simple as it gets: it will give all your directories 0755 permissions and all of your files 0644 permissions. Obviously, this only has effect on Linux, Mac OS X, Solaris and other hosts based of UNIX-derivative Operating Systems, i.e. everything except servers running on Windows. If you are on a shared host you will most likely want to enable Joomla!'s FTP layer in your site's Global Configuration. Admin Tools will detect that and when it runs across a file or directory whose permissions can't be changed by PHP will use FTP to perform this task.

[Note]Note

You can customize the permissions per folder and file using the Permissions Configuration page.

[Warning]Warning

It is possible that —if you select the wrong kind of permissions in the Permissions Configuration page— you will be locked out of your site and will not be able to access it over FTP or your hosting panel's file manager. If this happens, please contact your host and ask them to fix the permissions of your site.

When you click on the Fix Permissions tool you are going to see the "Fixing Permissions..." pop-up window with a progress bar filling up as Admin Tools is changing the permissions of all your directories and files.

Fixing permissions

When it's over the progress bar will fill up and the title of the page changes to "Finished fixing permissions":

Finishing fixing permissions

Just click on the Back button to return the the Control Panel page.

No permissions have been changed on my site. Why?

It's a matter of ownership. If you are on a host which doesn't use suPHP, your files and directories are owned by a different user than the one the web server is running under. All you have to do is go to the Global Configuration page of your site, enter your FTP details and enable Joomla!'s FTP option. Admin Tools will pick it up next time you try to fix permissions and automatically use the FTP mode whenever it can't change permissions directly.

I can see a lot of JFTP error messages in red background during that process. What's wrong?

Admin Tools, as explained in the above paragraph, tries to use the FTP mode whenever it can't change the permissions directly. In order for this trick to work, your FTP server must support the CHMOD command. Not all servers do, though, especially those running on Windows where there is no notion of permissions. If you get this long list of JFTP Bad Response messages, please ask your host whether their FTP server supports the CHMOD command.

Finally, some hosts place directories inside your web root which are not meant to be directly accessible to you, i.e. a cgi-bin or a stats directory. You can't change the permissions of those directories due to their ownership (they are usually owned by a reserved system user or the root user) and will cause a few JFTP error messages to be spat out. This is normal and you shouldn't worry about that.

Configuring the permissions of files and directories

By default, Admin Tools will apply 0755 permissions to all of your directories and 0644 permissions to all of your files. However, this isn't always desirable. Sometimes you want to make configuration files read-only (0400 or similar permissions) or give a directory wide-open (0777) permissions. While this is not recommended, it may be the only option on some shared hosts for several extensions to work. Most notably, some extensions need to be able to append to files —e.g. Akeeba Backup needs to append to its log and backup archives— which is impossible to do over FTP and, therefore, requires wider permissions. Since Admin Tools 1.0.b1 you can do that using the Permissions Configuration button in the component's control panel.

Configuring the permissions

When you launch this feature you see a page split in three sections.

The top section, titled Default permissions, allows you to configure the permissions which will be applied if nothing different is configured. Use the drop-down lists to select the default permissions for directories and files (the default setting is 755 and 644 respectively), then use the Save default permissions button to apply the setting.

The middle section shows the path to the currently selected directory and allows you to quickly navigate through the folders by clicking on their names.

The bottom section is split in two panes, Folders and Files. Each pane lists the folders and files inside the current directory. Clicking on the name of a folder will navigate inside that folder. There are three columns next to each folder. The first displays the current owner (user:group format). The second displays the current permissions of that directory in the file system. The final column contains is a drop down list. The default setting, represented by dashes, means that there is no specific preference for this folder/file and the default permissions will be applied to it. If you select a customized permissions setting remember to click the Save custom permissions button before navigating to another folder or returning to the control page, otherwise your settings will be lost.

[Important]Important

None of these customized permission settings are applied immediately. You will need to launch the Fix Permissions feature for them to be applied. Click on the Back button to return to the Control Panel page where you can find this button.

Alternatively, you can click on the Fix and Apply Permissions button to immediately save and apply all custom permissions you see on this page. If you don't see the permission changing, please take a look at the previous section of this user's guide for more information on what you have to do.