File & folder permission settings - Drupal 7

Quick reference to permission settings for a Drupal 7 site. Lifted from this post on Drupal.org.

/default 755  
/default/files 744 (or 755) including all sub-folders & files
/default/themes 755 including all sub-folders & files
/default/modules 755 including all sub-folders & files
/default/settings.php 444  
/default/default.settings.php 444  

 

/modules & /themes (core folder) rwxr-x---
/modules/* & /themes/* (core files) rw-r-----
/sites/default/modules & /sites/default/themes (hosted folders) rwxr-x---
/sites/default/modules/* & /sites/default/themes/* (hosted files) rw-r-----
/sites/default/files (folder) rwxrwx---
/sites/default/files/* (files) rw-rw----
/sites/default/files (sub-directories) rwxrwx---

 

Permissions set with chmod

When used in the chmod command, the symbols below have the meanings given:

"+" = add a permission to the ones already assigned
"-" = revoke a given permission maintaining the others already assigned
"=" = ignores the already assigned permissions and assigns the permissions specified
"u" = user
"g" = group
"o" = others
"a" = everybody / all (user, group, others)

For files:
r = read
w = write
x = execute

For directories:
r = list (read directory contents)
w = write
x = can access the directory (i.e., cd to the directory)

chmod human chmod numeric resulting permission
ugo=rwx 777 rwxrwxrwx
u-wx 470 r--rwx---
o+r 774 rwxrwxr--
g-wx,o+r 744 rwxr--r--
u-w,g-wx,o+r 544 r-xr--r--
g=,o=r 704 rwx---r--
a-wx 440 r--r-----
Justin Chevallier

Justin Chevallier

Avid Drupal site builder & user for +9 years.

Comments

Submitted by Steve D. on

Shouldn't settings and default.settings.php be set to 400 (or 640)? Giving read access to "others" - 444 - seems very insecure.

Submitted by Justin on

The advice to use 444 for your settings.php file post the initial install is taken from this post on Drupal.org: https://www.drupal.org/documentation/install/settings-file

I guess you might be able to get away with using 400 provided the settings.php file owner is set as root or something like that. Not 100% on what the implications are though.

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.