Reseller Web Hosting Offers:

How do I change permission for files and folders in cPanel?

 

Linux Web Hosting Control Panel will have a option to manage or change permission of your files and folders. Using that you can give or restrict read, write and execute privilege for user, group and to word. You can follow the below procedure to change permissions in cPanel after uploading the files:

1) Login into cPanel

2) Choose public_html folder in File manager

3) Click the file or folder name which you want to change permissions

4) In fifth column click permissions of file, change file permissions to 644 and folder permissions to 755 (or) 750 and save it.

By default the file permission should be 644 and the folder permission should be 750 or 755. If it is in 777 permission anyone can access and upload files.

644 means that files are readable and writable by the owner of the file and readable by users in the group owner of that file and readable by everyone else. 755 is the same thing, it just has the execute bit set for everyone. The execute bit is needed to be able to change into the directory.

The value for this is 755 (readable by User, Group and World, writable by User, executable by User, Group and World). It is set automatically when you create a folder. All CGI files (all files in the cgi-bin folder) need to be executable by others. … You need to change the file permissions manually.

For Example:
—–

If you are having accounts on your server is running PHP through Apache (i.e. no suPHP, 777 directories are required for PHP uploads). The two accounts are example.com and example1.com. example.com is running a Gallery script, that requires the upload directory to have world-write enabled, permissions 777, but the owner of example.com always keeps their Gallery script up-to-date and practices the best security policies. example1.com on the other hand, they don’t care about security. They are running an old WordPress install, and old Joomla script, and perhaps some other scripts that they never used and never updated or removed.

When example1.com gets hacked into because of the outdated scripts, those hackers may be able to place a PHP shell script onto the account, and they would then have access to write files into example.com’s upload directory, the directory on example.com that has 777 permissions.

This doesn’t seem quite fair, because example.com was keeping their scripts up-to-date, yet their account was also being used in the exploit.

Now consider this same scenario where example.com and example1.com are on a server running suPHP. example.com still has the Gallery script, but because suPHP is in use, the upload directory for the Gallery script can survive with permissions of 755.

Now when example1.com gets hacked because of their old and outdated scripts, that hacker cannot upload anything onto the example.com account because example.com does not have any open directories. The hacker can go wild on the example1.com account, upload and delete anything they want. But the blame always goes back to the owner of orange.com, why wasn’t that person keeping their scripts up-to-date?