Contact
Site: US UK AU |

How to set Magento file permissions

How to set Magento file permissions

Overview
This article discusses how to set the proper permissions for files within a Magento installation.

Environmental considerations

Before installing Magento, first consider the environment in which you are hosting your site. Linux runs within two main environments: PHP scripts that use mod_php or equivalent, and PHP scripts that use an intermediate construct.

Mod_php or equivalent PHP scripts

PHP scripts that use mod_php or equivalent are executed as the webserver user. When your script is running, it can read and sometimes write with the same privilege level as the web server. This allows cross-account snooping in shared-hosting setups and is dangerous in shared environments, particularly in eCommerce.

PHP scripts running using an intermediate construct

Other PHP scripts use an intermediate construct such as suPHP, PHP suEXEC, PHP-FPM, and so on. In this case, your scripts run offer a more secure overall configuration when running on a shared server, and our team prefers this setup.

This method is also preferred because Linux provides an extra level of security when the permissions are configured correctly. All of our shared Magento SIP plans provide this preferred environment, giving isolated user-based permissions, and therefore more strict file permissions.

Magento file permissions

You must have SSH access to execute any of the the changes shown below. If you do not have SSH access, contact the Nexcess Support Team for assistance.  

Linux permissions

The first of these changes to Linux permissions restricts reading and writing privileges to all files in your Magento base directory to you; all others will only have reading privileges. The following command establishes a baseline in which the webserver itself can read all files. It will need read-access to serve static content like images, CSS and Javascript files:

find </path/to/magento> -type f \-exec chmod 644 {} \;

The second of these changes to Linux permissions makes all directories in your Magento base directory istable, file-editable and navigable for you, while only navigable for all others:

find </path/to/magento> -type d \-exec chmod 711 {} \;

The third change locks permissions for all PHP scripts so only you can read them. This is ideal because only you need to know the contents of scripts.

find </path/to/magento> -type f -name “*.php” \-exec chmod 600 {} \;

Finally, we recommend restricting all access to your local Magento configuration files to yourself with the below command. Only the PHP scripts need to read these files and PHP is running under your login; therefore, you can disable access to all others. This will prevent other users from accessing sensitive information:

chmod 600 </path/to/magento/app/etc/*.xml>

Web-based software requirements

You may encounter web-based software that claims all file permissions must be set to 777, meaning the software has full read, write, and execute permissions for all files. This may be necessary for some directories, but is rarely the case for files. Permissions of 666, or read and write permissions for all, are adequate in these cases if more strict permissions cannot be set. In addition, the 777 permission sets the execute bit on files, though most web servers do not require them.

 
For 24-hour assistance any day of the year, contact our Support Team by email or through the Client Portal.
Article Rating (1 Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
 
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
How to improve Magento maintenance mode
Added on Mon, Feb 24, 2014
What is Magento?
Added on Thu, Sep 10, 2015
How to configure the Magento Product Importer (Magmi)
Added on Mon, Jan 26, 2015
How to disable maintenance mode in Magento
Added on Fri, Dec 15, 2017
How to optimize Magento performance
Added on Mon, Jul 29, 2013
How to install Magento CE v1.8 and later
Added on Thu, Mar 6, 2014
How to configure Magento to use your SSL certificate
Added on Mon, Feb 29, 2016
What is Varnish?
Added on Thu, Aug 28, 2014
How to enable the Magento profiler
Added on Thu, Feb 25, 2016
How to set the return-path email in Magento
Added on Thu, Oct 30, 2014