How to set File Permissions For Drupal and Linux

knooq-howto.png

Setting file permissions in Drupal is an important aspect of the setup process when building a Drupal based website.  One of the first requirements you will come accross is the setup of the database and its password. This requires the 'settings.php' file to be writeable by Drupal during the first run of the install script 'install.php'.

This process enables the content management system ("CMS") to input the MYSQL database name and password into the settings.php file for future access to the database.

Getting Started

Before this is done you will need to make the 'settings.php' file writeable, and change it back after setup is complete. To do this, you need to know a bit about permissions.

There are a variety of ways to set permissions on system files and folders, some are only available if you have access to the server such as on a Virtual Private Server ("VPS"). This blog tutorial will concentrate on setting permissions from the server side.

For those on shared hosting, we will explain in another blog post how to set permissions using an FTP client, such as Filezilla for example. For a VPS there are a couple of ways to set permissions. However, by far the easiest to understand is the numerical permissions representation. This is the way we set permissions here at Knooq .  This method is Linux specific rather than specific to Drupal, so you may use it to set permissions for other files and folders on your Linux Server or Linux Desktop.

This permissioning system equates the privileges of 'Read' (r), 'Write' (w) and 'Execute' (x) with the numbers 4, 2 and 1 respectively.  So we have a small numerical permissions matrix as follows:

Numerical Permissions Representation
 Read (r)Write (w)Execute (x)Total
 User 4 2 17
 Group 4 2 17
 Others 4 2 17

You can probably guess from the table above, that the 'User' is the current user where drupal is installed, i.e. the current Linux user.  The group relates to the Linux group which, for server setup is normally 'www-data'.  'Others' is what it suggests, those outside of 'User' and 'Group', so you should be careful with this setting, as it is the one likely to cause a lack of protection to your website and drupal folders.  In general, it's a bad idea  to allocate the number 7 permission to 'Others' unless absolutely necessary, and you shouldn't need to do so when designing a website in any event.  The exception is on a temporary basis for drupal installation.

Installation

Normally, the default installation of Drupal has the permissions for the 'default.settings.php' file set as 644 which can be seen represented in the matrix as follows: 

Default Permissions Representation - File: default.settings.php
 Read (r)Write (w)Execute (x)Total
 User 4 2 -6
 Group 4 - -4
 Others 4 - -4

To setup drupal you need to copy 'default.settings.php' to 'settings.php' using the following commands on your linux VPS:

cp default.settings.php settings.php

Then you can change the permissions to make the file writeable by the drupal installer as follows:

chmod 777 settings.php

Now when you run the 'install.php' script Drupal will be able to write to the file.  This setup takes just a few minutes and as this is an important file, you should change the permissions back straightaway.

To change back, just repeat the command with the new permissions, as follows:

chmod 440  settings.php 

The generally recommended permissions settings for various drupal files and directories are as follows:

Generally Recommended Permissions for Drupal Files and Folders
drupal/sites/default750
drupal/sites/default/files (including sub folders & files)755 or 770 *
drupal/sites/default/settings.php 400 or 440 *
drupal/sites/default/default.settings.php400 or 440 *
drupal/sites/all/themes (including sub folders & files) 755
drupal/sites/all/modules (including sub folders & files)755

  * depends on system setup. Some extra modules and/or server rules may require different permissions.

Go to '/admin/reports/status' where it will tell you whether the system is set up properly, and whether 'settings.php' is protected or not.

Setting Permissions Recursively

To set the permissions for a folder, its sub-folders and files you can use the following command:

chmod -R 440 myfolder (or another numerical permissions value that you require)

However be careful with this, as you should know what permissions the files inside the folder need.  As seen above, the 'settings.php' file is inside the 'drupal/sites/default' folder but it has more restrictive permissions than its parent folder.

Dealing with permissions is one of the areas that can lead to a lot of problems so make sure you are certain as to the effect of any changes.

Other Setup Information

Along with changing file permissions, there is sometimes the need to change the ownership of certain files and folders. We've put together another blog tutorial covering common aspects of changing file and folder ownership in Drupal and Linux.

Home Blogs knooq.com's blog