File and directory permissions, together with their ownership, control which system process can read and write to them. Having too open permissions such as 0777 is especially problematic on shared hosting as it may result in a compromised third party site being able to write to your site's files, therefore compromising your site as well. Ideally, files should have 0644 permissions whereas folders should have 0755. Files and folders with too open permissions need to be rectified.
In other occasions, we have all run across a misconfigured server which gives newly created files and directories impractical permissions, like 0600. This has the immediate effect that newly uploaded or created files are not accessible from the web. Fixing those permissions is a tedious process, hunting down the files with FTP and changing their permissions manually. Ever so often this becomes so tedious that we are tempted to just give 0777 permissions to everything and get done with it. That's a big mistake.
The solution to those permissions problems is the Fix permissions tool of Admin Tools. It lets you apply the same permissions to all files and folders (by default and recommended: 0644 for files, 0755 for directories). If you have some special files and folders which need different permissions you can set their special permissions individually.
Obviously, this only has effect on Linux, macOS and UNIX-based Operating Systems, i.e. everything except servers running on Windows. The files need to be owned by the same user or group your web server is running under. Please note that file ownership cannot be modified and permissions of files and folders with the wrong ownership can also not be modified since Joomla 4.0 and later no longer include an option to set up and use the FTP layer. You need to have decent hosting, set up by competent people, to use Joomla 4 and later.
Note | |
---|---|
You can customize the permissions per folder and file using the Permissions Configuration page. |
Warning | |
---|---|
It is possible that —if you select the wrong kind of permissions in the Permissions Configuration page— you will be locked out of your site and will not be able to access it over FTP or your hosting panel's file manager. If this happens, please contact your host and ask them to fix the permissions of your site. |
When you click on the Fix Permissions tool you are going to see the "Fixing Permissions..." pop-up window with a progress bar filling up as Admin Tools is changing the permissions of all your directories and files.
When it's over the progress bar will fill up and the title of the page changes to "Finished fixing permissions":
Finishing fixing permissions
Just click on the
button to return the the Control Panel page.It's a matter of ownership. You are on a host where your files and directories are owned by a different user than the one the web server is running under. In the past, this could be overcome by using Joomla's FTP layer. Joomla 4.0 and later no longer include the FTP layer feature for security reasons.
You will need to ask your host to set up their server to use PHP under FastCGI or FastCGI Process Manager (PHP-FPM), with PHP running as the same user as your site's owner user. This is a standard way to configure PHP and is, in fact, the recommended way to run PHP since 2010 since it's also the most secure way to run PHP. If you find yourself using a host which declines to do that it's a good idea looking for a better host.
By default, Admin Tools is configured to apply 0755 permissions to all of your directories and 0644 permissions to all of your files. However, this isn't always desirable. Sometimes you want to make configuration files read-only (0400 or similar permissions) or give a directory wide-open (0777) permissions as a temporary workaround for some extensions if you're using a misconfigured host. For example, Akeeba Backup needs to append to its log and backup archives. If your host is misconfigured you may have to use 0777 permissions to Akeeba Backup's output directory. Since that directory is not web accessible — it's either outside the site's root or has a .htaccess file to prevent direct access to its contents — this is one of the few cases where 0777 permissions may be used, more or less safely.
You can configure the default permissions and per-directory and per-file permissions using the
button in the component's control panel.Configuring the permissions
When you launch this feature you see a page split in three sections.
The top section, titled Default permissions, allows you to configure the permissions which will be applied if nothing different is configured. Use the drop-down lists to select the default permissions for directories and files (the default setting is 755 and 644 respectively), then use the button to apply the setting.
The option Apply to dot (hidden) files controls whether the default permissions will be applied to files and directories whose name starts with a dot also known as “dot-files”. On Linux and other UNIX-compatible Operating Systems dot-files are hidden from directory listings by default. Hosts use such files and folders to store hosting-specific information, e.g. which FTP users have access to the site. Typically, these files and folders should NOT have their permissions altered, therefore it's generally recommended to leave this option turned off.
The middle section (“breadcrumbs”) shows the path to the currently selected directory and allows you to quickly navigate through the folders by clicking on their names.
The bottom section is split in two panes, Folders and Files. Each pane lists the folders and files inside the current directory. Clicking on the name of a folder will navigate inside that folder. There are three columns next to each folder. The first displays the current owner (user:group format). The second displays the current permissions of that directory in the file system. The final column contains is a drop down list. The default setting, represented by dashes, means that there is no specific preference for this folder/file and the default permissions will be applied to it. If you select a customized permissions setting remember to click the button before navigating to another folder or returning to the control page, otherwise your settings will be lost.
Important | |
---|---|
None of these customized permission settings are applied immediately. You will need to launch the feature for them to be applied. Click on the button to return to the Control Panel page where you can find this button. |
Alternatively, you can click on the
button to immediately save and apply all custom permissions you see on this page. If you don't see the permission changing, please take a look at the previous section for more information on why this might have happened and what you need to do.