# What permissions should my website files/folders have on a Linux webserver? On a Linux web server, setting the correct permissions for website files and folders is crucial for security and functionality. Here are general recommendations for permissions on website files and folders: ### Folder Permissions: - Root Folder (`/var/www/html` or similar): - The root folder of your website should have permissions set to `755` (`drwxr-xr-x`). - The owner should typically be the web server user (e.g., `www-data` for Apache). - Subfolders and Files: - Folders inside the root should generally have permissions set to `755` (`drwxr-xr-x`). - Files within the folders should have permissions set to `644` (`rw-r--r--`). ### Special Folders: - Upload Folders: - Folders where users can upload files should have stricter permissions, typically `755` for folders and `644` for files. - Ensure the uploaded files cannot be executed (e.g., PHP files) if it's not intended. - Config Files: - Configuration files that contain sensitive information (database passwords, API keys, etc.) should have limited access. - Set permissions to `600` (`rw-------`) or `640` (`rw-r-----`), limiting access to the owner and specific groups that need access. ### Ownership: - Ownership should typically be set to: - User: The user that the web server runs as (e.g., `www-data` for Apache). - Group: The group that the web server belongs to (also often `www-data` for Apache). ### Additional Tips: - Avoid setting global write permissions if not necessary: - Giving write permissions to everyone (`777`) can pose security risks. - Limit write access to specific folders where necessary. - Use `chown` and `chmod` commands: - Use these commands in the terminal to change ownership and permissions of files and directories. - For example: - `sudo chown -R www-data:www-data /var/www/html` - `sudo chmod -R 755 /var/www/html` - Consider SELinux or AppArmor: - Security-Enhanced Linux (SELinux) or AppArmor can add an extra layer of security by defining policies that control access based on the defined security contexts. It's important to find the right balance between security and functionality when setting file and folder permissions. Regularly review and update permissions to ensure your website remains secure. Be cautious with granting excessive permissions, especially to files that handle sensitive data or execute server-side code.