In this article we will review the permissions that your files and directories should be set too, setting the permissions to anything other than mentioned below can cause your website to not function correctly.
We do offer a tool in our https://members.panthur.com.au/ that will automatically reset the permissions of all files and directories to 644 for files and 755 for directories.
Files should always be uploaded and set to permissions 644. There are however a few exceptions where for security purposes it is recommended to set different permissions:
PHP files that that contain sensitive information, for example configuration files containing database usernames or passwords (eg. wp-config.php). Configuration files should be set to permissions 600 as they don't need to be executed.
Scripts that are run from the shell command line or crontab, such files should be set to permissions 700 because they are actually being executed directly by your linux user account.
Scripts that are run from the cgi-bin or other directory as a CGI script should have permissions 755 because they have to be executable by the nobody account which apache uses to access your files before serving them to the web.
For the htaccess file it is a more secure solution to set its permissions to read only 444. This offers more protection against some simple file injection attacks.
Whenever you upload files using cPanel File Manager files will be set with permissions 644 automatically. Also unless otherwise configured your FTP software will also set permissions 644 to newly uploaded files.
Directories should always be uploaded and set to permissions 755.
Whenever you upload files using cPanel File Manager directories will be set with permissions 755 automatically. Also unless otherwise configured your FTP software will also set permissions 755 to newly uploaded directories.
PHP web applications
You may have noticed that some PHP web applications say that they need custom permissions such as directories with permissions set to 777, this is not necessary and is bound to cause security issues.
Due to how LiteSpeed serves PHP files, the files served under your account only need to granted read and write permissions to the owner.