File permission issues

File permission issues

It’s obvious for any website administrator that the first gate preventing a site from being hacked is a system of access rights granted to files and directories. If you assign 777 permissions, it may be fatal to your website since anyone may get an access to your folders. Our recommendation is to have only 755 permissions for the folders and 644 for the files since the lower the numbers, the higher your website security is. In other cases, you can get a misconfigured server assigning unpractical permissions, such as 600, to new directories and files, resulting in that you cannot access anew created or uploaded files from the web.

For most modern file systems the usual methods are administering permissions or giving an access rights to certain users or user groups on computer. Accessing files at the Joomla! website is possible in three ways: directly through your server, via special Joomla! extension or through FTP/SSH. All folders and files have permissions, or access rights, identifying which users can access the filesystem, read it or write. Sometimes it may happen that permission settings of your FTP client and web server conflict, and while attempting to install an extension from the backend you may receive the messages similar to following: Directory not writable: /administrator/templates/system/ or JFolder::create: Could not create directory or you cannot save theme settings.

Changing file permissions

To fix these problems, you should change the permission system of your files and folders.

Using a Joomla! extension to resolve permission issues

Fixing the problem through using an FTP client may change file ownership to the FTP user that may cause problems on some web servers. You can avoid it by using a Joomla! extension for changing the permission through the Joomla! administration, and the best way is to use Fix permission tool of Admin Tools. It serves for resolving the permissions problems and gives 755 access rights for each of your folders and 644 for all your files. This can work on Mac OS X, Solaris, Linux and other hosts based on UNIX Operating Systems and will not have an effect on any server running on Windows. If you share the host you may want to enable Joomla!'s FTP layer in the Global Configuration of your website. Admin Tools will detect that and when it finds out a component of the filesystem which permissions cannot be updated by PHP it will use FTP to do this.

  1. Download and install the Joomla! extension Admin Tools
  2. Select the Admin Tools component and click on Fix Permissions tool.
  3. The "Fixing Permissions..." pop-up window will appear, and you will see the progress bar filling up as Admin Tools is changing the access rights for your folders and files.
  4. When the process is finished, the progress bar will fill up and the page title will change to "Finished fixing permissions”.

Using your FTP client

  1. Open your FTP client. If you don't have any, download and install FileZilla.
  2. Use your FTP client to login to your web server and browse to your webroot directory.
  3. Right click on the directory which access rights you want to change and click File Permissions.
  4. The Change File Attributes dialog enables you check different options or type in a numeric value, e.g. 755. Keep in mind that the Recurse into subdirectories option should also be checked. Then select OK.

A screen like this may well appear. It’s better to avoid 777 permissions meaning anyone can do anything to your folders. You can try to set 755 permissions though you may need some checkings since all servers are setup in a different way. After changes are done and "Change Permission" is clicked, select Administrator / Help / System Info, then go to Directory Permissions and check whether red "Unwritable" has changed to the green "Writable" or not.

Why I don’t see any permission changes done on my website?

The ownership issue is the reason: if your website is on a host not running suPHP, then your directories may have ownership different from that one the server is running under. To resolve the problem you should put FTP details on your website’s Global Configuration page and enable Joomla!’s FTP option. Admin Tools will pick it up at your next attempt to fix the permission system and will automatically choose the FTP mode when it’s not allowed to change the permissions directly.