How should file permissions be set?


Dear everyone,
I have been searching this subject for a few days but could not get a straight forward answer.

While installation of OJS, the permission of config file, Public folder and chache folder is set to 777.
What should be the permission of these files/folders once the installation is complete.


Writable file and folders
Security issue: Hacking via submission in OJS 2.4.8
OJS 3.0.2 Installation problem
Upload problem OJS-2.4.8-1
Issues after update to ojs-3.0.2 (file upload, new submission not working)
OJS installation issue
Recommended Hosting Environment for OJS 3.0.2
Do not continue the registration of the newspaper
Question about permission of folders and files
PHP Errors: Uploading image.png
Submission of File failed HTTP Error
File/folder permissions OJS 3.02
OJS3 usageStats question
Having difficulty upgrading from 3.0.1 to 3.1.0-1
Cómo proteger OJS de hakeos
Problem in installing ojs-2.4.6
Author cannot upload their paper to ojs
Ojs2 has produced an error Message: USER WARNING: Smarty error: unable to read resource: "theme:public/common/header.tpl"
Problem in Ojs 3.0.0 installation
Errors on submission
OJS 3.0.2 Installation problem
DB Error: Unknown column 'context_id' in 'on clause'

There isn’t a straightforward answer because so much depends on your hosting environment. Start with your hosting provider’s documentation and support, or with your system administrator, and with the following instructions:

How to set your permissions

In general, you want your permissions set such that your webserver can read and write (recursively) to's files_dir, and to ./cache/, and ./public/. Optionally, for added features and reduced security, you can enable write to, to ./plugins/ and perhaps to the locale .xml files. Your webserver should have read-only access to all other files and directories distributed in the package.

How does Linux do this?

In Linux, permissions are based both on a numeric access control mode, and on file ownership. Understanding this permissions scheme is a prerequisite.

For example, ownership of apache:www with permissions of 750 (rwxr-x---) means that the apache user can read, write and execute; anyone with the www group can read or execute; and the file is protected against access by anyone else. Note that “execute” means two entirely different things for directories than for files!

An Example (for dedicated hosting):

Generally, the ownership of cache, public, and other web-writable directories should be your web user and the web-user’s primary group, for example apache:www-data. Permissions should probably be 750.

The ownership of the other non-web-writable directories should be your user, with either the web user’s group, or with public execute permissions. For example:
myuser:www-data with 750
myuser:ourgroup with 755.

Web-writable files would be the same, but without the execute permission:
apache:www-data with 640

Non-web-writable files would be perhaps:
myuser:www-data with 640
myuser:ourgroup with 644

But What About Shared Hosts?

With some shared hosts (for example, if your only access is via CPanel or a similar web-based admin tool), you may not have the ability to change the file ownership, and your webserver is effectively running as your user. In that case, you may still have the ability to protect your files by making them non-writable by your own user (even though this sounds counter-intuitive). In a shared host, you will almost certainly want to deny world permissions to your files, but look to the documentation and support for your host in particular.

File/folder permissions OJS 3.02
Plug-ins in OJS-2.4.8-1
OJS UPLOAD does not work
[OJS3.0] Unable to upload logo, no image from previous version, broken PDF link
Fatal error: Smarty error: unable to write to $compile_dir
Problem ojs 3.0.2 on centos7
Installing 3.0 file_put errors
File permissions if only FTP access
Author uploading file showing http error

Hi all,

See also the FAQ Entry in the wiki about file permissions.

Alec Smecher
Public Knowledge Project Team


Hello, Permission my directory sdh i replace 777 all … but still can not upload image or logo,
Please guide me




Hi @taufiq,

Note that 777 permissions can be useful for debugging, but they are never safe to use.

It’s likely that you’re running into a problem with OJS being unable to identify file types. Search the forum for the error message you received; there are lots of threads with suggestions on how to debug/fix.

Alec Smecher
Public Knowledge Project Team

Import xml out of memory