Linux File Permissions, FTP Servers and FTP Clients

FileZilla - file permissions The default file permissions for Linux are 755 for directories and 644 for files within directories, which aren’t directories themselves. Basically, it means directories and files can only be written by the user and the group but they can be read by anyone.

Not all Linux applications use the defaults. Some are more restrictive, like when applications create log files. In those cases, usually the user can read and write and the group can read and that’s about it.

File Permissions and Websites

Within the directory structure of a website, the files are usually owned by either the web server or the scripting application. Sometimes the user is “adm”, sometimes “nobody” and sometimes “www-data”. Any of these things can be changed by a server administrator. The key thing to remember with any website application using PHP is that the user has to be the PHP user. The group can be anything.

The output of the “ls -al” command is best explained like this:

-rwxrw-r--    10    root   root 2048    Jan 13 07:11 afile.exe
?UUUGGGOOOS   00  UUUUUU GGGGGG ####    ^-- date stamp and file name are obvious
^ ^  ^  ^ ^    ^      ^      ^    ^
| |  |  | |    |      |      |    \--- File Size
| |  |  | |    |      |      \-------- Group Name (such as Users, Administrators, etc.)
| |  |  | |    |      \--------------- Owner Name
| |  |  | |    \---------------------- Link count (what makes up a "link" here varies)
| |  |  | \--------------------------- Alternative Access (blank means none defined, anything else varies)
| \--\--\----------------------------- Read, Write and Special access modes for [U]ser, [G]roup, and [O]thers
\------------------------------------- File type flag

You can change the default file permissions (“chmod”) from 755 and 644 to 775 and 664, respectively for certain use cases. If you want your FTP user to be able to write to a directory or change an existing file, you’ll have to assign your FTP user to a group and then “chown” the directories and files to the user and group.

The easiest way to do that is to change the parent directory file permissions from the directory above it and then the file ownership:

chmod 775 directory
chown -R www-data:your-user-name directory

Then move to that directory and use these commands:

find -type d -exec chmod 775 {} \;
find -type f -exec chmod 664 {} \;

In extreme cases, you can assign a password to “www-data” and then use that user name as your FTP user. I don’t recommend doing it because it opens up yet another avenue of attack from the outside. A really strong password can mitigate that somewhat, but it’s better to just leave it alone.

Using FTP

I shouldn’t have to tell you that using plain FTP is a bad idea. It sends user names and passwords in the clear. The best thing to do is to use one of the other secure FTP options. I prefer FileZilla as my FTP client because it works well on both Windows and Linux. I prefer vsftpd as my FTP server on Linux. I use the FTPES mode on FileZilla (require explicit FTP over TLS) and it’s just as fast as plain FTP. SFTP is a way of using FTP through SSH but it’s really slow. I don’t recommend using it unless you don’t want to run a dedicated FTP server for some reason.

If you’ve assigned file permissions and ownership correctly, you should be able to use your FTP client without any problems. Some applications set file permissions and while they can’t set anything less restrictive, they can always set something more restrictive. If that happens to files you need FTP access to, then you’ll have to go in through SSH and change the file permissions manually.

Relaxed File Permissions

Some people set file permissions to 777 for everything they need access to. It’s a dangerous way of doing things, but it can be a huge time saver when you’re doing a lot of work. Never do this on shared hosting or any server where you’re sharing access with anyone else. If you set things up this way, even temporarily, make sure you set them back to the defaults when you’re done.

If you’re running Linux on your personal computer and no one else uses it, you don’t have to worry about relaxed permissions. This is me. I could set every permission to 777 and it wouldn’t change a thing because no one around me has a clue about any of this. Of course, I won’t do that because I also use this PC for web development and I need it to behave as much like a real server as possible.

Share this: