Joomla is an open source software package utilized by thousands of development teams across the world.
It is also used by novices such as small businesses with DYI flair. The attraction is its capacity and ease of use. However, when things go wrong noobs spend many hours searching forums to find the root cause. And one of the biggest problems is file permissions.
This article covers a non-technical overview of file permissions.
Before we look further it's important to have a brief understanding of how file permissions work.
File permissions in a nutshell manage who can do what to which file. This can be controlled in both c-panel and Joomla front end.
In the c-panel you have three levels of permissions. Read, Write, and Execute.
In Joomla you have three default permission groups. Owner, Group and Other.
By changing the group access to the images folder in the c-panel you can restrict access by group.
For example you can limit non-owner groups to view only access. Alternately if you would like to give your users the ability to download / upload images you can afford them write access to your images folder.
For help on how to change file permissions start by logging in to your cPanel.
Find File Manager and then click on the name of the file that you would like to change the permission. Looking at the top right of the page select the Change Permissions link.
Your options are reasonably straight forward however here is a brief explanation.
Read, Write & Execute
Read & Write
Read & Execute
Most applications require this setting
Write & Execute
Once this is done select the permission you would like to apply to the file then click Change Permissions.
To see how this change affects Joomla go to the administrator control panel and login. For Joomla 2.5 users Go to Site >> Global Configuration >> Permissions.
Here you can see a list of your websites folders and the permission you have been given to access them.
It is vital to set the right file access to avoid major security breaches.
For a moment imagine accidentally giving read access to your payment folder or your client database. This would allow third parties to view confidential information and leave you open to liability and damages claims. In addition to breaching merchant agreements and facing hefty compliance fines if payment data is involved.
It's also worth noting that incorrectly set file permissions are behind the majority of data breaches.
File permissions are a nightmare for new Joomla users to understand but given that 60% of websites will be targeted by a security attack it makes sense to not make it easy.
It is also worth noting that it is more challenging to understand the impact your changes will have on the programs that use the file then to change the permission.
If you are still learning I recommend you only make the required changes to allow for function.
This avoids the majority of unexpected errors and keeps you and your customers happy.