I have a basic shared hosting account. The permissions for the public_HTML directory are set by default to 750. My question is why doesn’t the world need to have execute or read permission? Why is the world able to see any of my site if the entire public_HTML offers them no permissions?
I know that some different hosting companies have setups that default to 755 permission for public_HTML, which would make more sense to me. Why are some configurations able to work with 750 permission while others need 755?
Also, why do either the group or the world need to have read permission for public_HTML? Seems to me they should really only need either a 710 or 711. Or would that have consequences I’m not aware of?
Tried searching around for answers, but really couldn’t find anything specifically on this. Just trying to learn about how things fit together and I’d appreciate any information you have to offer.
The term ‘world’ is a bit confusing in this context. A better term here would be ‘everyone else’.
So you have the permissions of the user, permissions of the group, and permissions of everyone else, being anyone that’s not the owner nor in the group. To make it easier to talk about this it’s colloquial to refer to the last bit as world permissions, but that shouldn’t be confused with how the “world” can access your website.
In fact, people browsing your website aren’t browsing your files directly, but they’re accessing the webserver, which in turn will access your files.
From your permissions I assume you are the owner of the directory, and the group the directory is set to is that of the webserver (apache, probably). That way, you can read/write all files, and the webserver can read them, but it can’t write to/delete them.
On hosts running 755 it’s probably the case that the group of the public_html directory isn’t set to the webserver, so the webserver has to read the directory as “anyone else”.
My preference goes out to 750.
Thank you for your reply! What you said makes a lot of sense. But there’s still a part that I’m not getting. My public_HTML is set to 750 as I said, and everything in it is readable to a visitor to my site (not world, I get that part), presumably because my server is part of the group and is able to read and serve content to them. But if I have a folder located inside public_HTML that is set to 750, I get a 403 if I try to access it. Why the difference there?
Also, do you know of any issues that might arise if I were to set public_HTML to 710? Everything seems to work fine if I change it to that.
Thanks again for your help, it is much appreciated!
I’m guessing that any directory you create is group-owned by you, so the webserver can’t read it. Do you have ssh access to the server so you could check?
Weird, it shouldn’t be able to. Maybe your host is using ACL? Maybe you could ask them how they set things up?
Unfortunately, I don’t have SSH access. I don’t know much about ACL either, sorry. But I am in the middle of emailing back and forth with my provider, so if they give me an interesting answer I’ll let you know. Thanks again!
ScallioXTX, I heard back from my provider and you were correct; this is due to the fact that public_HTML is owned by the user: “nobody” and directories I create are not owned by “nobody,” they are owned by user: “user.” Since Apache is part of the “nobody” group, it only needs group permissions when accessing public_HTML, but needs “other” permissions when accessing directories I create. Thanks again for your replies.