<strong>File system permissions</strong>

When installing Drupal and performing maintenance tasks, you are likely to encounter situations when you will need to grant write permissions for Drupal to certain files and/or directories. A typical case is the files storage directory (with any subdirectories if created separately), and for the initial installation, the sites/default directory.

There are also situations where you want to REMOVE write permissions, to avoid security risks. This is for example the sites/default directory and settings.php file AFTER the installation is done. It's a good idea to also remove write permissions to all the Drupal code.
<!--break-->
<strong>Modifying Linux/Unix file permissions</strong>

<a href="node/34023">Here</a> is a brief introduction to Unix file permissions.
Linux is currently the most common operating system used on web servers.

To change file/directory permissions, log in to the system, browse to the file/directory in question and change permissions. The exact method to do so depends on how the system is accessed:

<strong>From command line:<strong>

To GRANT write access:
<ol>
	<li>Browse to the parent directory using <code>cd [path]</code></li>
	<li>Change permissions using <code>chmod a+w [file-or-folder]</code></li>
</ol>

To REMOVE write access:
<ol>
	<li>Browse to the parent directory using <code>cd [path]</code></li>
	<li>Change permissions using <code>chmod a-w [file-or-folder]</code></li>
</ol>

<strong>Through an FTP client:</strong>

After connecting to the server and browsing to the parent directory, you usually need to right-click the file/directory and use some sort of "change permissions" option, depending on the exact application you're using.

<a href="node/78914">FTP uploads and file permissions using Transmit</a>


There are also other ways, such us simply using the desktop GUI on a test install, if available.

<strong>File ownership</strong>
You need to know, that each file/directory has it's owner. If you created the file yourself, you're the owner, and you can do virtually anything to the file, including change of permissions. Drupal, in the other hand, is an automated script acting on the system as "apache", "webserver" or some different identity, which is not the same as yours. So to allow Drupal to write, you need to grant write permissions to everyone, which can't be done by Drupal automatically. When removing the write permissions, it's only necessary to remove for everyone else; you may safely keep the write permissions for yourself, for the ease of further maintenance.

The same also works the other way: Any files created by Drupal (such as settings.php, or any uploaded and/or temporary files) are owned by the webserver process, and you may be unable to change/remove them if Drupal didn't give the permission. Sometimes it helps to manipulate the parent directory, but mostly such a case needs to remove the files as root user, if you have access to that. Otherwise, you might want to use some helper PHP scripts to execute the operation through PHP, and so from the webserver process perspective owning the file. To avoid security risks, don't forget to remove any such helper scripts immediately after use!

Which permissions?
You'll probably need to care only about write permissions, but to allow Drupal for searching a directory, you also need to grant 'execute' permission to it. You probably don't want to remove read permission anywhere.


<strong>Windows</strong>
[TODO]

<strong>MAC</strong>
[TODO]