Once we upload website's files and directories to the online server, is there an easy way to remove all "write" permissions? So if a folder has 755 and we remove the write permission it should be 555; and most files will go from 644 to 444.

Is there an easy way to do this for all files and directories (except for the "Files" folder?)



VM’s picture

familiar with your environment's CLI?

calso000’s picture

Not really?

Is that like putty(?) or drush?

calso000’s picture

I have gone through a lot of these security review pages https://drupal.org/node/244924

Was still hoping for some confirmation as far as permissions go.

1) Should folders be set to 755 or 555?
2) Files be set to 644 or 444?
3) Make sure the settings.php is NOT readable?

Anything else?


VM’s picture

My default folder is 555
settings.php file is 444

both of which were set by drupal after installation. Whether those perms work for your environment, I can't say.

Everything else was left as they were when the archive was extracted. you can compare permissions with a new download; if necessary.

this should aid in a better understanding of how the rwx for U G & O are computed in a numeric value: http://www.draac.com/chmodchart.html

WorldFallz’s picture

Please don't post duplicate threads, I've deleted the dupe. Thanks.