Minimum Level of Permissions

Hi All,

We need to change files/folders permissions to the minimum desired level for Cs-Cart.By doing this we’re trying to avoid from hacking attempts.

As we learned, permissions should be at minimum{after installation} :

.htaccess, config.php , config.local.php >444

.htpasswd and all other root files >644


all other directories,folders>644

Anything wrong in this list? If yes,can you publish right permissions with us?

Thank you,

All of this depends on your server environment.

You can go with 600 and 700 if your FTP account and the user that runs as PHP are the same.

No directory should be 6** anything. Always 7** something. The :“execute bit” of a directory allows a process/user to read the directory contents versus the individual files within it (and for a regular file - whether it is executable or not).

[quote name=‘tbirnseth’]All of this depends on your server environment.

You can go with 600 and 700 if your FTP account and the user that runs as PHP are the same.[/QUOTE]

Can you give some more details about this part? I didn’t get it exactly.

And,what is your permissions on your server running cs-cart? Directories 700 or 755.Except catalog ,images,skins,var the others can be 700? Pls publish your file/folder permissions.

Thank you,


I think permission can be changed according to the hosting system.Our hosting is Siteground Shared Hosting right now.As I know,they’re using Linux-Running PHP as an Apache.

Thank you,

To learn more about Unix/Linux file permissions, go Google them. I can’t provide you a tutornial here.

PHP and Apache run in different “modes” on different hosting companies. Contact your hosting provider to find out what the most secure permission you can use are for directories and php files. Assume that the tpl files will be the same as php files.

I always do Google before opening a thread.I don’t ask for any help from someone before investigation.

Also,I didn’t ask for any tutorial,I just asked for your configuration.Sorry to take people’s time,can anyone reply to me are that these configurations are OK?

Linux-Apache(Siteground Shared Hosting)

755 - addons

777 - catalog - If used (755 if not)

755 - classes

755 - core

777 - images - If used (755 if images stored in database) - same with sub directories.( Files inside this directory should be 644)

755 - include

755 - payments

755 - shippings

777 - skins - Same with sub directories and files - (Delete unused skins)

755 - targets

777 - var

777 - / compiled - Same with sub directories.

777 - / database - If used (755 if not)

777 - / lh_uploads - If used (755 if not)

777 - / downloads - If used (755 if not)

777 - / log - If Logging is enabled (755 if not)

755 - / skins_repository - Same with all sub directories. Files inside should be 644 (Delete unused skins)

config.php - 777 during install then reverted to 644 after

All other files should be 644

Siteground advised me to apply 755 permission to all directories&files,it seems not correct to me,

Thank you,

*Can anyone reply to me,are these configurations OK?

As Tony said…it depends on your server. All my permissions are set as follows:

Folders/directories - 755

.php files - 600

All other files - 644