Warning: Incorrect file permissions!

Problem

Warning: Incorrect file.php file permissions! This warnings appear in your admin messages when AbanteCart's System Check is Enabled. To disable it go to the Admin > System > Settings > System.

Solution

Each file and directory on your server is assigned access rights for the owner of the file, the members of a group of related users, and everybody else. Rights can be assigned to read a file, to write a file, and to execute a file (i.e., run the file as a program). This is important because AbanteCart may need access to write to files to enable certain functions or disable access to write for the public users (world).

Note: If you installed AbanteCart yourself, you likely DO need to modify file permissions. Some files and directories should be "hardened" with stricter permissions, specifically, the /system/config.php and /index.php files. This file should be set with 644 or 640 permissions (444, or 400 depending on your server setup). See video how to check and change permissions AbanteCart system check


To change permissions use your hosting cPanel file-manager or an FTP Client. FTP programs ("clients") allow you to set permissions for files and directories on your remote host. This function is often called chmod (chmod is a unix command that means "change mode" on a file.) or set permissions in the program menu. Right-click 'file' and select 'File Permissions'  Permissions will be different from host to host, so this only general principles.


  7       5     5
 user   group  world
 r+w+x  r+x    r+x
 4+2+1  4+0+1  4+0+1  = 755
        
ValueMeaning

777

(rwxrwxrwx) No restrictions on permissions. Anybody may do anything. Generally not a desirable setting.

755

(rwxr-xr-x) The file's owner may read, write, and execute the file. All others may read and execute the file. This setting is common for programs that are used by all users.

700

(rwx------) The file's owner may read, write, and execute the file. Nobody else has any rights. This setting is useful for programs that only the owner may use and must be kept private from others.

666

(rw-rw-rw-) All users may read and write the file.

644

(rw-r--r--) The owner may read and write a file, while all others may only read the file. A common setting for data files that everybody may read, but only the owner may change.

600

(rw-------) The owner may read and write a file. All others have no rights. A common setting for data files that the owner wants to keep private.

Typically, all files should be owned by your user (FTP) account on your web server, and should be writable by that account. Any file that needs write access from AbanteCart should be owned or group-owned by the user account used by the AbanteCart (which may be different than the server account). For example, you may have a user account that lets you FTP files back and forth to your server, but your server itself may run using a separate user, in a separate user-group, such as Apache or nobody. If AbanteCart is running as the FTP account, that account needs to have write access, i.e., be the owner of the files, or belong to a group that has write access. In the latter case, that would mean permissions are set more permissively than default (for example, 775 rather than 755 for folders, and 664 instead of 644).

Use FTP client to change permissions or contact your host to solve this.