Sensible file and directory permissions for production Magento stores

A question I see often on Magento forums is “what are sensible file/directory permissions for my Magento installation?”, so what follows is a (rough) guide to best practice.

As with everything “open source”, this is subject to change and update, and requires at least a basic knowledge of file permissions (see this article on tuxfiles.org) and

So, here is a (rough) guide to the correct permissions for your Magento installations files and directories.

Safe defaults for Magento file permissions

By default, sensible Magento file permissions seem to be:

  1. 755 for directories – this essentially provides ‘read’ and ‘execute’ rights to everyone, but ‘write’ access to the Owner only
  2. 644 for files – this provides full ‘read’ permissions, but only ‘write’ permissions for the Owner

The obvious exception to this is Magento’s /var/ directory which needs full ‘read’/’write’/’execute’ permissions (777) for normal operation, as this is where Magento writes error logs, etc.

(And, of course, we don’t take any responsibility for you using the advice in this post: every website/server provider is different.)

Permissions for Magento Connect Manager installations

If you use the Magento Connect Manager to install extensions with the key provided at magentocommerce.com, you will need to set the permissions of your Magento directory to 777 (or 0777 depending on your server set up). This provides the full read/write access that Magento Connect Manager (reached at System > Magento Connect > Magento Connect Manager) requires to run installations and updates on your behalf.

You should then reset the file permissions to prevent global writing after using the Download Manager to the guidelines above.

Have you got more specific advice on Magento file permissions? Or do you need help and support with your Magento store? Leave a comment below!