Change Drupal Folder and File Permissions


Sometimes when you’re trying to modify files or folders on your Drupal site, you’ll be faced with error messages that will look like this:

“553 Can’t open that file: permission denied”

One of our students wanted to know why they were getting this message about being denied.

What are permissions and how can you fix this problem? Read on …

Explaining Permissions


There are 3 groups, self, group and public and three permissions you can give them: read, write and execute. Here’s what they mean:

  • Self: That’s you. When you access your site with username and password, you’re connected as the user.
  • Group: That’s you, too. And maybe others. If your site can be accessed with more than one username and password set, then those sets are also part of the group.
  • Public: That’s everybody else. You want to be very careful about the permissions you give them.
  • Read: the ability to read a file.
  • Write: the ability to modify a file.
  • Execute: the ability to execute a file.

There’s one final thing you need to know. Those permissions are sometimes given numbers:

  • Read: 4
  • Write: 2
  • Execute: 1

They are also added up. So, if the “Self” has permissions of 7, that means they can Read, Write and Execute. If “Public” has permissions of 4, they can only Read.

Drupal and file and folder permissions

To find out more a how file and folder permissions impact Drupal, click here to read the permissions documentation on

How to change your permissions

In this example, I’m going to use CPanel as it is a control panel provided by default by many hosting companies.

However, you just need a way to access your files. You could use another hosting control panel or FTP software such as Filezilla.


Viewing your files

Inside CPanel I’m going to click on “File Manager” which will allow me to access your files. Here is what your Drupal site files will look like:


Change permissions

  • Select the file or folder whose permissions you want to change.
  • Click Change permissions.
  • You may well see a screen like the one below. Enter the settings you need.
  • Click Change Permissions.

777 spells danger

The one permission setting to always avoid is 777 because that means anyone can do anything to your folders!

The lower the numbers, the safer your site will be. A good setting to try here will be 755 but you may need to experiment because all servers are setup differently.


  • Steve Burge

    Steve is the founder of OSTraining. Originally from the UK, he now lives in Sarasota in the USA. Steve's work straddles the line between teaching and web development.

0 0 votes
Article Rating
Notify of

1 Comment
Newest Most Voted
Inline Feedbacks
View all comments
11 years ago

I wonder in a Linux Apache environment, What’s the appropriate/common folders’ permission for the following folders and files in Drupal 6/7

1) sites\default

I noticed there’s site using ‘555’, more secure?

2) sites\default\settings.php -‘644’ or lower ?

3) sites\default\files

4) All the folders in sites\default\files, seems all the folders inside “files” folder need to be set to “777” in order to make the image uploadable or writeable. But is this secure?

Please advise. Thanks.

Would love your thoughts, please comment.x