How to Set Up Unix File Permissions for Magento

A compromised web server can allow hackers easy access to thousands of credit card numbers before the security breach is even noticed so setting up unix file permissions securely is very important.

Magento is an open source ecommerce platform. Though it is a user-friendly content management system (CMS) for web stores, there are common errors that can be made when initially setting up the site.

Have you seen this error message during the installation of Magento?

Fatal error: Call to a member function children() on a non-object

The most common reason for this error message is that the Magento installation script is trying to access other scripts which are in a directory that is unreadable by your web server. You might have better luck using the tar.gz archived version of Magento (you can download from Magentocommerce.com). Tar archives are normally preset with the permissions of the person who archived them (in this case, a Magento developer). If you are using a Magento friendly hosting company, you should be able to simply upload the compressed tar.gz file and uncompress it on the server side. And the permissions will already be properly set.

With that said, it is still a good idea to be familiar with setting permissions manually, especially if you run your own dedicated web server.

Manually Setting the File and Directory Permissions:

  1. First, check that all of your Magento directories are readable and executable by your web server’s user. Normally the web server runs as “apache” (running the server as user “nobody” is NOT recommended for security reasons).
  2. Try to limit permissions to only your ftp/shell username and the web server. You can do this by changing the owner of files to their ftp/shell username and set the group to the web server’s group.
    chown -r yourname:apache /your/magento
  3. Make files (not directories) readable by your web server:
    find /your/magento -type f -exec chmod 640 {} ;
  4. Set the file permissions for Magento directories to readable and executable:
    find /your/magento -type d -exec chmod 750 {} ;
  5. Lastly, set the permissions for directories that need to be writable and executable:
    chmod 770 /your/magento/app/etc
    chmod 770 /your/magento/var
    chmod 770 /your/magento/var/cache
    chmod 770 /your/magento/media
    chmod 770 /your/magento/media/downloadable
    chmod 770 /your/magento/media/import

Take Security Seriously

Setting up and running an e-commerce web server securely is extremely important because of the nature of the website. A compromised web server can allow hackers easy access to thousands of credit card numbers before the security breach is even noticed. If you are unsure about security, it is recommended that you use a scalable e-commerce service or that you hire an experienced and trusted Magento developer.

Need help setting up your site on Magento? Find out if Magento is right for your ecommerce website. Contact the web developers at TheeDigital in Raleigh, NC at 919-341-8901 or schedule a consultation.

Sign Up for Newsletters

Be the first to receive the latest industry news and exclusive invitations to TheeDigital events.

  • This field is for validation purposes and should be left unchanged.