Permissions during installation and later

Preface: I am a graphic artist, not a programmer, so bear with me.

In the Installation instructions at
we are told to change permissions on files/, config/, packages/ and updates/ to to be writable by the web server process.
I am assuming this means to change these directories through the web hosting file manager (in my case, Plesk) or through a web client like Filezilla, to 777.

After successful installation, all these directories should be changed back to 755. Any further restrictions on access can be applied through C5's own permissions in the dashboard.

Is this correct? There seems to still be confusion, from trying to research this question on my own.
After the site is installed and in development, all directories at 755.
After deployment, the directories can stay at 755?

I know this isn't clear for all web hosting situations, but at least the ones with directory permissions available to the client, is this correct?

Thanks for any help. A simple "Yep" will suffice.

View Replies:
exchangecore replied on at Permalink Reply
Honestly.... I'm afraid I'll have to give you the universal and much hated answer of "It Depends".

If your website php processes are running as the user, then 755 would be plenty.

If however, your website php processes are running as a user in the "group" that is getting assigned to your files, then you will need to use 775 at a minimum.

Finally, in the cases where your php processes are running as a user account that run as neither the user themselves or a user in the group assigned, then you will need to leave these at 777.

Some information about these directories:
- Files are where all uploaded files end up as well as cache and temporary files
- Config is where your site configuration is. I don't think new files are normally added here after the installation, but the files inside of the directory certainly need to be editable as they can be changed during concrete5 upgrades.
- Packages is where any marketplace add-on's you install will be placed
- Updates is where Concrete5 updates go, so if you ever want to upgrade this needs to be writable

If you're testing locally, I wouldn't even worry about changing the permissions. If you're running on a shared hosting environment, you should contact your web host and ask them what the most appropriate permissions would be for a writable directory.
arlenesey replied on at Permalink Reply