Logo for the Grawlix CMS
Grawlix — The CMS for ComicsDocumentation

File permissions

Web hosts are big on security. Every file and folder in a web server has permissions, or settings that control who may edit, add to or delete files & folders.

The idea is to:

  • Keep other people out of your account (and you out of theirs)
  • Cut down on hack attacks from nefarious hackers (cut down, not eliminate)
  • Help organize files if more than one person has access to the same account (rare with web hosting, but not unheard of)

Why should you care? Because certain parts of the Grawlix CMS need special permissions to run properly.

For example, you use the Grawlix CMS's “bulk import” feature to upload many images at once. The folder into which those pics go needs permission to accept new images. After all, you don't want just anyone to add pages to your comic.

The Grawlix CMS makes its own folders and generally sets the correct permissions, but you may need to tweak settings. Here's how that works.

Ownership

In most cases, a file is owned by one of two people. You’re the first. I say “people,” but the other is a program called Apache.

Ownership gives the right to edit or delete a file. If you own a file, you can make any change you want, or replace it with a new file, or destroy it altogether.

Grawlix CMS ownership

Now, the Grawlix CMS owns what it gets via the admin panel. When you upload images through the panel, the Grawlix CMS assumes ownership of those images. That allows it to move the images around, create thumbnails, and replace the pics if necessary.

Your ownership

You own what you upload by FTP.

As we discussed, FTP is a means of copying files to another computer. To do that, you need to log in. The server then knows who you are and, when you upload files, acknowledges that you own what you upload. You’re the boss, boss.

That limits what the Grawlix CMS can do with the files, though, especially with graphics. The Grawlix CMS can make comic pages with graphics, no problem. But it can’t replace or delete an image that you own … at least, not without your permission.

Numbers

444, 766, 777 — all these numbers indicate different levels of security. The specifics aren’t important here — all you need to know is that every number has a different meaning, and you only need to care about a few of them.

Enough technotalk. Let’s think in comics.

  • 644: Anyone can read a comic book, but not dog-ear the pages. This is akin to a physical comic book in a world without scanners: Anyone can read a page set to 644, and even make their own fan art. But the original file is safely sealed away in a virtual, transparent bag. That means hackers can’t easily scrawl all over it with Sharpies for their own nefarious purpose. While traditionally it implies constricted consumption of media, 644 protects websites from outside interference.
  • 755: Someone can read and use, but not edit, a file marked 755. Anyone can read the page and someone with a scanner could edit a copy of the page to, say, add their own dialog. But they can’t change the original. You don’t want hackers editing your files, but 755 has its uses. Folders are best set to 755 so the Grawlix CMS can add images to them, for example. They could riff on it, though.
  • 777: Everyone and their dog (given access to the server) can edit or delete a file with a 777 permissions code. Malicious hackers, given enough time, can edit or delete a file set to 777. It’s dangerous, which is why we recommend only setting a file to 777 if a) it’s an image and b) you plan to import it immediately.

The big picture

Let’s wrap up permissions.

  1. “Ownership” of a file determines who can do what — notably edit, delete or replace it.
  2. Either you or the server own each file in your website.
  3. You generally own everything sent by FTP.
  4. The server owns everything sent by the admin panel.
  5. You can grant the server permission to edit/replace/delete a file.

In addition, the Grawlix CMS will warn you when it can’t get access to something it needs to. You can fix that through FTP, not the panel.