Title: File Permissions for Plugin Last modified: August 19, 2016 --- # File Permissions for Plugin * [ddach69](https://wordpress.org/support/users/ddach69/) * (@ddach69) * [15 years, 6 months ago](https://wordpress.org/support/topic/file-permissions-for-plugin/) * Hello All, * Today I installed & set up the “XML Sitemap Generator” plugin. I’m having an issue with file permissions…the plugin needs to write to the following files: sitemap.xml sitemap.xml.gz * Here’s my question: The strictest file permissions I’m able to make it work with are 646. If it’s not world-writeable, then I get an error from the plugin saying it’s not able to write to the files. Is having my file permissions @ 646 for those two files something I should be concerned about security-wise? * Thanks in advance! Viewing 8 replies - 1 through 8 (of 8 total) * [webjunk](https://wordpress.org/support/users/webjunk/) * (@webjunk) * [15 years, 6 months ago](https://wordpress.org/support/topic/file-permissions-for-plugin/#post-1762099) * You should be able to do 644 which is fine. The last byte is for Everyone. 4 is read privledge. making it 6 is Read + Execute and there is nothing to execute. * Thread Starter [ddach69](https://wordpress.org/support/users/ddach69/) * (@ddach69) * [15 years, 6 months ago](https://wordpress.org/support/topic/file-permissions-for-plugin/#post-1762140) * Thanks for the reply, webjunk… * According to my FTP client, 646 is: User: Read/Write Group: Read World: Read/ Write * I have tried all combinations, and only 646 works with the plugin…The question is: Is using 646 for those two files a serious security risk? * [webjunk](https://wordpress.org/support/users/webjunk/) * (@webjunk) * [15 years, 6 months ago](https://wordpress.org/support/topic/file-permissions-for-plugin/#post-1762155) * WOuld contact your host. Should not be world writable. Sounds like there is something wrong with ownership of the files. * Thread Starter [ddach69](https://wordpress.org/support/users/ddach69/) * (@ddach69) * [15 years, 6 months ago](https://wordpress.org/support/topic/file-permissions-for-plugin/#post-1762175) * Webjunk: * I got the following reply from my host, does their reply seem sound to you? * The files that you mentioned are owned by your username, and by default they would only be writable by your username. WordPress (or PHP in general) will not write to files as your username by default. PHP will write to files using the username nobody. The username nobody is not able to write to files owned by your username, and vice versa. * One way around that is to make your files world writable, but that is insecure as you mentioned and should be avoided. A better option would be to instruct PHP to write to files as your username, instead of the username nobody. That would allow you to set permissions so that only your username can write to your files, and PHP can still write to them too. That is done using php-cgiwrap, which is explained here: * [http://kb.pair.com/f25](http://kb.pair.com/f25) * [webjunk](https://wordpress.org/support/users/webjunk/) * (@webjunk) * [15 years, 6 months ago](https://wordpress.org/support/topic/file-permissions-for-plugin/#post-1762179) * Are you hosted on a NON-MANAGED dedicated server? Otherwise support at your host should fix this for you. Not have you make these changes. * This is more a work-around because of how they (wrongly) set the server up. But have seen (in the past) servers setup this way. And my opinion but very dangerous currently having to leave scripts world writeable. And their fix is not the best. First there have been known exploits that if outsiders can access the script for cgiwrap, then THEY are running with YOUR username and can access everything your Username can. Second I do not know what build your server is but there was issues with cgiwrap and resources/memory. * Thread Starter [ddach69](https://wordpress.org/support/users/ddach69/) * (@ddach69) * [15 years, 6 months ago](https://wordpress.org/support/topic/file-permissions-for-plugin/#post-1762186) * My hosting is a shared plan. PHP is 5.2.13 * The permissions thing has been an issue in the past, my own workaround was to change the effected files temporarily then change them back. I could do that with the XML Sitemap Gen plugin, but then it wouldn’t be able to automatically update the sitemap on the fly, I would have to do it manually after changing the permissions, then change them back. * hmmm, what to do…any advice? * [webjunk](https://wordpress.org/support/users/webjunk/) * (@webjunk) * [15 years, 6 months ago](https://wordpress.org/support/topic/file-permissions-for-plugin/#post-1762200) * Respond to your last Support ticket and ask them if they can make the change for you. A decent host should do this as standard service. * My own opinion? Move to a better host. Don’t like their server config. Many of the issues on this forum are because of server configs. Don’t like they sent you the change directions instead of making it themselves or asking if you want them to do it. For dedicated server maybe, but not for shared hosting. More than 90% of my clients are on Hostgator because I have very few problems, love their server builds and their support is usually excellent. There are also several on the front of this site which have similar reliability. Would choose one and many of your site issues might be resolved. * Thread Starter [ddach69](https://wordpress.org/support/users/ddach69/) * (@ddach69) * [15 years, 6 months ago](https://wordpress.org/support/topic/file-permissions-for-plugin/#post-1762202) * Thanks for all the advice. I’ll have to seriously consider changing hosts. Viewing 8 replies - 1 through 8 (of 8 total) The topic ‘File Permissions for Plugin’ is closed to new replies. * 8 replies * 2 participants * Last reply from: [ddach69](https://wordpress.org/support/users/ddach69/) * Last activity: [15 years, 6 months ago](https://wordpress.org/support/topic/file-permissions-for-plugin/#post-1762202) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics