Restrict access with a umask
To tighten security, particularly in a production environment on a shared hosting system, you can use umask
to restrict access. A umask
—also referred to as a file system creation mask—is a set of bits that controls how the file permissions are set for newly created files.
Adobe Commerce uses a three-bit, default mask: 002
. Subtract the default mask from the UNIX defaults of 666 for files and 777 for directories.
For example:
-
775 for directories—Full control by the user, full control by the group, and enables everyone to traverse the directory. These permissions are typically required by shared hosting providers.
-
664 for files—Writable by the user, writable by the group, and read-only for everyone else.
For more information about creating a magento_umask
file, see Set a umask.
Permissions, ownership, and application modes
We recommend different permissions and ownership when you use the different Adobe Commerce application modes:
- Default
- Developer
- Production
See About modes in the Configuration guide.
We further discuss permissions recommendations in File systems access permissions in the Configuration guide.