Formal definitions of Read, Write, and Execute permissions

I am new to web development and after some searching still couldn't really understand the exact meanings of Read, Write, and Execute permissions. I can't go by common-sense meanings because, for example, the World can't see a web page with World/Execute checked and World/Read unchecked but it can vice versa.

As a rule 644 (rw-r-r--) permissions must be set for all PHP, HTML and other non CGI scripts/files so the website will work fine, without any errors. CGI scripts must have 755 (rwxr-xr-x) permissions. Also you shouldn't forget about folders permissions. For normal access a folder must have 755 access permissions otherwise a server will not be able to access script/file and execute it. For more detailed answer I need to know which scripts you are executing and what user they are executed by, then I will be able to explain why it should be done in that way.

Hi Dmitry, I'm currently on a shared hosting plan (probably going VPS or dedicated in the future though), and the only person with access to the website account is me. I'm not familiar with CGI scripts at this point and wouldn't know how to pick them out to ensure they have the proper permissions. At the moment, I know that the site will have HTML, CSS, JS, and PHP files, and also a MySQL database. The site will also somehow integrate an Authorize.net system for e-commerce (I don't know what all that involves yet script-wise).

I know there are a few other security precautions I need to take besides setting appropriate permissions, but at this point just a few questions related to permissions come to mind. From my cPanel File Manager, my directory access starts at /home/my_username/, and of course the folders under this include the /public_html/ web root. So all my related questions are (assuming I'm the only "User," there are no CGI scripts, and a concern for maximum appropriate security):

1. What are all the files I might create that should stay out of the web root?
2. Out of the ones under the web root, are 644 permissions then the lowest that should be set and no lower?
3. Is there also a rule of thumb about permissions outside of the web root?
4. What is the difference between "Group" and "World"?

But if it's not too much more trouble, I still might like to know what Read, Write, and Execute really mean so that I could just deduce the answers to questions like some of these when they come up, given that the answers to these questions haven't made it obvious (to a slow learner).

(I was trying to give 1 reputation point but apparently I don't know how that works.)

My host support just now told me about these pages. I'll have to go back and read them later when I have time but they look like they'll fix my confusion. (As currently a new user I'm not allowed to create clickable URLs.)

webhostinggeeks.c-o-m/blog/2009/12/23/understanding-permission-types-for-website-security/

thewebhostinghero.c-o-m/tutorials/linux-file-permissions.html

cyberciti.biz/faq/how-linux-file-permissions-work

I'm glad that you have sorted out your question. Be free to ask more questions if you have them.

Thank you, Dmitry. I plan to work overtime on building a startup over the next 3 years or so, and I happily look forward to having this community around and being in this community.

Glad that you enjoy being here, I'll try to assist if necessary, so just be free to ask any questions.