This is with shared hosting on an Apache Server /PHP /MySql /Cpanel.
Default permissions
In all cases, it appears to be recommended to set the permissions as strict as workable. Official source: http://drupal.org/node/244924 (it's a long story).
Principally, these should be the permissions that Drupal gives every new installation.
sites/all - 755 (or 744 if that will work, on my shared hosting, it doesn't)
sites/all/libraries - 755 - also all subdirectories
sites/all/modules - 755 - also all subdirectories
sites/all/themes - 755 - also all subdirectories
sites/default - 555
sites/default/files - 755 - also all subdirectories
sites/default/libraries - 755 - also all subdirectories
sites/default/modules - 755 - also all subdirectories
sites/default/themes - 755 - also all subdirectories
settings.php - as strict as possible (see first install below)
The source for the above list in digital format is from my own observations/testing plus a very sensible comment in the long thread that follows from the above permissions handbook:
http://drupal.org/node/244924#comment-3651134 (thanks for this straightforward comment, the poster appears to be correct)
Too strict permissions
Temporarily setting permissions too strict does not appear to break Drupal permanently, but the site will not work properly. If this happens, panic might be a first reaction, but there's no need for it; go back and change the permissions again. Setting the permissions too "wide" is a security risk.
First install
After first install, Drupal will set the both, the sites/default directory and settings.php file with fixed file permissions (probably default 555). In my particular set-up I leave the
- leave default directory at 555
- can change settings.php file from 555 to 444 (stricter).
The example file: default.settings.php is actually not needed, but if it stays it's probably a good idea to have at same permissions as the actual file.
Change settings.php
If after install you need to work on the settings.php file you may get access denied errors. You most probably need to temporarily widen permissions for you to be able to "write":
- sites/default directory from 555 to 655 and the
- settings.php file from 555 to 655 (or from 444 to 644)
Do not forget to manually change the default directory and the settings.php file back to what they were before.
Any backup files on the server?
Also, if you leave any old backup copies of files or the file system anywhere on the server, make sure they have permissions so that only you can get at them, like 400. This basically locks them in, you'll need to change to 600 or less strict in order to do anything with them.