Unix/Linux File Permissions
Following CGI program installation instructions regarding
permissions is usually all you really need to know about
the subject. But sometimes instructions are insufficient.
And instructions can contain typographical errors.
Today you'll find out why you do what you do. It's better
that way.
When you update your web site with new pages or scripts,
you're using your hosting company's computer system. When
folks surf your site, they're using the same computer
system. And of course your hosting company's employees use
the system, too.
A computer system keeps track of who can do what by knowing
the permissions that are assigned to each file and directory
on the system. Any user of the system can only use the
directories, files, and programs according to the
permissions assigned.
Let's keep it simple and only address the permissions that
you can assign to your own directories and files on your web
site.
Permissions are given for different levels of access and for
different activities on those levels.
Levels
You're concerned with only three levels:
-
User:
That's you. When you access your site with username
and password, you're connected as the user.
-
Group:
That's you, too. And maybe others. If your site can
be accessed with more than one username and password
set, then those sets are also part of the group.
-
Others:
That's everybody else. Some FTP programs call this
"World" or "Global" instead of "Others." They mean
the same thing -- everybody else.
When you set permissions for a directory or file, you
specify what you allow yourself to do, what you allow others
in your group to do, and what you allow everybody else to do
with that directory or file. The computer system will
respect the permissions you set.
Activities
When you specify the permissions each of those three
levels can have, you name three different activities:
-
Read:
This means viewing the contents of the file or
directory. When permission to read is associated
with a file, the file may copied and read. When
permission to read is associated with a directory,
a directory listing may be obtained.
-
Write:
This means modifying or creating files or
directories. When permission to write is associated
with a file, the file may be modified. When
permission to write is associated with a directory,
files and subdirectories may be created.
-
Execute:
This means running a program or allowing programs to
be run. When permission to execute is associated with
a file, the file may be run (provided the file is a
program, otherwise the system will try to read
instead). When permission to execute is associated
with a directory, program files in that directory
may be run.
The Permissions Number
The three levels and the three activities are represented by
a three-digit number.
Here is the numerical value of each of the three activities:
Read: 4
Write: 2
Execute: 1
If you want to specify read only, specify 4. To specify
both read and execute, add together the 4 and the 1 to
specify 5. Reading and writing, but not executing, is 6.
Permitting all activities is 7.
As stated, each activity can be permitted at each of the
three levels. That's how the three-digit number is created.
The left-most digit represents you, the user. The middle
digit represents our group. And the right-most digit
represents everybody else.
Thus, if you want to give yourself, your group, and
everybody else permission to read and execute a program
file and, in addition, give yourself (the User) write
permission, the three-digit number is 755. You have a
7 (read/write/execute). Your group has a 5 (read/execute).
And everybody else has a 5 (read/execute).
Here is a little table:
User Group Others
Read 4 4 4
Write 2 2 2
Execute 1 1 1
---- ---- ----
Total
==== ==== ====
Simply add the numbers of the activities you want to permit
for each level. The resulting three digits are the
permissions.
(Yes, you can lock yourself out of your own directories by
giving yourself only read and execute permissions. Don't try
it, not even to "see if it works." It will work. Then you'll
have to ask your hosting company to restore your write
permission.)
Always give yourself write permission. Get in the habit of
always giving yourself all permissions by typing a 7 as the
first of the three-digit number.
Setting Permissions
If you have telnet or SSH (a secure telnet) access to your
server, you can set permissions from the command line
prompt. Use the chmod program to set permissions. Your
system might require a zero in front of the three-digit
permission number. Simply type:
chmod 0755 filename
and press the enter key. That's all there is to it.
Permissions can also be set from many of the latest FTP
programs. Simply select the file or directory for the
permissions and invoke the chmod or "attributes" menu item.
Depending on the FTP program you're using, you might type in
the permissions number or you might be presented with
checkboxes to select the permissions you want to set.
Again, that's all there is to it.
Those are the essentials for grasping an understanding of
Unix/Linux file and directory permissions.
Will Bontrager
©2002 Bontrager Connection, LLC
Please note:
Articles on this website are presented "as is". However -
If you have a question about a CGI script, HTML, CSS, PHP, or JavaScript
Ask one of our Experts and you'll have your answer!
Click here for details.
