Results 1 to 2 of 2
09-15-2004, 03:45 PM #1denisGuest
[Tutorial] Understanding File Permissions
Of all the different problems associated with installing CGI scripts, many
can be attributed to incorrect permission settings on one file or another.
Permissions are very important on a Unix system because it prevents
unauthorized people from viewing or editing files. Anyone using a Unix
system has an identity, and file and directory access depends on "who"
Unix files and folders are protected on three different levels
This permission value effects what the owner of the file can do to it. While it
would be fair to assume that only you as the owner would be affected by this
setting - it may affect a group of users depending on how your host has set
up the server.
These are usually the permission determining the rights of a group of users
(usually those using the same server as yourself) - these should generally
be the same as the owner's permissions because you are a user of the
group when you are logged into the server.
This sets the permissions for anyone one else that may have access to the
files but who is not an owner or group. This setting will affect anyone who
is trying to access the file via the web, including the owner of the file (since
the owner is only counted as the owner when they are using the "shell"
account or using FTP).
Understanding permission values
If you've ever downloaded a script and read the installation instructions
you'll have likely been told that you need to CHMOD a file to 666 or set
the permissions to 755. So how does this set of numbers relate to the
various groups of the typical Unix file protection system? Well, there are
three numbers and three different types of permission...
- The first number relates to the permissions of the file owner
- The second relates to permissions for the group
- The third and last number relates to the permissions for any other
type of user
So what do these numbers mean? There are three main reasons why
a person may want to open a file; to read from it, to write to it or to
execute it (i.e. run it or use it). Each of these properties has a value
assigned to it, and it is the sum of these values that determines the
>>>>>>>>>>>>>>>>read write execute
permission value >>>4>>>2>>> 1
Once you know the permission settings for a file, you can determine exactly
who is allowed to do what to that particular file by doing some simple maths.
Here is a table showing which file attributes need to be set for all possible
values of a setting.
So, following this table we can see that a file whose permissions are to be
set at 755 will allow...
value read write execute
- The owner of the file to read, write and execute (value 7)
- The group of the file to read and execute (value 5)
- Other users to read and execute (value 5)
In this case everyone has access to read the file and run the program
(assuming it was a script), but only the owner of the file can write to it
(via FTP or shell access).
Setting the File Permissions
So, now that you have an understanding of how to decipher the numbers
used for expressing file permissions - you need to be able to set them.
There are two ways you can do this. Either logging into your shell account
and use the Unix CHMOD command, or using your FTP client to do it for you.
Since Unix shell accounts are only usually available to those power users
that pay for their hosting, FTP is the common method for doing this, as
you do not have to know about the Unix commands.
Here is (see the Attachment) an example of the permissions setting interface
of my favourite FTP client (WS_FTP LE). You will notice that there are a total
of 9 check boxes on it, each acting as a toggle for switching the read, write
and execute permissions of each of the three "groups" of Unix users.
To see this menu that allows you to set the permissions, right click on the
file or folder that you want to set the permissions for and select the CHMOD
file option. This will bring up a menu similar to the one shown here and in
most programs; it is just a case of checking the boxes that you want to set
the permission for.
Notes about Permissions
You will notice that there is a note at the bottom of the example shown
above. While there are permission settings on Windows servers, they are
usually only set at the server level and are not comparable with the built
in security features of a Unix file system - thus individual file permissions
can not be set by the owner via FTP on a Windows server. As for other
file systems, if they are Unix compatible then the chances are that the
server will support the CHMOD command, but the only way to be sure is
to try and change the permissions of a file.
Another point to remember is that you are only considered the owner of
a file when you access it via a shell account or FTP (both of which require
you to log in to be able to identify yourself). If you are testing a script you
have uploaded and you are using a browser to do it, then you do not have
the owner's privileges, rather the results of the script will depend on the
other user's permissions for the script and any files that are used for it.
This is why it is common to set a script's permissions to 755 (which allows
other users to read and execute the file) and its data-files to 666 (which
allows them to read and write to the file).
Author: Rosemarie Wise
Last edited by denis; 09-15-2004 at 03:54 PM.
09-16-2004, 10:24 AM #2
- Join Date
- Feb 2004
The sweet science of CHMODing.. Very good and informative write up on it!The Web Hosting Show - The Voice of the Web Hosting World
Think of it as talk radio mixed with Web hosting discussion for both Web hosts and Web hosting clients! New episode every Monday!