Linux Folder & File Permissions
As a webmaster you need
to know how to use the CHMOD command to set folder and file permissions
(also referred to as 'file attributes') on Linux web
servers. You need to set the correct file permissions especially
with CGI script files when you install them.
On a Linux web
server, every file and folder stored on the hard drive have a
set of permissions associated with it, which says who is allowed
to do what with the file. Every file (and folder) also has an
"owner" and a "group" associated with it.
If you created the file, then you are the owner of that file,
and your group, or the group associated with the folder you created
the file in, will be associated with that file.
There are three types of
people that can do things to files - the Owner of the file, anyone
in the Group that the file belongs to, and Others (everyone else).
In Linux they are referred to using the letters U (for Owner or
User), G (for Group), and O (for Others).
There are three things
that can be done to files or folders:
read the file or folder
(this means listing the contents of the file or folder)
write to the file. For
folders this means creating and deleting files in the folder.
execute (run) the file
if it's a program or script. For folders this means accessing
files in the folder.
Therefore there are three
types of permissions:
r - read the file or directory
w - write to the file or directory
x - execute the file or search the directory
Each of these permissions
can be set for any one of three types of user:
u - the user who owns
the file (you)
g - members of the group to which the owner belongs
o - all other users
CGI script installation
pages will tell you to 'CHMOD 755' or 'Set the file to executable'.
This all refers to setting the file permissions or attributes.
When you use FTP or Telnet, you'll notice some letters next to
the file listings. These letters are the current settings for
the file or folder permissions. The details look like this:
- 15Kb 02/01/02 22:45 drwxrwxrwx
The string of letters,
drwxrwxrwx, represents the permissions that are set for this folder.
|
d |
r |
w |
x |
r |
w |
x |
r |
w |
x |
|
|
Owner |
Group |
Other |
|
Directory |
Read |
Write |
Execute |
Read |
Write |
Execute |
Read |
Write |
Execute |
The string of letters breaks
down into 3 sections of 3 letters each, representing each of the
types of users (the owner, members of the group, and everyone
else). There is a 'd' attribute on the left, which tells us if
this is a file or a folder (directory). If any of these letters
is replaced with a hyphen (-), it means that permission is not
granted.
For example:
|
drwxrwxrwx |
A folder which has read,
write and execute permissions for the owner, the group and for
other users. |
|
-rwxr--r-- |
A file that can be read
and written by the user, but only read and executed by the group,
and only read by everyone else. |
Using numbers
You can also use numbers
for setting file and folder permissions. Each of the three numbers
corresponds to each of the three sections of letters. The first
number determines the owner permissions, the second number determines
the group permissions and the third number determines the other
permissions. Each number can have one of eight values ranging
from 0 to 7. Each value corresponds to a certain setting of the
read, write and execute permissions.
These values are added
together for any one user category:
1 = execute only
2 = write only
3 = write and execute (1+2)
4 = read only
5 = read and execute (4+1)
6 = read and write (4+2)
7 = read and write and execute (4+2+1)
or in a table format, it
would look like this:
Number Read (R) Write (W) Execute (X)
|
0 |
No |
No |
No |
|
1 |
No |
No |
Yes |
|
2 |
No |
Yes |
No |
|
3 |
No |
Yes |
Yes |
|
4 |
Yes |
No |
No |
|
5 |
Yes |
No |
Yes |
|
6 |
Yes |
Yes |
No |
|
7 |
Yes |
Yes |
Yes |
For example:
777 is the same as rwxrwxrwx
755 is the same as rwxr-xr-x
Setting permissions using
FTP
Your FTP program will most
likely allow you to set file and folder permissions by selecting
the file or folder in the remote window and either right-clicking
on it and selecting an option such as CHMOD or Set permissions,
or by selecting CHMOD / Set permissions from a menu option. Once
you've selected the appropriate menu option, you'll see a dialog
box similar to the following (this one is from CuteFTP for Windows):
Using the screen of your
FTP client, it should be easy to set the read, write and execute
permissions for the owner, group and others using the check boxes.
If you already know which numbers are needed, you can type the
3 digit number. The FTP client will change (chmod) the permissions
for you. The above example of CHMOD 755 will be the one
used most, since almost all CGI scripts need to be 755.
|
