Unix/Linux File Permissions
Following CGI program installation instructions regarding permissions is usually all you really need to know about the subject. But sometimes instructions are insufficient. And instructions can contain typographical errors.
Today you'll find out why you do what you do. It's better that way.
When you update your website with new pages or scripts, you're using your hosting company's computer system. When folks surf your site, they are also using the hosting company's computer system. And of course your hosting company's employees use the system, too.
A computer system keeps track of who can do what by knowing the permissions that are assigned to each file and directory on the system. Any user of the system can only use the directories, files, and programs according to the permissions assigned.
Let's keep it simple and only address the permissions that you can assign to your own directories and files on your web site.
Permissions are given for different levels of access and for different activities on those levels.
Levels
You're concerned with only three levels:
-
User:
That's you. When you access your site with username and password, you're connected as the user. -
Group:
That's you, too. And maybe others. If your site can be accessed with more than one username and password set, then those sets are also part of the group. -
Others:
That's everybody else. Some FTP programs call this "World" or "Global" instead of "Others." They mean the same thing -- everybody else.
When you set permissions for a directory or file, you specify what you allow yourself to do, what you allow others in your group to do, and what you allow everybody else to do with that directory or file. The computer system will respect the permissions you set.
Activities
When you specify the permissions each of those three levels can have, you name three different activities:
-
Read:
This means viewing the contents of the file or directory. When permission to read is associated with a file, the file may copied and read. When permission to read is associated with a directory, a directory listing may be obtained. -
Write:
This means modifying or creating files or directories. When permission to write is associated with a file, the file may be modified. When permission to write is associated with a directory, files and subdirectories may be created. -
Execute:
This means running a program or allowing programs to be run. When permission to execute is associated with a file, the file may be run (provided the file is a program, otherwise the system will try to read instead). When permission to execute is associated with a directory, program files in that directory may be run.
The Permissions Number
The three levels and the three activities are represented by a three-digit number.
Here is the numerical value of each of the three activities:
Read: 4 Write: 2 Execute: 1
If you want to specify read only, specify 4. To specify both read and execute, add together the 4 and the 1 to specify 5. Reading and writing, but not executing, is 6. Permitting all activities is 7.
As stated, each activity can be permitted at each of the three levels. That's how the three-digit number is created.
The left-most digit represents you, the user. The middle digit represents our group. And the right-most digit represents everybody else.
Thus, if you want to give yourself, your group, and everybody else permission to read and execute a program file and, in addition, give yourself (the User) write permission, the three-digit number is 755. You have a 7 (read/write/execute). Your group has a 5 (read/execute). And everybody else has a 5 (read/execute).
Here is a little table:
User Group Others ---- ----- ------ Read 4 4 4 Write 2 2 2 Execute 1 1 1 ---- ----- ------ Total 7 7 7 ==== ===== ======
Simply add the numbers of the activities you want to permit for each level. The resulting three digits are the permissions.
(Yes, you can lock yourself out of your own directories by giving yourself only read and execute permissions. Don't try it, not even to "see if it works." It will work. Then you'll have to ask your hosting company to restore your write permission.)
Always give yourself write permission. Get in the habit of always giving yourself read and write permissions by typing a 6 as the first of the three-digit number, or a 7 for all permissions if the file is a script.
Setting Permissions
One way to set permissions is with FTP programs. Simply select the file or directory for the permissions and update the permissions. Depending on the FTP program you're using, you might type in the permissions number or you might be presented with checkboxes to select the permissions you want to set.
Another way is with the cPanel "File" menu item. Select the file or directory and specify permissions for it.
A third way exists if you have telnet or SSH (a secure telnet) access to your server (sometimes referred to as "command line access"), where you can set permissions from the command line prompt. Use the chmod program to set permissions. A zero is required as a digit in front of the three-digit permission number. Simply type:
chmod 0755 filename
for 755 permissions and press the enter key.
Those are the essentials for grasping an understanding of Unix/Linux file and directory permissions.
Will Bontrager