|
 |
File Permissions: Basic Tutorial
(skip to the bottom if you just want to know HOW to change permissions)
One of the most common problems people have with CGI scripts is related to file permissions. Subsequently, we have put this tutorial together to familarize normal folks with the basics of UNIX file permissions. Please note that when we say UNIX in this tutorial we are refering to that system in general terms, also meaning linux systems. The information contained here may also be relevant to other systems such as BSD.
To start off, UNIX is a multi-user environment and subsequently it must keep track of ownership and operation privileges for different users. In short, the server needs to know 2 things about files:
1.) What can be done to a file?
2.) Who can do it?
What can be done to a file can be broken down to three simple possible actions:
- Reading: Opening a file and looking at its contents.
- Writing: Overwriting, appending or deleting a file.
- Executing: Running a file, that is, causeing a script or program to do whatever it does.
People who can do things to files are catagorized by three basic user types when dealing with CGI scripts- User, Group and Other.
- User - The owner of the file (whoever logged in and uploaded it).
- Group - Users who are part of the owner's group (not really used on Web servers).
- Other - Everyone else (your website visitors).
So we have three different types of users with three possible actions that they can take. File permissions are all about delegating which actions each user type is allowed to take. From a webmaster's point of view, it can be very dangerous to allow the wrong user (i.e. everyone on the web or "other") to have permission to rewrite your files or execute files meant only for the admin.
To continue, each different permission has a number assigned to represent it:
- Read = 4
- Write = 2
- Execute = 1
When deciphering file permissions, you add together the values for the ones you wish to allow for each "user type", using 0 if you do not wish to enable one of the three. Permissions for scripts (.cgi, .pl files) are usually set via the CHMOD (stands for "change mode", more on this later) command to 755:
| User Type |
Permission |
Numbers |
| User: |
Read, Write, Execute |
= 4 + 2 + 1 = 7 |
| Group: |
Read, Execute |
= 4 + 0 + 1 = 5 |
| Other: |
Read, Execute |
= 4 + 0 + 1 = 5 |
| Resulting File Permission: 755 |
In this example, the webmaster would be able to "write" (make changes, delete) this file but everyone else would be forbiden to.
Directories
Now, permissions used with directories work in a slightly different way:-
- Read - view the directory contents.
- Write - create or delete files within the directory.
- eXecute - access the directory.
Be aware that it is possible for somebody to delete a file inside a directory that has write permission even if they don't actually have Write access for that particular file!
What file permissions look like
Now that we know what users can do to files and who those different users are, let's taek a look at what permissions actually "look like". When viewing a file permission, the possible actions will be abreviated by single letters: Read, Write, eXecute and Directory.
Here are some examples of what file permissions look like with these abbreviations, note that the dashes ( - ) signify that that permission is turned off.
drwxr-xr-x
-rw-r--r--
-rwxr-xr-x
drw-r--r--
-rwx------
To break the first example down:
| Is it a dir? |
Users |
Groups |
Others |
| d |
r, w, x |
r, -, x |
r, -, x |
From this example it is easy to see that file permissions are written all strung together with their R,W,X abbreaviations starting with "d" for weather or not it's a directory. Knowing all this, you should be able to understand a few examples of the most commonly used permission settings:
- 755 - (drwxr-xr-x) - Directories containing CGI files
- 777 - (drwxrwxrwx) - Directories not containing CGI files
- 755 - (-rwxr-xr-x) - CGI files
- 666 - (-rw-rw-rw-) - Log files
- 777 - (-rwxrwxrwx) - HTML files
How to Change Permission Settings
There are many ways to change file permissions: from the shell, from an ftp program or from a cgi script that alters permissions as part of it's function. Here are the most basic methods people use:
Shell
The command to change permissions is chmod (change mode). For example:
chmod 755 file.cgi
or
chmod 644 file.html
Now let's say that you have just uploaded 5 (or more) cgi files. It would be rather tedious to do:
chmod 755 file1.cgi
chmod 755 file2.cgi
chmod 755 file3.cgi
chmod 755 file4.cgi
chmod 755 file5.cgi
Linux allows you to use wildcards, represented by an asterisk * do perform an action on a group of files:
chmod 755 *.cgi
Here, we've told Linux to set permissions on all files in the directory that end in .cgi.
FTP
Many FTP programs now have the ability to change permissions on files. In CuteFTP or it's clone programs for example, right-click the remote file and select CHMOD from the menu. Then, you can simply check the permission settings you want for each user type.
|
|
