WillMaster Possibillites Logo EzineSeek Award
Unix/Linux File Permissions
by
Mari Bontrager

Permission is granted to reprint this article in its entirety, provided no reprints are sent in conjunction with unsolicited bulk email, provided no fee or other value is exchanged, provided no changes are made to the article, and provided the author's name, signature lines, and copyright line are printed with the article; except you may change the article's title.

Following CGI program installation instructions regarding permissions is usually all you really need to know about the subject. But sometimes instructions are insufficient. And instructions can contain typographical errors.

Today you'll find out why you do what you do. It's better that way.

When you update your web site with new pages or scripts, you're using your hosting company's computer system. When folks surf your site, they're using the same computer system. And of course your hosting company's employees use the system, too.

A computer system keeps track of who can do what by knowing the permissions that are assigned to each file and directory on the system. Any user of the system can only use the directories, files, and programs according to the permissions assigned.

Let's keep it simple and only address the permissions that you can assign to your own directories and files on your web site.

Permissions are given for different levels of access and for different activities on those levels.

Levels

You're concerned with only three levels:

  • User:
    That's you. When you access your site with username and password, you're connected as the user.

  • Group:
    That's you, too. And maybe others. If your site can be accessed with more than one username and password set, then those sets are also part of the group.

  • Others:
    That's everybody else. Some FTP programs call this "World" or "Global" instead of "Others." They mean the same thing — everybody else.

When you set permissions for a directory or file, you specify what you allow yourself to do, what you allow others in your group to do, and what you allow everybody else to do with that directory or file. The computer system will respect the permissions you set.

Activities

When you specify the permissions each of those three levels can have, you name three different activities:

  • Read:
    This means viewing the contents of the file or directory. When permission to read is associated with a file, the file may copied and read. When permission to read is associated with a directory, a directory listing may be obtained.

  • Write:
    This means modifying or creating files or directories. When permission to write is associated with a file, the file may be modified. When permission to write is associated with a directory, files and subdirectories may be created.

  • Execute:
    This means running a program or allowing programs to be run. When permission to execute is associated with a file, the file may be run (provided the file is a program, otherwise the system will try to read instead). When permission to execute is associated with a directory, program files in that directory may be run.

The Permissions Number

The three levels and the three activities are represented by a three-digit number.

Here is the numerical value of each of the three activities: 

   Read: 4
  Write: 2
Execute: 1

If you want to specify read only, specify 4. To specify both read and execute, add together the 4 and the 1 to specify 5. Reading and writing, but not executing, is 6. Permitting all activities is 7.

As stated, each activity can be permitted at each of the three levels. That's how the three-digit number is created.

The left-most digit represents you, the user. The middle digit represents our group. And the right-most digit represents everybody else.

Thus, if you want to give yourself, your group, and everybody else permission to read and execute a program file and, in addition, give yourself (the User) write permission, the three-digit number is 755. You have a 7 (read/write/execute). Your group has a 5 (read/execute). And everybody else has a 5 (read/execute).

Here is a little table: 

        User   Group  Others

Read      4      4      4

Write     2      2      2

Execute   1      1      1
        ----   ----   ----
Total
        ====   ====   ====

Simply add the numbers of the activities you want to permit for each level. The resulting three digits are the permissions.

(Yes, you can lock yourself out of your own directories by giving yourself only read and execute permissions. Don't try it, not even to "see if it works." It will work. Then you'll have to ask your hosting company to restore your write permission.)

Always give yourself write permission. Get in the habit of always giving yourself all permissions by typing a 7 as the first of the three-digit number.

Setting Permissions

If you have telnet or SSH (a secure telnet) access to your server, you can set permissions from the command line prompt. Use the chmod program to set permissions. Your system might require a zero in front of the three-digit permission number. Simply type: 

chmod 0755 filename

and press the enter key. That's all there is to it.

Permissions can also be set from many of the latest FTP programs. Simply select the file or directory for the permissions and invoke the chmod or "attributes" menu item.

Depending on the FTP program you're using, you might type in the permissions number or you might be presented with checkboxes to select the permissions you want to set.

Again, that's all there is to it.

Those are the essentials for grasping an understanding of Unix/Linux file and directory permissions.

Now you know why you're doing what you're doing :)

By: Will Bontrager

Copyright 2002 Bontrager Connection, LLC
http://willmaster.com/possibilities/
subscribe-possibilities@willmaster.com