Protect your inbox against spam, viruses, worms, phishing, fraud, and other malicious
content with our new E-MAIL DEFENSE service.
Save on long distance charges
with our live-voice-chat Ventrilo servers!
Talk live to friends and family; play organized online games; provide live customer support; and much, much more!
|
LINUX FILE PERMISSONS TUTORIAL
What are they?
Just for a few minutes, forget about Windows, where you start
up your computer, create a file, can open it for reading and writing or
delete it without doing anything special.
On Linux servers, the server needs to know 2 things about files:
- What can be done to a file; and
- Who can do it
The "What can be done to a file" is broken down to three action
types: read, write, execute.
- Reading is just opening a file and looking at its contents
- Writing is overwriting, appending or deleting a file
- Executing is allowing a cgi *program* to run. Putting execute
permissions on an html file is useless, because the html file will not
"do" anything.
The "who can do it" is also broken down to 3 sections:
owner, group and public (or world). For mydomain.com:
- The owner is mydomain. This is the ruler of the account.
- The group is mydomaing. Groups usually are the owner name, appended with a g or grp
- The public is anyone who comes to your site (or any other user on the same server.)
What do they look like?
Now that we know the what and who, we need to show what
permissions "look like". Here's some output from looking
at a couple of mydomain.com's directories (we got this by telnetting to the domain, and issuing the
Unix command, ls -la):
-rw-r--r-- 1 mydomain mydomaing 193 Sep 14 20:12 index.html
-rwxr-xr-x 1 mydomain mydomaing 61970 Sep 15 02:57 script.pl*
-rw-r--r-- 1 mydomain mydomaing 2214 Sep 15 02:57 variables.var
drwxr-xr-x 2 mydomain mydomaing 4096 Sep 15 02:57 data/
-rwx------ 1 mydomain mydomaing 489 Jun 27 13:00 sitevars*
The file permissions are in the first column.
As you've probably already determined by glancing at the listing above,
the 'r' signifies read permission; the w signifies write permission; and
the 'x' signifies execute permission.
Now, let's break down that mysterious grouping of r's,w's and x's for index.html.
D O G P
- rw- r-- r--
The first dash is to signify if it's a directory or not. If
you'll refer back to the file listing above, you'll see that the data/
directory has a "d" in the first column. This means that
the machine realizes data/ is a directory and not a file. You don't
need to concern yourself about adding the d setting -- Linux will
automatically toss in a d if it's a directory.
The next group, under "O" is the owner permissions. Since
you already know that r is read permission and w is write permission, you
know that the owner has both of these perms. Both the group and
public have read-only permissions.
Let's just look at the permissions for 2 more files:
script.pl
D O G P
- rwx r-x r-x
D - It's not a directory.
O - has read/write/execute permissions
G, P - have read/execute permissions
You'll also notice the script.pl has a star * next to it in the
directory listing above. That's a quick and easy identifier that
the file is executable.
variables.pl
D O G P
- rwx --- ---
Here, only the owner has any permissions on the file at all.
No one else can read, write or execute the file. This is the safest
file permissions, but can only be used if you don't want anyone to see
its contents (can't be viewed on a website).
Minimum Permission Settings
For an executable cgi file (e.g. cgi, pl or any other
cgi program that needs to be invoked from a web browser):
rwxr-xr-x
or 755
For a read-only file (e.g. .html, .shtml, .txt or any other file
that's not a cgi scipt that needs to be accessible from a web
browser)
rw-r--r--
or 644
For a file that needs to be written from a cgi-program, such as a flat
file database that is managed from the browser.
rw-rw-rw-
or 666
Now you may be wondering what the numbers are. Essentially, they
are numeric representations of the rwxrwxrwx methods described
here. Each number correlates to each of the 3 of rwx sets (owner,
group, and public permissions). For example:
O
G P
7 5 5
rwx r-x r-x
O G P
7 0 0
rwx --- ---
Here's a little chart that you can use to convert the most common
alphabetic permission settings to numeric:
0 No permissions
whatsoever
4 Read
5 Read /
execute
6 Read /
write
7 Read / write /
execute
In order for a file to actually write or execute, it must have read
permissions, so don't concern yourself about the other permutations (
write / execute only, write only, execute only ).
How to change file permissions
There are many ways to change file permissions: from the
shell, from an ftp program or from any of the various cgi scripts that
alter permissions. Here's I'll outline two.
Shell
The command to change permissions is chmod (change
mode). Here's a few of the common permission
settings:
chmod 755 file.cgi
chmod 644 file.html
Now let's say that you have just uploaded 5 (or more) cgi files. It
would be rather tedious to do:
chmod 755 file1.cgi
chmod 755 file2.cgi
chmod 755 file3.cgi
chmod 755 file4.cgi
chmod 755 file5.cgi
Linux allows you to use wildcards, represented by an asterisk * do
perform an action on a group of files:
chmod 755 *.cgi
Here, we've told Linux to set permissions on all files in the directory
that end in .cgi.
FTP
Many FTP programs now have the ability to change permissions on
files. In CuteFTP for example, right-click the remote file and
select CHMOD from the menu. then, simply check the permission
settings you want for each group.
OTHER USEFUL INFORMATION
Source: http://www.hostingmanual.net/other/permissions.shtml
|
Take control of your domain name today!
Five minute propagation.
Complete control over your DNS records.
Full zone management: A, MX, CNAME, TXT records
Domain forwarding options
|
