CHMOD - Undertanding File Permissions on a Unix-Based Server

The basic command for changing file permissions in unix based operating systems is the 'chmod' command. This command is executed with a set of parameters after it. With most FTP clients, you can simply select the filename you want to change the permissions of, right click, and choose the chmod command.

There are three main groups of permissions when dealing with the chmod command. The three groups are yourself or owner, your unix group, and everyone else. A typical chmod command would look like this - 'chmod 755' This allows you to add, remove or rename files as well as read or edit a file. It also specifies that your unix group and everyone else can only read and edit the file in question. They can't add, delete, or rename the file.

How the numbers in the chmod command work

There are three types of permissions that can be given to a file. They are read, write, and execute. The read permission is assigned a value of 4, the write permission is assigned a value of 2 and the execute permission is assigned a value of 1. So when a chmod command specified the digit 7 as the first number, it means that all three types of permissions are to be assigned to it. If a party is assigned a value of '0' then it means it has no rights whatsoever to a file. '6' tells the server that the user can read and write to the file but can't execute it. I think you get the idea.

Common permissions to set

Most of your html files will do fine with a permission of 644. Most script files will need a permission of 755. Any configuration files in a script package will often need a file permission of 777. Be very careful about assigning a file permission of '777' for everyone. With this permission, it means that anyone who gains access to your server will be able to add, remove, rename, read or edit the file. It is always a good idea with security in mind to assign the least amount of permissions necessary to get the job done.

An FTP client can keep things simple

Most people on shared servers will not have access to a command line to be able to use the chmod command. For most people, changing file permissions will be done through an FTP client. To do this, right click on the file you want to alter, and choose the chmod command. You will usually get a popup that will show nine checkboxes. The will be arranged in three rows. On the left you will usually see Read, Write, and Execute for the row headings. You can accomplish the same thing as typing in the numbers above by clicking on one, two or three boxes for each party. Once you're done, you click the apply or ok button and the file permissions will be changed.

If you keep in mind that you need to always go with the most restrictive file permissions possible that still allows your files to execute, and that there are three parties to define permissions for, you'll do fine. The three parties again are the owner, group, and everyone else.

No comments:

topics