|
Using CHMOD, the command
If you are working while connected via
telnet or ssh, the chmod command is used to set or change
file permissions. chmod has two distinct methods of
operation.
In the first, and perhaps easier method,
the letters u (for user), g (for group), and o (for other), along
with the letters r (for read permission, w (for write permission,
and x (for execute permission) are used with + (plus),- (minus), and
= (equals) to alter permissions from a file. Some examples:
chmod u=rwx file.html
chmod g-rwx secret.txt
chmod o+rwx weblog.txt
chmod u=rwx,g-rwx,o=r other.html
In the first example, the "user" group (u)
is given read (r), write (w), and execute (x) permissions to the
file "file.html". In the second, the "group" group (g) has read,
write, and execute permissions subtracted for file secret.txt,
effectively making it inaccessible to that group. In the third
example, the "other" group is given all permissions to the file,
allowing that group (which includes the web server) to access and
modify it fully. This is most useful when a CGI script needs access
to a certain file.
The last example makes use of commas, which
allow you to set individual permissions for each user. It is used to
give all permissions to your username, take away all permissions for
other users on the server, and give read access to the "other"
group. This setting overall is useful to prevent casually browsing
of a file by other users on the server, while allowing yourself full
access to it and allowing the web server to process browser requests
for it.
In the second method, special numeric codes
are used in place of the letters system. Each permission level is
assigned a value, as per the following chart:
Permission |
Value |
execute |
1 |
write |
2 |
read |
4 |
no permissions |
0 |
To determine the value of a
set of permissions, their numbers are added. For instance, the
numeric code 5 equals execute and read permissions (1 (execute) + 4
(read) = 5). This leaves eight possible combinations for each group,
as shown in this table:
Numeric Value |
Permissions |
0 |
no permissions |
1 |
execute permission |
2 |
write permission |
3 |
write and execute permissions |
4 |
read permission |
5 |
read and execute permissions |
6 |
read and write permissions |
7 |
read, write, and execute permissions |
To use chmod with numerical permissions, a three digit number is
formed. The first indicates the permissions that "user" should
receive, the second indicates what "group" should receive, and the
last indicates what "other" would receive. Some examples:
chmod 700 private.txt
chmod 755 normal.txt
chmod 707 forwebserver.txt
The first example gives all permissions to
user (7), and no permissions to group or other (the zeroes). The
second again gives all permissions to user, and gives read and
execute permissions (5) to group and other. The last gives all
permissions to user and other, but gives no permissions to group.
Common Numeric Codes In various
articles and instructions, both here in the Support Forum and
elsewhere, may ask you to use chmod to set specific permissions on
files. The chart below indicates the meanings of common numeric
codes you may see:
Numeric Code |
Permissions |
700 |
User: read, write, execute
Group: none
Other: none |
755 |
User: read, write, execute
Group: read, execute
Other: read,execute |
777 |
User: read, write, execute
Group: read,write,execute
Other: read,write,execute |
707 |
User: read, write, execute
Group: none
Other: read, write, execute |
NOTES: Code 707 can usually be
substituted for 777, and is a little more secure as it cuts out
direct access by other users. "Other" must maintain at least read
access to any normal file in your web space, in order for the web
server to be able to serve it to your site viewers.
Viewing Current File Permissions
While logged in via telnet or ssh, you can
view the current permissions of a file or directory with the "ls
-la" command:
bash$ ls -la file.txt
-rwxr--rw- 1 username users 368640 Aug 23 13:59 file.txt
The first field has 10 slots. The first
will always be a dash (-) in the case of a file and "d" if it is a
directory. The next three indicate permissions for "user" using the
letters r, w, and x. In this case, user has read, write, and execute
permissions. The next three slots indicate the permissions for
"group." In this example, group has read permissions, but not write
or execute. The last three slots show permissions for "other" --
other has read and write permissions, but not execute.
For an easier approach into changing
permissions using alternative means, see the
File Permissions page
for more information. |
|
|