Hosting Operations Center

hosting account domain registration databases sitebuilder file transfer web email network status support

Support Center » Knowledgebase » Web Site Related » Unix » Chmod Tutorial

	Chmod Tutorial

Solution If you are configuring Perl based scripts for your site, no doubt you would have come across the term "chmod". This tutorial seeks to give you a basic understanding of what chmod is, how file access details (permissions) are presented and how to use chmod from a command line or an FTP application.

By reading it from start to finish, you'll have a clearer understanding of chmod and permissions, or you can just jump to a specific section to get the information you need via the links below..

What is chmod?:

chmod is an abbreviation for the term "change mode". chmod is a function on all Unix, Linux and FreeBSD systems that allows varying levels of permissions to be set on files and directories in relation to the application attempting to access them. chmod controls the configuration of execute, write and read accessibility (permissions). It forms an integral part of script security.

Important: file permissions.

Our servers operate under high security levels to ensure high levels of service stability for all our clients. File permissions of 666, 777 or any chmod permission level ending in 2, 6, or 7 - for example, 777, (last 7), are not permitted as this poses a very real security risk.

777 is not necessary on our servers. The last bit is for the permissions for "everyone", but since PHP scripts run under the customer's username on our server instead of the "nobody" user on most servers, "everyone" needs no permissions. If scripts ask for 777, 770 is sufficient and will be far more secure.

All php and script files permissions must be set to 750. All other files such as HTML, images, or anything else needing to be accessed from the web should end in a permission level ending in 4; e.g. 644.

How can I tell what permissions are already set?

At a Unix/Linux/FreeBSD prompt after typing the ls -l command, or from an FTP window, you will see something like this:

drwxrwxr-x
-rw-rw-r--
-rwxr-xr-x
-rw-r--r--
-rw-r-----
-rw-rw-rw-
-rwxr-xr-x

1
2
1
1
2
1
1

fred manage
fred manage
fred manage
fred manage
fred manage
fred manage
fred manage

44343
43524
3423
555
6543
54333
4345

Mar 15 2002
Jul 16 08.22
Jan 30 08:53
Dec 12 15:55
Oct 1 16:29
Sep 15 06:00
Nov 4 03:03

stuff
picture.jpg
software.pl
items.txt
important.inf
info.html
app.cgi

Note: If you are using an Windows based FTP application to view the files on your server, the columns may be in a different order or some may not appear.

Let's break that down a bit further to one line and then define the various columns using the example:

Col #1	Col #2	Col #3	Col #4	Col #5	Col #6
-rw-rw-r--	2	fred manage	43524	Jul 16 08.22	picture.jpg

Column 1- the important one
The dash at the beginning represents a normal file; the d, as indicated in the first table in this tutorial represents a directory. The remaining characters indicate the permission in three sections - owner/user, group then other (also known nas general, public or world), with three attributes each - Read, Write and Execute. A dash means that the particular group does not have that permission. In the example above, the owner of the file, Fred, has permission to read the file and write to the file - change it.

Using the chmod command changes these settings.

Column 2
A hard link is a connection between a filename and an inode number kept in a directory file. This isn't an important aspect in relation to using chmod.

Column 3
This is in two parts and displays the owner of the file and the group to which they belong. In the example above, users who belong to the group "manage" can also read and write to the file, wheras all others can only read it.

Column 4
The size of the file in bytes

Column 5
The date and time of the last modification.

Column 6
The file name

In the above example, letters are use to signify permissions, but what about numbers?

Numbers and chmod

If you have downloaded a Perl script you wish to use for your site, you have perhaps been given instructions in the script as to what the permissions settings need to be set to, e.g. chmod 750. These numbers are basically the three groups (owner, group and other in that order) and an abbreviation of the letter strings (Read, Write and Execute) explained above.

#	Permission Level
0 1 2 3 4 5 6 7	None (the equivalent of a dash) Executable, but cannot read or write Write only, cannot read or execute Write and Execute Read-only Read-only and Execute Read, Write, but cannot execute Read, Write and Execute

In the case of 750, the owner can Read, Write and Execute, the group can Read and Execute and public/others have no permissions to perform any actions.

Using FTP Applications for chmod

For people using an FTP application for chmod, it can be difficult when a script author only states that a particular file needs permissions of, for example, 755 - some FTP applications only present a dialog box with checkboxes for Read, Write and Execute. Using the table above can make it easier for you to know which boxes should be checked. Here's some examples of common chmod settings:

chmod Value	Owner	Group	Public/Other
750 644	R-W-X R-W	R-X R	- R

chmod and CuteFTP

To access the chmod command from CuteFTP:

Left click on a file or directory on your server to highlight it.

Right click on the file or directory and from the menu that appears choose "Change File Attributes"

From the menu, select the "chmod(UNIX)" option.

On the "Change File Attributes" dialogue box you will be able to set the check boxes or enter in the chmod number

Note: Older versions of CuteFTP may not allow you to enter a number and the location of the chmod command may be slightly different, but it will still appear somewhere on the right-click menu.

chmod and WS_FTP

To access the chmod command from WS_FTP:

Left click on a file or directory on your remote window to highlight it.

Right click on the file or directory and from the menu that appears choose "Operations", then "FTP Commands"

From the menu, select the "CHMOD(unix)" option.

On the "Remote File Permissions" dialogue box you will be able to set the check boxes or enter in the chmod number

Note: Older versions of WS_FTP may not allow you to enter a number and the location of the chmod command may be slightly different, but it will still appear somewhere on the right-click menu.

chmod and FileZilla

Left click on a file or directory on your remote window to highlight it.

Right click on the file or directory and from the menu that appears choose "File Attributes"

You will then be able to set the check boxes or enter in the chmod number

Using chmod from a command line

chmod commands can be issued while in the relevant directory in the following way

chmod who=permissions file(s)

This grants "who" the given permission for a particular file or files.

Who	Permission
u = Owner g = Group o = Others a = All	r = Read w = Write x = Execute

Examples:

chmod og=rw info.html

Sets read, write permissions for other and group - owner permissions stay as they were.

Note: do not use spaces on either side of the = sign.

chmod ug=wrx info.html

Sets read, write and execute permissions for owner and group - others/public remain as they were.

Note: there doesn't need to be a specific order for "who" and "permission" codes

Wildcards can also be used, but one thing to remember - if the filename begins with a "." you'll need to use the wildcard in this way .*

Article Details

Article ID:

106

Created On:

24 Jan 2008 12:43 AM

Back

Login

[Lost Password]

Search

Article Options