Chmod Tutorial
Article Details
URL:
http://support.hostingoperations.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=106
Article ID:
106
Created On:
24 Jan 2008 12:43 AM
Answer
If you are configuring Perl based scripts for your site, no doubt you would have come across the term "chmod". This tutorial seeks to give you a basic understanding of what chmod is, how file access details (permissions) are presented and how to use chmod from a command line or an FTP application.
By reading it from start to finish, you'll have a clearer understanding of chmod and permissions, or you can just jump to a specific section to get the information you need via the links below..
What is chmod?:
chmod is an abbreviation for the term "change mode". chmod is a function on all Unix, Linux and FreeBSD systems that allows varying levels of permissions to be set on files and directories in relation to the application attempting to access them. chmod controls the configuration of execute, write and read accessibility (permissions).
It forms an integral part of script security.
Important: file permissions.
Our servers operate under high security levels to ensure high levels of service stability for all our clients. File permissions of 666, 777 or any chmod permission level ending in 2, 6, or 7 - for example, 77
7
, (last 7), are not permitted as this poses a very real security risk.
777 is not necessary on our servers. The last bit is for the permissions for "everyone", but since PHP scripts run under the customer's username on our server instead of the "nobody" user on most servers, "everyone" needs no permissions. If scripts ask for 777, 770 is sufficient and will be far more secure.
All php and script files permissions
must
be set to 750. All other files such as HTML, images, or anything else needing to be accessed from the web should end in a permission level ending in 4; e.g. 644.
How can I tell what permissions are already set?
At a Unix/Linux/FreeBSD prompt after typing the ls -l command, or from an FTP window, you will see something like this:
drwxrwxr-x
-rw-rw-r--
-rwxr-xr-x
-rw-r--r--
-rw-r-----
-rw-rw-rw-
-rwxr-xr-x
1
2
1
1
2
1
1
fred manage
fred manage
fred manage
fred manage
fred manage
fred manage
fred manage
44343
43524
3423
555
6543
54333
4345
Mar 15 2002
Jul 16 08.22
Jan 30 08:53
Dec 12 15:55
Oct 1 16:29
Sep 15 06:00
Nov 4 03:03
stuff
picture.jpg
software.pl
items.txt
important.inf
info.html
app.cgi
Note:
If you are using an Windows based FTP application to view the files on your server, the columns may be in a different order or some may not appear.
Let's break that down a bit further to one line and then define the various columns using the example:
Col #1
Col #2
Col #3
Col #4
Col #5
Col #6
-rw-rw-r--
2
fred manage
43524
Jul 16 08.22
picture.jpg
Column 1- the important one
The dash at the beginning represents a normal file; the d, as indicated in the first table in this tutorial represents a directory. The remaining characters indicate the permission in three sections - owner/user, group then other (also known nas general, public or world), with three attributes each -
R
ead,
W
rite and E
x
ecute. A dash means that the particular group does not have that permission. In the example above, the owner of the file, Fred, has permission to read the file and write to the file - change it.
Using the chmod command changes these settings.
Column 2
A hard link is a connection between a filename and an inode number kept in a directory file. This isn't an important aspect in relation to using chmod.
Column 3
This is in two parts and displays the owner of the file and the group to which they belong. In the example above, users who belong to the group "manage" can also read and write to the file, wheras all others can only read it.
Column 4
The size of the file in bytes
Column 5
The date and time of the last modification.
Column 6
The file name
In the above example, letters are use to signify permissions, but what about numbers?
Numbers and chmod
If you have downloaded a Perl script you wish to use for your site, you have perhaps been given instructions in the script as to what the permissions settings need to be set to, e.g. chmod 750. These numbers are basically the three groups (owner, group and other in that order) and an abbreviation of the letter strings (
R
ead,
W
rite and E
x
ecute) explained above.
#
Permission Level
0
1
2
3
4
5
6
7
None (the equivalent of a dash)
Executable, but cannot read or write
Write only, cannot read or execute
Write and Execute
Read-only
Read-only and Execute
Read, Write, but cannot execute
Read, Write and Execute
In the case of 750, the owner can Read, Write and Execute, the group can Read and Execute and public/others have no permissions to perform any actions.
Using FTP Applications for chmod
For people using an FTP application for chmod, it can be difficult when a script author only states that a particular file needs permissions of, for example, 755 - some FTP applications only present a dialog box with checkboxes for
R
ead,
W
rite and E
x
ecute. Using the table above can make it easier for you to know which boxes should be checked. Here's some examples of common chmod settings:
chmod Value
Owner
Group
Public/Other
750
644
R-W-X
R-W
R-X
R
-
R
chmod and CuteFTP
To access the chmod command from CuteFTP:
Left click on a file or directory on your server to highlight it.
Right click on the file or directory and from the menu that appears choose "
Change File Attributes
"
From the menu, select the "chmod(UNIX)" option.
On the "Change File Attributes" dialogue box you will be able to set the check boxes or enter in the chmod number
Note:
Older versions of CuteFTP may not allow you to enter a number and the location of the chmod command may be slightly different, but it will still appear somewhere on the right-click menu.
chmod and WS_FTP
To access the chmod command from WS_FTP:
Left click on a file or directory on your remote window to highlight it.
Right click on the file or directory and from the menu that appears choose "Operations", then "FTP Commands"
From the menu, select the "CHMOD(unix)" option.
On the "Remote File Permissions" dialogue box you will be able to set the check boxes or enter in the chmod number
Note:
Older versions of WS_FTP may not allow you to enter a number and the location of the chmod command may be slightly different, but it will still appear somewhere on the right-click menu.
chmod and FileZilla
Left click on a file or directory on your remote window to highlight it.
Right click on the file or directory and from the menu that appears choose "File Attributes"
You will then be able to set the check boxes or enter in the chmod number
Using chmod from a command line
chmod commands can be issued while in the relevant directory in the following way
chmod who=permissions file(s)
This grants "who" the given permission for a particular file or files.
Who
Permission
u = Owner
g = Group
o = Others
a = All
r = Read
w = Write
x = Execute
Examples:
chmod og=rw info.html
Sets read, write permissions for other and group - owner permissions stay as they were.
Note:
do not use spaces on either side of the = sign.
chmod ug=wrx info.html
Sets read, write and execute permissions for owner and group - others/public remain as they were.
Note:
there doesn't need to be a specific order for "who" and "permission" codes
Wildcards can also be used, but one thing to remember - if the filename begins with a "." you'll need to use the wildcard in this way .*