tallsimon.com

Introduction

I learned about file permissions the hard way. I was trying to install and run CGI scripts on my newly-aquired unix server and was just using the cpanel file manager for some file management and a a browser for ftp.

So I tried to find out what 0777 and 0644 meant. And I ended up reading about chmod and -rww and all sorts of things I wansn’t interested in.

So here’s help for non-geeks to change permissions using your normal browser and tick boxes.

What are permissions

Permissions tell the server whether to allow the person who is trying to access a file or folder whether to allow them to read, write/modify or execute/run a file.

Their permission to do this depends on who they are- whether they are the owner/webmaster, part of a priveledged group, or just a normal web user.

So there are 9 options- three groups and three permission options for each group. Each permission can be either allowed or not.

There are various ways of recording/coding permissions. In the table below, the three-number code system is summarised with an example for a normal html web page:

Group	Can read	can write	can execute	normal file permissions
Owner/user	4=can 0=cant	2=can 0=cant	1=can 0=cant	read/write = 4+2+0 = 6
Group	4=can 0=cant	2=can 0=cant	1=can 0=cant	read only = 4+0+0 = 4
All users/world	4=can 0=cant	2=can 0=cant	1=can 0=cant	read only = 4+0+0 = 4
typical settings	everyone can read	only user can write	nobody can execute

As you can see, 644 is normally the setting used for files on a unix server. This is when the owner can read and write to the file and anyone else can only read it. 644 is the sum of the numbers for read (4), write(2) and execute (1) options.

To give another example, some scripts require a log or cache file is writeable by all, thus the permissions matrix is as follows:

Group	read	write	execute	sum
owner/user	4	2	1	7
group	4	2	1	7
all users/world	4	2	1	7

Finally, most folders should normally be set to 755 so that if there are files in the folder that need to be executed such as scripts etc, this can be done by anyone, but only the owner can put new files into the folder (write).

Group	read	write	execute	sum
owner/user	4	2	1	7
group	4	0	1	5
all users/world	4	0	1	5

A very simple guide to using a browser to set permissions

1. Log on to the website. The address is in the format ftp://ftp.your-domain.com or ftp.your-domain.com. A” target=”_blank”>ftp://user@ftp.your-domain.com. A box will pop up where you enter your login name and password.
2. Upload or navigate to the folder or file you wish to modify the permissions of.
3. Right-click on the file or folder
4. Select “Properties” from the right-click menu (in windows). In unix select “CHMOD”
5. Change the permissions as you require by ticking the boxes. The box looks like the picture above
6. Click the “OK” button to complete.

Advanced methods
Without going into too much detail, on some systems, such as webservers, scripts are not allowed to run by default, and scripts are not allowed to create, change, or modify files or directories by default. As a webmaster, you have to explicitly allow such kind of access, and CHMOD is what you use to change these settings. The CHMOD function can be done using the command line (if you have such access to your webspace), but more easily, using your FTP client. Most good FTP programs have such a feature, and it is usually found using the context menus (right click menu). If you want a good FTP program, have a look at the freeware page. Additionally, most web servers have an online web-based file management program which allows you to modify permissions.

To use a chmod in a command-line program to change permissions of the file index.htm to 644, navigate to the correct folder on a unix server then enter

chmod 644 index.htm

Alternate coding systems

The permissions may also be coded with letters, as summarised below

Group	Can read	can write	can execute	normal file permissions
Owner/user	r =can – =cant	w=can -=cant	x=can -=cant	read/write = rw- or 6
Group	r =can – =cant	w=can -=cant	x=can -=cant	read only = r– or 4
All users/world	r =can – =cant	w=can -=cant	x=can -=cant	read only = r– or 4
typical settings	everyone can read	only user can write	nobody can execute	summary: rw- r– r– or 644

Tips and tricks

To keep files private for only you to read, the settings are 600 (you can read or write, others cannot do anything) for a file or 700 for a folder or executable file. To allow others in the same group e.g. admin group to have the same permissions as you, the normal settings would be 664 rather than 644 for a file and 775 rather than 755 for a folder.

Summary

You can change file permissions for various reasons, including hiding files from surfers or allowing CGIs to run guestbooks, content management programs etc.

You can edit permissions using command-line programs, FTP programs, browsers or online tools provided by your host.

Permissions may be displayed by numbers (e.g. 644), letters (rw- r– r– ) or as 9 tick boxes.

To use your browser, simply go to the ftp address, right-click on the file you need, tick the boxes and click OK.

What could be easier?!