How to change UNIX file permissions?
This article applies to:
- All Linux Accounts
Summary
This article describes how to change the permissions on your UNIX / Linux files and folders.
Each file or folder has a set of permissions for:
- User - the file owner
- Group - the associated user group. Users can be a member of one or more Groups.
- Others - all users who are neither the User nor in the Group
UNIX file permissions control the read (r), write (w), and execute (x) rights to a file.
Description
Here are some examples:
Permissions |
Alpha description
|
Octal number
|
Read/write for User, Group (e.g. text file) |
rw-rw |
660 |
| Read/write for User only (e.g. private text file) |
rw | 600 |
| Read/write/execute for User only (e.g. CGI script) |
rwx | 700 |
| Script that anyone can read/execute, but that only the User can change |
rwxr-xr-x |
755 |
| Script that anyone can read/write/execute |
rwxr-rwx-rwx | 777 |
See note
A leading d in the alpha flags indicates a directory. Directory permissions have slightly different meanings:
- The 'w' attribute controls whether its files can be created or modified
- The 'r' attribute controls whether the files can be listed
- The 'x' attribute means you can either move directly into the directory, or move through it to get to another directory.
The Unix chmod command can be used (via SSH) to set permissions. It can be used in one of two ways:
- To set collective permissions for User, Group, and Others.
Use: chmod mode filename
where is the Octal mode, e.g. 700.
- To add or remove permissions.
Use the u, g, o (User, Group, Others) flags, and the r, w, x (Read, Write, Execute) flags.
For example:
- to make a file executable by the owner, use chmod u+x filename
- to remove Group write permissions, use chmod g-w filename
If you omit the u, g, or o flags, the change applies to everyone - i.e. chmod -w [filename] removes write permissions for
everyone.
File Permissions with FTP
You can use chmod with most FTP software. However, you may not need to do this as permissions are set automatically
so that your Web pages display correctly, your CGIs execute properly, and the files in your domain cannot be read by
another domain.
Files uploaded under cgi-bin are set to rwx------, or Octal mode 700. This is the correct secure mode for suEXEC to run
CGIs. New directories created under cgi-bin are set to rwx-----x, or Octal mode 701. The 'x' for Others allows Apache to
traverse the directory hierarchy to move to a CGI file (and Note: check for .htaccess files along the way),
before invoking it via suEXEC.
Note: Please note that using chmod 777, will make it possible for users to write files to your directory and thus
make your website vulnerable. You should avoid using this command as far as possible. Actinic users who want to make
their databases accessible should use chmod 755.
Related Articles
There are no related articles
No viewers have posted comments
|
|
