A Note About UNIX File Permissions

On UNIX systems, all files have access permissions. There are three basic ways to access a file. A file can either be can be read from, written to, or executed as a program. These permissions can only be set by the owner of the file and are denoted with "r", "w", "x" respectively. A "-" is used to show the absence of a permission. Each file has three different sets of people that can have access to it, the User(owner) of the file, the members of the Group a file is in, and Others(everyone else). Each set of users has a separate set of read, write, and execute permissions.

If you type "ls -l" you will see the long listing of the files in a directory.

-rwxr-xr--  1 tfsmiles s           3072 Apr  5 13:38 file

The leading - represents the file type, in this case a normal file, other possibilities are discussed below. The first field of the list is the access permissions field, and can be broken into three parts. This file is rwx(readable, writable, and executable) by the owner "tfsmiles", r-x(readable and executable) by the group "s", and r--(readable) by everyone else.

drwx-----x  17 tfsmiles s           3072 Apr  5 13:38 /n/www/tfsmiles

This directory, as denoted by the "d", is rwx(readable, writable, and executable) by the owner "tfsmiles", ---(inaccessible) by the group "s", and --x(executable) by everyone else. In order to enter a directory or access it's contents, you must have execute permissions on that directory.

lrwxrwxrwx  1 tfsmiles s           3072 Apr  5 13:38 public_html -> /n/www/tfsmiles

Files with an "l" in the permission field are links or aliases to other files. Links are not really files themselves, so their permissions are completely ignored.

WARNING:

It is important that none of your files or directories are writable by anyone other than yourself. If another person has write permission in your directory, they have the ability to delete _EVERY_ file in that directory. If another person has write permission on one of your files, they have the ability to destroy that file. You should never make any files writable by others.

The web server needs to be able to read your web pages in order to put them on the web. Make sure that:

Every HTML file and picture in your web directory is readable by others
Every directory in your web directory is executable by others
Every CGI program in your web directory is executable by others

To change file permissions, use the chmod command. The chmod tries to make life easy for the user by using a simple code to change file permissions. The idea is that you can add or subtract permissions of set of users.

$ chmod u+rx file

In the above example, the command adds rx(read and execute) permissions to the u(ser), or owner, of the file. Note that the writability for the user remains unchanged because it was not specified.

$ chmod g-wx file

Here, wx(write and execute) permissions are subtracted from the file's g(roup). Note that the readability for the group remains unchanged since it was not specified.

$ chmod o=r file

Finally, r(ead) permissions for the file are assigned to o(thers). The use of the = causes the existing permissions to be replaced with the given permissions. Note that this may take away any read, write, or execute permissions if they existed for the user or group, and may remove any write or execute permissions for others.

For more information on file permissions, see the chmod(1) man page.

This document is maintained by Mike Kelly (tfsmiles@ecst.csuchico.edu)

$Id: permsnote.html,v 1.3 2000/03/31 19:44:43 edog Exp $