Setting permissions

Setting permissions

In order for your scripts to operate properly, you must ensure that file and directory permissions are correct.

Understanding permissions

UNIX servers enable you to set permissions using either a numeric system or a letter-based system. The following table lists and describes the three different permission levels and the corresponding letter and numeral identifiers.

Permission

Description

Letter

Numeral

Read

User can view the directory or file contents.

r

4

Write

User can modify the directory or file(s).

w

2

Execute

User can execute files.

x

1

For example, full read, write and execute permissions could be assigned using the numeral "7" or the letters "rwx."

r = 4, w=2, x=1
4 + 2 + 1 = 7
rwx = 7

This, however, is only the first step in assigning permissions; you must also account for the different user types who may attempt to access a directory or file. The following table lists the different user types:

User type

Letter

The file's user (you)

u

The file's group

g

Others

o

All (the user, the group and others)

a

One way to specify user permissions is to specify the exact permissions for each user type. For example, this:

u=rwx,g=rx,o=rx

Grants:

read (r), execute (x) and write (w) access to the user (u)
read (r) and execute (x) access to the group (g)
read (r) and execute (x) access to others

Since there are three levels of permissions for each user type, you can also specify the permissions by using three sets of three letters. For example, the permissions specified by u=rwx,g=rx,o=rx above can also be specified by:

rwxr-xr-x

The first three characters always specify the permissions for the user, the next three characters specify the permissions for the group and the final three specify permissions for others. When a permission is denied, a dash ( - ) is used as a placeholder.

Instead of using letters, you can also specify permissions using a series of three digits, each of which is the sum of the three permission values. For example:

751 (equates to rwxr-x--x)
755 (equates to rwxr-xr-x)

Checking permissions

To list the access permissions of a file or directory:

Connect to your server via SSH, then type:
cd directoryname

to change the directory until you are either in the directory above the file you are checking, or above the directory you are checking.

To view permissions for the selected directory or file, type:
ls -l filename

The current permission settings, as well as other information, displays. For example:
-rwxr-xr-x

Changing permissions

The /cgi-bin directory requires one of the following permissions:

751 (which equates to rwxr-x--x)
755 (which equates to rwxr-xr-x)

To change permissions for a file named filename.cgi, you need to issue the UNIX chmod command (change mode). For example, when you type this:

chmod u=rwx,g=rx,o=rx filename.cgi

you've given:

read, execute and write access to the user
read and execute access to the group
read and execute access to others

Some FTP clients, such as Fetch (Mac) and WS_FTP, support changing permissions in a more graphical way. For detailed instructions, consult the product documentation.

Permission	Description	Letter	Numeral
Read	User can view the directory or file contents.	r	4
Write	User can modify the directory or file(s).	w	2
Execute	User can execute files.	x	1

User type	Letter
The file's user (you)	u
The file's group	g
Others	o
All (the user, the group and others)	a