Wednesday, August 6, 2008

Unix & Linux folder & file permissions

Oracle Certification Program Candidate Guide



As a webmaster you need to know how to use the CHMOD command to set folder and file permissions (also referred to as 'file attributes') on UNIX and Linux web servers. You need to set the correct file permissions especially with CGI script files when you install them.

On a UNIX web server, every file and folder stored on the hard drive have a set of permissions associated with it, which says who is allowed to do what with the file. Every file (and folder) also has an "owner" and a "group" associated with it. If you created the file, then you are the owner of that file, and your group, or the group associated with the folder you created the file in, will be associated with that file.

There are three types of people that can do things to files - the Owner of the file, anyone in the Group that the file belongs to, and Others (everyone else). In UNIX they are referred to using the letters U (for Owner or User), G (for Group), and O (for Others).

There are three things that can be done to files or folders:

  • read the file or folder (this means listing the contents of the file or folder)
  • write to the file. For folders this means creating and deleting files in the folder.
  • execute (run) the file if it's a program or script. For folders this means accessing files in the folder.

Therefore there are three types of permissions:

r - read the file or directory

w - write to the file or directory

x - execute the file or search the directory

Each of these permissions can be set for any one of three types of user:

u - the user who owns the file (you)

g - members of the group to which the owner belongs

o - all other users

CGI script installation pages will tell you to 'CHMOD 755' or 'Set the file to executable'. This all refers to setting the file permissions or attributes. When you use FTP or Telnet, you'll notice some letters next to the file listings. These letters are the current settings for the file or folder permissions. The details look like this:

15Kb 02/01/02 22:45 drwxrwxrwx

The string of letters, drwxrwxrwx, represents the permissions that are set for this folder.

d

r

w

x

r

w

x

r

w

x

Owner

Group

Other

Directory

Read

Write

Execute

Read

Write

Execute

Read

Write

Execute



The string of letters breaks down into 3 sections of 3 letters each, representing each of the types of users (the owner, members of the group, and everyone else). There is a 'd' attribute on the left, which tells us if this is a file or a folder (directory). If any of these letters is replaced with a hyphen (-), it means that permission is not granted.

For example:

drwxrwxrwx

A folder which has read, write and execute permissions for the owner, the group and for other users.

-rwxr--r--

A file that can be read and written by the user, but only read and executed by the group, and only read by everyone else.


Using numbers

You can also use numbers for setting file and folder permissions. Each of the three numbers corresponds to each of the three sections of letters. The first number determines the owner permissions, the second number determines the group permissions and the third number determines the other permissions. Each number can have one of eight values ranging from 0 to 7. Each value corresponds to a certain setting of the read, write and execute permissions.

These values are added together for any one user category:

1 = execute only

2 = write only

3 = write and execute (1+2)

4 = read only

5 = read and execute (4+1)

6 = read and write (4+2)

7 = read and write and execute (4+2+1)

or in a table format, it would look like this:

Number

Read (R)

Write (W)

Execute (X)

0

No

No

No

1

No

No

Yes

2

No

Yes

No

3

No

Yes

Yes

4

Yes

No

No

5

Yes

No

Yes

6

Yes

Yes

No

7

Yes

Yes

Yes


For example:

777 is the same as rwxrwxrwx

755 is the same as rwxr-xr-x

Setting permissions using FTP

Your FTP program will most likely allow you to set file and folder permissions by selecting the file or folder in the remote window and either right-clicking on it and selecting an option such as CHMOD or Set permissions, or by selecting CHMOD / Set permissions from a menu option. Once you've selected the appropriate menu option, you'll see a dialog box similar to the following (this one is from CuteFTP for Windows):

Using the screen of your FTP client, it should be easy to set the read, write and execute permissions for the owner, group and others using the check boxes. If you already know which numbers are needed, you can type the 3 digit number. The FTP client will change (chmod) the permissions for you. The above example of CHMOD 755 will be the one used most, since almost all CGI scripts need to be 755.

Setting permissions using Telnet

The other way to set permissions on your files is using Telnet (or a standard shell). Once you're connected to the server and have logged in, change to the folder containing the files you want to change (cd yourdomain/cgi-bin), You can then use the command chmod to set permissions on your files and folders. You can use the number notation described above, or you can use the letters.

To set permissions with numbers, use the following syntax: chmod xxx filename

where "xxx" is the 3 digit number representing the permissions, and filename is the file you want to change.

chmod 755 mailform.pl

You can use the letters u (owner/user), g (group) and o (other) to set permissions for each of the user types, and r (read), w (write) and x (execute) to represent the permissions to set. You can also use a instead of u, g, and o, to mean all users (u,g,o).

You assign permissions using either the plus sign (+), which means add these permissions, the minus sign (-), which means remove these permissions, or the equals sign (=), which means change the permissions to exactly these.

For example:

chmod a+x mailform.pl adds execute permissions for all users to the file mailform.pl (makes the file executable).

chmod u=rwx mailform.pl sets read, write and execute permission just for the owner (the permissions for the group and for others remain unchanged).

Checking your folder and file permissions

To display the access permissions of a file or directory use the command:

ls -l filename (directory)

This displays a one line summary for each file or directory.

Changing group ownership of files and directories

Every user is a member of one or more groups. To find out which groups you belong to use the command: groups. To find out which groups another user belongs to, use the command: groups username. Your files and directories are owned by the group (or one of the groups) that you belong to. This is known as group ownership. To list the group ownership of your files, use the command: ls -gl. You can change the group ownership of a file or directory with the command: chgrp group_name file/directory_name. You must be a member of the group to which you are changing ownership to.

No comments:

Search

My Blog List