On a UNIX web server, every file and folder stored on the hard drive have a set of permissions associated with it, which says who is allowed to do what with the file. Every file (and folder) also has an "owner" and a "group" associated with it. If you created the file, then you are the owner of that file, and your group, or the group associated with the folder you created the file in, will be associated with that file.
There are three types of people that can do things to files - the Owner of the file, anyone in the Group that the file belongs to, and Others (everyone else). In UNIX they are referred to using the letters U (for Owner or User), G (for Group), and O (for Others).
There are three things that can be done to files or folders:
Therefore there are three types of permissions:
r - read the file or directory
w - write to the file or directory
x - execute the file or search the directory
Each of these permissions can be set for any one of three types of user:
u - the user who owns the file (you)
g - members of the group to which the owner belongs
o - all other users
CGI script installation pages will tell you to 'CHMOD 755' or 'Set the file to executable'. This all refers to setting the file permissions or attributes. When you use FTP or Telnet, you'll notice some letters next to the file listings. These letters are the current settings for the file or folder permissions. The details look like this:
The string of letters, drwxrwxrwx, represents the permissions that are set for this folder.
You can also use numbers for setting file and folder permissions. Each of the three numbers corresponds to each of the three sections of letters. The first number determines the owner permissions, the second number determines the group permissions and the third number determines the other permissions. Each number can have one of eight values ranging from 0 to 7. Each value corresponds to a certain setting of the read, write and execute permissions.
These values are added together for any one user category:
1 = execute only
2 = write only
3 = write and execute (1+2)
4 = read only
5 = read and execute (4+1)
6 = read and write (4+2)
7 = read and write and execute (4+2+1)
or in a table format, it would look like this:
Setting permissions using FTP
Your FTP program will most likely allow you to set file and folder permissions by selecting the file or folder in the remote window and either right-clicking on it and selecting an option such as CHMOD or Set permissions, or by selecting CHMOD / Set permissions from a menu option. Once you've selected the appropriate menu option, you'll see a dialog box similar to the following (this one is from CuteFTP for Windows):
Using the screen of your FTP client, it should be easy to set the read, write and execute permissions for the owner, group and others using the check boxes. If you already know which numbers are needed, you can type the 3 digit number. The FTP client will change (chmod) the permissions for you. The above example of CHMOD 755 will be the one used most, since almost all CGI scripts need to be 755.
Setting permissions using Telnet
The other way to set permissions on your files is using Telnet (or a standard shell). Once you're connected to the server and have logged in, change to the folder containing the files you want to change (cd yourdomain/cgi-bin), You can then use the command chmod to set permissions on your files and folders. You can use the number notation described above, or you can use the letters.
To set permissions with numbers, use the following syntax: chmod xxx filename
where "xxx" is the 3 digit number representing the permissions, and filename is the file you want to change.
chmod 755 mailform.pl
You can use the letters u (owner/user), g (group) and o (other) to set permissions for each of the user types, and r (read), w (write) and x (execute) to represent the permissions to set. You can also use a instead of u, g, and o, to mean all users (u,g,o).
You assign permissions using either the plus sign (+), which means add these permissions, the minus sign (-), which means remove these permissions, or the equals sign (=), which means change the permissions to exactly these.
chmod a+x mailform.pl adds execute permissions for all users to the file mailform.pl (makes the file executable).
chmod u=rwx mailform.pl sets read, write and execute permission just for the owner (the permissions for the group and for others remain unchanged).
Checking your folder and file permissions
To display the access permissions of a file or directory use the command:
ls -l filename (directory)
This displays a one line summary for each file or directory.
Changing group ownership of files and directories
Every user is a member of one or more groups. To find out which groups you belong to use the command: groups. To find out which groups another user belongs to, use the command: groups username. Your files and directories are owned by the group (or one of the groups) that you belong to. This is known as group ownership. To list the group ownership of your files, use the command: ls -gl. You can change the group ownership of a file or directory with the command: chgrp group_name file/directory_name. You must be a member of the group to which you are changing ownership to.