UNIX File Permissions - How To

You found the coolest CGI script to use on your website. You excitedly upload the new script to your server. You finally finish setting it up and when you go to test it out, instead of seeing the scripts output, you get the error 500 (Server error). What went wrong? Assuming of course that your host allows the use of CGI scripts, the most likely error is incorrect file permissions.


After looking over the readme file that came with the script you discover that you must set permissions on one file to 655 while setting others to 755.



What does it mean? The entire purpose of this article is to provide you with an understanding of UNIX file permissions and how to set them.



UNIX file permissions, also known as "chmod", is a set of permissions used by operating systems such as UNIX/Linux which control who and what will gain access to your websites files. Chmoding has mainly two functions. First, it restricts access to certain files. Second, it sets the permissions so your CGI scripts are able to perform the tasks they were written to do.


There are three levels of permission on UNIX/Linux platforms, which are called (r) read, (w) write and (x) execute. These three permissions apply to three different groups, which are called owner, group and other. Other may also be known as world. Owner signifies who owns the files (your account), group applies to the group id number of the server you are on (GID), and other or world applies to everyone else.


Each one of these groups needs its access permission correctly set in order for the file to be used and accessed. Each permission allows the script to run, edit or create the files it needs to perform its function. Chmoding is also important for the webmaster that wishes to deny outside access to certain directories or to have files that no one but him can access and modify. Again, the three types of access are read, write and execute.


In order to simplify the webmasters work, each permission is assigned a number.


The permission numbers are as follows...

r = 4 (read)
w = 2 (write)
x = 1 (execute)

Now we have the basic numbers, but what happens if we want to be able to read, write and execute? Just add up the numbers. If read=4, write=2 and execute=1 then we just add 4+2+1=7.


The following shows every possible file permission...

0 = no access
1 = execute only


2 = write only


3 = write and execute (1+2)

4 = read only


5 = read and execute (4+1)


6 = read and write (4+2)


7 = read and write and execute (4+2+1)


We must assign one of these numbers to each of the three groups mentioned above (owner, group and other). For example, lets say we want owner to have read and write access, group to have read access only and other to have access denied. Owner would be assigned number 6 (4+2), group 4, and other would be 0. Now all we have to do is combine these numbers in the order of owner-group-other to come up with 640. Commonly the majority of files are set at 644, which allows the owner to read and write to the file, while group and world may only read the file.


At this point, you have an understanding of what chmod is and how to determine the correct number sequence for file permission. How can you change a files access permission? There are two ways. If you have telnet access to the server you can simply go to the directory where your file is located. Your command will be in this format: chmod "mode" "filename". Here is an example...

chmod 644 example.cgi

You can also do it with certain FTP programs. For example with CuteFTP (http://www.cuteftp.com) you do it by right-clicking on the file you want to change and selecting "change file attribute". In fact, most FTP programs now offer this feature, but you will


need to check the documentation included with the program. It is important to note that you shouldnt permit a file or a folder with the write permission for members of your group or other users (world) without caution. Doing so may corrupt the security of your files and may provide a means of entry to other important file systems, causing even further damage. It is advisable for you to check the settings for every file and directory, including those whose names begin with a dot (.htaccess for example).


Now that you have a better understanding of file permissions, we can look forward to discussing more on website security in upcoming articles.


Post Your Comments

WARNING: Any comments you post are solely your responsibility. Webmastervault.com accepts no responsibility or liability whatsoever in connection with or arising from such content. Defamatory, derogatory, or other comments that we feel should be removed will, at our own discretion and ours alone.