UNIX File Permissions

UNIX allows you to set very specific access permissions for all files on the server. You can set any combination of three user types and three access types.

User & Access types

UNIX defines three types of users:

• owner - the login account that created the file (probably you!)
• group - a group of users on the server (ex. all web site owners)
• other - everyone else on the server

• read - permission to view the file
• write - permission to edit the file
• execute - permission to "run" the program (ex. a script)

• owner (that's me!) - read & write
• group - read
• other - read

Viewing permissions

From a telnet window, you can view the file permissions for any file by issuing this command:

ls -l <filename>

-rw-rw-r--   1 ashley   enscript       94 May 10  1999 index.html

• The first column is either a d (for directory) or - (for a regular file)
• The next 3 columns define the permissions for the owner
• The next 3 columns define the permissions for the group
• The last 3 columns define the permissions for the other users

• An r indicates read permission
• A w indicates write permission
• A x indicates execute permission

Notation	owner	group	other
-rwxrwxr-x	read, write, execute	read, write, execute	read, execute
-rwxr-xr-x	read, write, execute	read, execute	read, execute
drwxrwxrwx	read, write, execute	read, write, execute	read, write, execute
-rw-rw-rw-	read, write	read, write	read, write

An alternate shorthand notation for the permissions is to use a hexidecimal number to represent the rwx triplet. The following table shows the translations:

---	0	no access
--x	1	execute only
-w-	2	write only
-wx	3	write, execute
r--	4	read only
r-x	5	read, execute
rw-	6	read, write
rwx	7	read, write, execute

So, we can add this information to the previous example:

Notation	Hexidecimal Shorthand	owner	group	other
-rwxrwxr-x	775	read, write, execute	read, write, execute	read, execute
-rwxr-xr-x	755	read, write, execute	read, execute	read, execute
drwxrwxrwx	777	read, write, execute	read, write, execute	read, write, execute
-rw-rw-rw-	666	read, write	read, write	read, write

Setting permissions

On UNIX systems, you have two methods of setting file permissions: (1) FTP and (2) telnet.

Using your FTP program, you should be able to view and change the file permissions on any file or directory. On Fetch, for example, there is a Set Permissions option in the Remote menu that brings up a window for setting the appropriate permissions.

Fig 1. Set Permissions screen using Fetch

If using telnet, you can set the file permissions using the UNIX chmod command. You should specify the permissions using the hexidecimal shorthand for the desired access. Once you are in the directory where the file or directory resides, you can type a command similar to the following:

chmod 666 hits

Script Permissions

Most CGI scripts will tell you in the README file exactly how to set the file permissions. For example, from the Readme.txt file for Links 2.0 from Gossamer Threads:

Set permissions:
  chmod 755 (-rwxr-xr-x) on all .cgi files.
  chmod 666 (-rw-rw-rw-) on all files in the data directory.
  chmod 666 (-rw-rw-rw-) on all your template files (if using the online editor).
  chmod 777 (drwxrwxrwx) on the hits directory
  chmod 777 (drwxrwxrwx) on the ratings directory
  chmod 777 (drwxrwxrwx) on the directory where Links pages will be created.      

At a bare minimum for any CGI installation, you must make sure that the script itself is executable by all users. A permissions setting of 755 is generally appropriate for all CGI scripts.

Permissions on NT

On NT systems, you cannot modify file permissions from FTP. You must contact the technical administrator to request that a file or directory be given write permission. Typically, all files in the cgi-bin are automatically given execute permission.

Related tutorials

UNIX directory structure
Useful UNIX tasks
Basic UNIX commands
Using telnet