A Quick And Dirty Chmod Tutorial
Posted on 30 Oct 1999
by Anthony Baratta (AnthonyB)
Rated 3.77 (Ratings: 6)
- More articles in Backend
'chmod' or "change mode" is the *NIXway of changing file permissions. It is VERYdifferent from DOS/Windows, if you are new to *NIXor always wondered what "drwxr-xr-x"meant read on.....
Where Windows/DOS machines realistically have oneset of file permissions: Read/Write - Archive -System - Hidden and then add on UserPermissions to the files and directories; *NIXbreaks the permissions into three groups, 1 -user, 2 - group, 3 - world.
When you do an ls -la you might see thefollowing:
[user@linux sites]$ ls -la
drwxr-xr-x 9 root root 1024 Sep 5 22:56 ..
drwxr-xr-x 9 foo user 1024 Sep 5 22:56 dir1
drwxr-xr-x 9 foo user 1024 Sep 5 22:56 dir2
drwxr-xr-x 9 foo user 1024 Sep 5 22:56 dir3
-rw-r--r-- 9 foo user 1024 Sep 5 22:56 file1
-rw-r--r-- 9 foo user 1024 Sep 5 22:56 file2
-rw-r--r-- 9 foo user 1024 Sep 5 22:56 file3
All the gobblygook at the beginning of each line isthe file permissions. Note: To *NIX, directoriesare just special files. In order to allow someoneto 'traverse' the directory tree, the user musthave eXecute permissions on the directory even ifthey have read/write privileges.
Within each set of permissions (you, group, world)there are three permissions you can set: Read -Write - Execute. Therefore when you set thepermissions on a file you must take into account'who' needs access.
Here's a stripped down list of the optionschmod takes: (for more info do a man chmod at thecommand line.)
chmod [-R] ### <filename or directory>
-R is optional and when used with directories willtraverse all the sub-directories of the targetdirectory changing ALL the permissions to###. Very useful but use with extremecaution.
The #'s can be:
0 = Nothing
2 = Write
3 = Execute & Write (2 + 1)
4 = Read
5 = Execute & Read (4 + 1)
6 = Read & Write (4 + 2)
7 = Execute & Read & Write (4 + 2 + 1)
Of course you need a file name or targetdirectory. Wild cards * and ? are acceptable. Ifyou don't supply the -R, with the targetdirectory, the directory itself will be changed,not anything within it.
Again you must supply the #'s in a set of threenumbers (you, group, world).
To make a file readable and writable by you, andonly read for your group, and no access from theworld,it would look like:
chmod 640 filename
The result would look like...
-rw-r----- 9 foo user 1024 Sep 5 22:56 file3
To make all files that end in .cgi read-write-executable foryou, and read-executable for everyone else:
chmod 755 *.cgi
The result would look like...
-rwxr-xr-x 9 foo user 1024 Sep 5 22:56 file3.cgi
Here are some standard permissions for files anddirectories:
[This is a gross approximation, a place tostart. Your sysadmin maybe really loose withpermissions or a really tight-butt. Your mileage*will* vary.]
For Apache running as nobody:nobody.....Most PerlScripts should be set to 755. Most HTML filesshould be set to 644. And most data files thatmust be written to by a web server should be666. The standard directory permission should be755. Directories that must be written to by a webserver should be 777.
If the web server is running within the samegroup as you....Most Perl Scripts should be set to750. Most HTML files should be set to 640. Andmost data files that must be written to by a webserver should be 660. The standard directorypermissions should be 750. Directories that mustbe written to by a web server should be 770.
Your home directory should be 700. If you areoperating a ~username type server, the public_htmldirectory should be 777. (You may also need toopen up the home directory to 755.)
Side Note: any file name that starts with a '.'is invisible to the webserver when a directorylist is generated. This is a quick and dirty wayto hide a file.