A Quick And Dirty Chmod Tutorial

'chmod' or "change mode" is the *NIX

way of changing file permissions. It is VERY

different from DOS/Windows, if you are new to *NIX

or always wondered what "drwxr-xr-x"

meant read on.....

Where Windows/DOS machines realistically have one

set of file permissions: Read/Write - Archive -

System - Hidden  and then add on User

Permissions to the files and directories; *NIX

breaks the permissions into three groups, 1 -

user, 2 - group, 3 - world.

When you do an ls -la you might see the

following:

[user@linux sites]$ ls -la

drwxr-xr-x  16 root  root  1024 Oct 20 19:56 .

drwxr-xr-x   9 root  root  1024 Sep  5 22:56 ..

drwxr-xr-x   9 foo   user  1024 Sep  5 22:56 dir1

drwxr-xr-x   9 foo   user  1024 Sep  5 22:56 dir2

drwxr-xr-x   9 foo   user  1024 Sep  5 22:56 dir3

-rw-r--r--   9 foo   user  1024 Sep  5 22:56 file1

-rw-r--r--   9 foo   user  1024 Sep  5 22:56 file2

-rw-r--r--   9 foo   user  1024 Sep  5 22:56 file3

All the gobblygook at the beginning of each line is

the file permissions. Note: To *NIX, directories

are just special files. In order to allow someone

to 'traverse' the directory tree, the user must

have eXecute permissions on the directory even if

they have read/write privileges.

Within each set of permissions (you, group, world)

there are three permissions you can set: Read -

Write - Execute. Therefore when you set the

permissions on a file you must take into account

'who' needs access.

Here's a stripped down list of the options

chmod takes: (for more info do a man chmod at the

command line.)

chmod [-R] ### <filename or directory>

-R is optional and when used with directories will

traverse all the sub-directories of the target

directory changing ALL the permissions to

###. Very useful but use with extreme

caution.

The #'s can be:

0 = Nothing

1 = Execute

2 = Write

3 = Execute & Write  (2 + 1)

4 = Read

5 = Execute & Read (4 + 1)

6 = Read & Write (4 + 2)

7 = Execute & Read & Write (4 + 2 + 1)

Of course you need a file name or target

directory. Wild cards * and ? are acceptable. If

you don't supply the -R, with the target

directory, the directory itself will be changed,

not anything within it.

Again you must supply the #'s in a set of three

numbers (you, group, world).

To make a file readable and writable by you, and

only read for your group, and no access from the

world,it would look like:

chmod 640 filename

The result would look like...

-rw-r-----   9 foo  user  1024 Sep  5 22:56 file3

To make all files that end in .cgi read-write-executable for

you, and read-executable for everyone else:

chmod 755 *.cgi

The result would look like...

-rwxr-xr-x   9 foo  user  1024 Sep  5 22:56 file3.cgi

-rwxr-xr-x   9 foo  user  1024 Sep  5 22:56 file4.cgi

Here are some standard permissions for files and

directories:

[This is a gross approximation, a place to

start. Your sysadmin maybe really loose with

permissions or a really tight-butt. Your mileage

*will* vary.]

For Apache running as nobody:nobody.....Most Perl

Scripts should be set to 755. Most HTML files

should be set to 644. And most data files that

must be written to by a web server should be

666. The standard directory permission should be

755. Directories that must be written to by a web

server should be 777.

If the web server is running within the same

group as you....Most Perl Scripts should be set to

750. Most HTML files should be set to 640. And

most data files that must be written to by a web

server should be 660. The standard directory

permissions should be 750. Directories that must

be written to by a web server should be 770.

Your home directory should be 700. If you are

operating a ~username type server, the public_html

directory should be 777. (You may also need to

open up the home directory to 755.)

Side Note: any file name that starts with a '.'

is invisible to the webserver when a directory

list is generated. This is a quick and dirty way

to hide a file.