10-05-2009, 04:14 AM
'chmod' or "change mode" is the *NIX way of changing file permissions. It is VERY different from DOS/Windows, if you are new to *NIX or always wondered what "drwxr-xr-x" meant read on.....Positive Rep is always appreciated!
Where Windows/DOS machines realistically have one set of file permissions: Read/Write - Archive - System - Hidden and then add on User Permissions to the files and directories; *NIX breaks the permissions into three groups, 1 - user, 2 - group, 3 - world.
When you do an ls -la you might see the following:
[user@linux sites]$ ls -la
drwxr-xr-x 16 root root 1024 Oct 20 19:56 .
drwxr-xr-x 9 root root 1024 Sep 5 22:56 ..
drwxr-xr-x 9 foo user 1024 Sep 5 22:56 dir1
drwxr-xr-x 9 foo user 1024 Sep 5 22:56 dir2
drwxr-xr-x 9 foo user 1024 Sep 5 22:56 dir3
-rw-r--r-- 9 foo user 1024 Sep 5 22:56 file1
-rw-r--r-- 9 foo user 1024 Sep 5 22:56 file2
-rw-r--r-- 9 foo user 1024 Sep 5 22:56 file3
All the gobblygook at the beginning of each line is the file permissions. Note: To *NIX, directories are just special files. In order to allow someone to 'traverse' the directory tree, the user must have eXecute permissions on the directory even if they have read/write privileges.
Within each set of permissions (you, group, world) there are three permissions you can set: Read - Write - Execute. Therefore when you set the permissions on a file you must take into account 'who' needs access.
Here's a stripped down list of the options chmod takes: (for more info do a man chmod at the command line.)
chmod [-R] ### <filename or directory>
-R is optional and when used with directories will traverse all the sub-directories of the target directory changing ALL the permissions to ###. Very useful but use with extreme caution.
The #'s can be:
0 = Nothing
1 = Execute
2 = Write
3 = Execute & Write (2 + 1)
4 = Read
5 = Execute & Read (4 + 1)
6 = Read & Write (4 + 2)
7 = Execute & Read & Write (4 + 2 + 1)
Of course you need a file name or target directory. Wild cards * and ? are acceptable. If you don't supply the -R, with the target directory, the directory itself will be changed, not anything within it.
Again you must supply the #'s in a set of three numbers (you, group, world).
To make a file readable and writable by you, and only read for your group, and no access from the world,it would look like:
chmod 640 filename
The result would look like...
-rw-r----- 9 foo user 1024 Sep 5 22:56 file3
To make all files that end in .cgi read-write-executable for you, and read-executable for everyone else:
chmod 755 *.cgi
The result would look like...
-rwxr-xr-x 9 foo user 1024 Sep 5 22:56 file3.cgi
-rwxr-xr-x 9 foo user 1024 Sep 5 22:56 file4.cgi
Here are some standard permissions for files and directories:
[This is a gross approximation, a place to start. Your sysadmin maybe really loose with permissions or a really tight-butt. Your mileage *will* vary.]
For Apache running as nobody:nobody.....Most Perl Scripts should be set to 755. Most HTML files should be set to 644. And most data files that must be written to by a web server should be 666. The standard directory permission should be 755. Directories that must be written to by a web server should be 777.
If the web server is running within the same group as you....Most Perl Scripts should be set to 750. Most HTML files should be set to 640. And most data files that must be written to by a web server should be 660. The standard directory permissions should be 750. Directories that must be written to by a web server should be 770.
Your home directory should be 700. If you are operating a ~username type server, the public_html directory should be 777. (You may also need to open up the home directory to 755.)
Side Note: any file name that starts with a '.' is invisible to the webserver when a directory list is generated. This is a quick and dirty way to hide a file.
copypasta from:
http://www.evolt.org/node/541
Reason: This helped me a LOT whilst administrating my website, with proxies and hosting files etc.
I had a lot of trouble finding this guide, without knowing much about the values and what they are called!
Where Windows/DOS machines realistically have one set of file permissions: Read/Write - Archive - System - Hidden and then add on User Permissions to the files and directories; *NIX breaks the permissions into three groups, 1 - user, 2 - group, 3 - world.
When you do an ls -la you might see the following:
[user@linux sites]$ ls -la
drwxr-xr-x 16 root root 1024 Oct 20 19:56 .
drwxr-xr-x 9 root root 1024 Sep 5 22:56 ..
drwxr-xr-x 9 foo user 1024 Sep 5 22:56 dir1
drwxr-xr-x 9 foo user 1024 Sep 5 22:56 dir2
drwxr-xr-x 9 foo user 1024 Sep 5 22:56 dir3
-rw-r--r-- 9 foo user 1024 Sep 5 22:56 file1
-rw-r--r-- 9 foo user 1024 Sep 5 22:56 file2
-rw-r--r-- 9 foo user 1024 Sep 5 22:56 file3
All the gobblygook at the beginning of each line is the file permissions. Note: To *NIX, directories are just special files. In order to allow someone to 'traverse' the directory tree, the user must have eXecute permissions on the directory even if they have read/write privileges.
Within each set of permissions (you, group, world) there are three permissions you can set: Read - Write - Execute. Therefore when you set the permissions on a file you must take into account 'who' needs access.
Here's a stripped down list of the options chmod takes: (for more info do a man chmod at the command line.)
chmod [-R] ### <filename or directory>
-R is optional and when used with directories will traverse all the sub-directories of the target directory changing ALL the permissions to ###. Very useful but use with extreme caution.
The #'s can be:
0 = Nothing
1 = Execute
2 = Write
3 = Execute & Write (2 + 1)
4 = Read
5 = Execute & Read (4 + 1)
6 = Read & Write (4 + 2)
7 = Execute & Read & Write (4 + 2 + 1)
Of course you need a file name or target directory. Wild cards * and ? are acceptable. If you don't supply the -R, with the target directory, the directory itself will be changed, not anything within it.
Again you must supply the #'s in a set of three numbers (you, group, world).
To make a file readable and writable by you, and only read for your group, and no access from the world,it would look like:
chmod 640 filename
The result would look like...
-rw-r----- 9 foo user 1024 Sep 5 22:56 file3
To make all files that end in .cgi read-write-executable for you, and read-executable for everyone else:
chmod 755 *.cgi
The result would look like...
-rwxr-xr-x 9 foo user 1024 Sep 5 22:56 file3.cgi
-rwxr-xr-x 9 foo user 1024 Sep 5 22:56 file4.cgi
Here are some standard permissions for files and directories:
[This is a gross approximation, a place to start. Your sysadmin maybe really loose with permissions or a really tight-butt. Your mileage *will* vary.]
For Apache running as nobody:nobody.....Most Perl Scripts should be set to 755. Most HTML files should be set to 644. And most data files that must be written to by a web server should be 666. The standard directory permission should be 755. Directories that must be written to by a web server should be 777.
If the web server is running within the same group as you....Most Perl Scripts should be set to 750. Most HTML files should be set to 640. And most data files that must be written to by a web server should be 660. The standard directory permissions should be 750. Directories that must be written to by a web server should be 770.
Your home directory should be 700. If you are operating a ~username type server, the public_html directory should be 777. (You may also need to open up the home directory to 755.)
Side Note: any file name that starts with a '.' is invisible to the webserver when a directory list is generated. This is a quick and dirty way to hide a file.
copypasta from:
http://www.evolt.org/node/541
Reason: This helped me a LOT whilst administrating my website, with proxies and hosting files etc.
I had a lot of trouble finding this guide, without knowing much about the values and what they are called!