Unix/Linux File Permissions and the chmod Command

Every file and directory on a unix system has a set of permissions. These permissions tell the system who is allowed to access the file or directory, and what they can do with that file or directory. For instance, a file's 'owner', typically the user who created the file, usually has access to read from and write to a file. Everyone else usually has permissions to read the file, but not write to the file. The chmod command is used to modify file and directory permissions on unix systems. WEB (www.indstate.edu), Sapphire (sapphire.indstate.edu), and ISU (isu.indstate.edu) are all housed on unix systems.

By default the permissions of the files and directories in your web accounts will be set correctly to allow anyone access to view your website through a web browser. However, certain circumstances may require you to change the permissions of certain files or directories. For instance, changing file and directory permissions is a common task during the installation of CGI scripts.

Checking Permissions

To get a view of what the permissions are currently set at in a directory log in via SSH and type ls -l in any given directory, and you will get a listing of the files and directories housed in the current directory, with each file and directory being listed on a new line. Many FTP clients (WS_FTP, CuteFTP, etc.) also allow you view and change the permissions of your files and directories.

A listing for a file will look something like following line, which belongs to the file "faqlist.html":

-rw-r--r--  1 ccuserv   staff 94902 Apr 17 08:46 faqlist.html

• The first character, here a "-" indicates that faqlist.html is a file and not a directory or a link (more on this below).
• The next three characters "rw-" shows the permissions for the "user" or owner of the file, "ccuserv." In the above case, "ccuserv" has read and write permission, and the last "-" means "ccuserv" does not have execute (x) permission on that file.
• The middle section "r--" shows the permissions for the group. In this case, the group is "staff." The group only has read permission.
• The last section; "r--" shows the permissions for "others" (everyone else), or "Public". People viewing your web pages through a browser fall into this category. It is important that they at least get read permission, as they do in this example.

Permissions for directories are displayed in a similar manner. The permissions for the "download" directory are as follows:

drwxr-xr-x   2 ccuserv  staff  512 Apr 19  1999 download/

• The first character "d" indicates this is a directory. It could also be a "-" if it were a file or "l" for a link to another file (like a shortcut).
• The next three characters  "rwx" shows the permissions for the user, "ccuserv." In the above case, "ccuserv" has read, write, and execute permissions for this directory.
• The middle section  "r-x" shows the permissions for the group. In this case, the group is "staff." The group has read and execute permissions.
• The last section  "r-x" shows the permissions for "others" (everyone else), or "Public". Users need read and execute permission to see any files contained within a directory, so it is important that they have these permissions.

Changing Permissions

You can change file and directory permissions with the chmod command.

The basic syntax for chmod is: chmod ### <filename or directory>
each "#" refers to chmod values for the user, the group, and others in that order.

The values for the numbers used in chmod are as follows:

0 = no access rights
1 = execute only
2 = write only
3 = write and execute (1+2)
4 = read only
5 = read and execute (4+1)
6 = read and write (4+2)
7 = read and write and execute (4+2+1)

If you wanted to remove faqlist.html's read permissions for "others", making it unreadable to the public, you would type:

chmod 640 faqlist.html

The this command also retains the read/write permissions for the "user" and the read permission for the "group".

Typing ls -l will show an updated permissions listing for faqlist.html.

-rw-r-----  1 ccuserv   staff 94902 Apr 17 08:46 faqlist.html

Usually, you will only use two chmod values in your web accounts, 644 for HTML files and 755 for directories. You may need to set file and/or directory permissions to other values if you install or use CGI scripts or other web-based scripting applications.