Get Permission!
Of all the different problems associated with installing CGI scripts, many
can be attributed to incorrect permission settings on one file or another.
Permissions are very important on a Unix system because it prevents unauthorized
people from viewing or editing files. Anyone using a Unix system has an identity,
and file and directory access depends on "who" you are.
- User
- This permission value effects what the owner of the file can do to it. While it would be fair to assume that only you as the owner would be affected by this setting - it may affect a group of users depending on how your host has set up the server.
- Group
- These are usually the permission determining the rights of a group of users (usually those using the same server as yourself) - these should generally be the same as the owner's permissions because you are a user of the group when you are logged into the server.
- Other
- This sets the permissions for anyone one else that may have access to the files but who is not an owner or group. This setting will affect anyone who is trying to access the file via the web, including the owner of the file (since the owner is only counted as the owner when they are using the "shell" account or using FTP).
Understanding permission values
If you've ever downloaded a script and read the installation instructions you'll have likely been told that you need to CHMOD a file to 666 or set the permissions to 755. So how does this set of numbers relate to the various groups of the typical Unix file protection system? Well, there are three numbers and three different types of permission...
- The first number relates to the permissions of the file owner
- The second relates to permissions for the group
- The third and last number relates to the permissions for any other type of user
So what do these numbers mean? There are three main reasons why a person may want to open a file; to read from it, to write to it or to execute it (i.e. run it or use it). Each of these properties has a value assigned to it, and it is the sum of these values that determines the permission settings.
| read | write | execute | |
| permission value | 4 | 2 | 1 |
Once you know the permission settings for a file, you can determine exactly who is allowed to do what to that particular file by doing some simple maths. Here is a table showing which file attributes need to be set for all possible values of a setting.
|
So, following this table we can see that a file whose permissions are to be set at 755 will allow...
|
In this case everyone has access to read the file and run the program (assuming it was a script), but only the owner of the file can write to it (via FTP or shell access).
Another point to remember is that you are only considered the owner of a file when you access it via a shell account or FTP (both of which require you to log in to be able to identify yourself). If you are testing a script you have uploaded and you are using a browser to do it, then you do not have the owner's privileges, rather the results of the script will depend on the other user's permissions for the script and any files that are used for it. This is why it is common to set a script's permissions to 755 (which allows other users to read and execute the file) and its data-files to 666 (which allows them to read and write to the file)
Originally Published: Fri 7th Dec, 2001
The author, Rosemarie Wise, is a self proclaimed "web enthusiast" who set up her site,
Web Site Owner to share her experiences
of being a site owner.
Back to Articles
Download Article Dashboard Article Dashboard Installation Downloads for Article Dashboard Article Marketer Scripts Recommended Software Mike's Directory Jodi's Directory AD Directory List AD Recommended Hosting ADInstall
Our Services Happy Customers Articles to help run an Internet Business Free Scripts Web Script Resources Articles Website Creation & Design Tools WebSite Design Internet Partners Site Map
The BEST Autoresponder.
