You are on page 1of 2

'chmod' or "change mode" is the *NIX way of changing file permissions.

It is VERY
different from DOS/Windows, if you are new to *NIX or always wondered what "drwxr-
xr-x" meant read on.....

Where Windows/DOS machines realistically have one set of file permissions:


Read/Write - Archive - System - Hidden and then add on User Permissions to the
files and directories; *NIX breaks the permissions into three groups, 1 - user, 2
- group, 3 - world.

When you do an ls -la you might see the following:


[user@linux sites]$ ls -la
drwxr-xr-x 16 root root 1024 Oct 20 19:56 .
drwxr-xr-x 9 root root 1024 Sep 5 22:56 ..
drwxr-xr-x 9 foo user 1024 Sep 5 22:56 dir1
drwxr-xr-x 9 foo user 1024 Sep 5 22:56 dir2
drwxr-xr-x 9 foo user 1024 Sep 5 22:56 dir3
-rw-r--r-- 9 foo user 1024 Sep 5 22:56 file1
-rw-r--r-- 9 foo user 1024 Sep 5 22:56 file2
-rw-r--r-- 9 foo user 1024 Sep 5 22:56 file3

All the gobblygook at the beginning of each line is the file permissions. Note: To
*NIX, directories are just special files. In order to allow someone to 'traverse'
the directory tree, the user must have eXecute permissions on the directory even
if they have read/write privileges.

Within each set of permissions (you, group, world) there are three permissions you
can set: Read - Write - Execute. Therefore when you set the permissions on a file
you must take into account 'who' needs access.

Here's a stripped down list of the options chmod takes: (for more info do a man
chmod at the command line.)

chmod [-R] ### <filename or directory>

-R is optional and when used with directories will traverse all the sub-
directories of the target directory changing ALL the permissions to ###. Very
useful but use with extreme caution.

The #'s can be:


0 = Nothing
1 = Execute
2 = Write
3 = Execute & Write (2 + 1)
4 = Read
5 = Execute & Read (4 + 1)
6 = Read & Write (4 + 2)
7 = Execute & Read & Write (4 + 2 + 1)

Of course you need a file name or target directory. Wild cards * and ? are
acceptable. If you don't supply the -R, with the target directory, the directory
itself will be changed, not anything within it.

Again you must supply the #'s in a set of three numbers (you, group, world).

To make a file readable and writable by you, and only read for your group, and no
access from the world,it would look like:

chmod 640 filename


The result would look like...
-rw-r----- 9 foo user 1024 Sep 5 22:56 file3

To make all files that end in .cgi read-write-executable for you, and read-
executable for everyone else:

chmod 755 *.cgi

The result would look like...


-rwxr-xr-x 9 foo user 1024 Sep 5 22:56 file3.cgi
-rwxr-xr-x 9 foo user 1024 Sep 5 22:56 file4.cgi

Here are some standard permissions for files and directories:

[This is a gross approximation, a place to start. Your sysadmin maybe really loose
with permissions or a really tight-butt. Your mileage *will* vary.]

For Apache running as nobody:nobody.....Most Perl Scripts should be set to 755.


Most HTML files should be set to 644. And most data files that must be written to
by a web server should be 666. The standard directory permission should be 755.
Directories that must be written to by a web server should be 777.

If the web server is running within the same group as you....Most Perl Scripts
should be set to 750. Most HTML files should be set to 640. And most data files
that must be written to by a web server should be 660. The standard directory
permissions should be 750. Directories that must be written to by a web server
should be 770.

Your home directory should be 700. If you are operating a ~username type server,
the public_html directory should be 777. (You may also need to open up the home
directory to 755.)

Side Note: any file name that starts with a '.' is invisible to the webserver when
a directory list is generated. This is a quick and dirty way to hide a file.
Mutated into a life-size Dilbert doll, Anthony spends the days wedged into his
replica of Cardinal Fang's Comfy Chair coding solutions to the most thorny of
internet software problems.
4 comments on this article. Log in to add your comment | Rate this article: Rate
this node 1 star.Rate this node 2 star.Rate this node 3 star.Rate this node 4
star.Rate this node 5 star.