chmod Tutorial

What Are Permissions?

Permissions are the way you regulate access to your files. When setting up web pages, the main thing you'll be concerned with is making sure everyone can read the file while not letting them overwrite it. There may be some things that you don't want people to have access to at all.

How Do I Tell Which Permissions Are Set?

At a Unix prompt, type: ls -l The output looks like this:

  drwxrwxrwx  1 username    users    2525 Feb 18 09:17 index.htm
  ^\ /\ /\ /    \      /    \   /
  | V  V  V      ''|'''      '|'
  | |  |  |        |          `-- group the file belongs to
  | |  |  |        `-- user who owns the file
  | |  |  |
  | |  |  `-- others (users who are neither you or in the group)
  | |  `-- group (people in the group)
  | `-- user (you)
  `-- d=directory, -=file, l=link, etc

Notice that there are three user categories ("user," "group," and "other") and each user category has three permissions that can be set: "r," "w," and "x" (which will be explained in the next section).

How Do I Set Permissions?

To set permissions, you will use the chmod command. There are two ways to use chmod: number or text.

Setting by Number:

Using the numbering scheme, the chmod command has three number places, for example 744, representing the three user types. The first number on the left side is for "user", the middle one is for "group" and the right hand one for "other." Now, here's what each number does:

0  =  ---  =  no access
1  =  --x  =  execute
2  =  -w-  =  write
3  =  -wx  =  write and execute
4  =  r--  =  read
5  =  r-x  =  read and execute
6  =  rw-  =  read and write
7  =  rwx  =  read write execute (full access)

So, if you set a file to:

chmod 750 foo
      ||`-- others have no access
      |`-- group has read and execute access
      `-- user has full access

Now, for directories:

read = list files in the directory
write = add new files to the directory
execute = access files in the directory

Setting by Text:

Another means is via text based commands: chmod [ugo][+-][rwx] [filename]. Where u=user, g=group and o=other and +/- turns on/off the attributes which follow it: r=read, w=write, x=execute.

For example, typing chmod go+r foo, turns on the read bits for group and others on file "foo". Note, that this command does NOT reset the other bits, so any previously specified permissions will not be changed. For example, this did not change any permissions for user and if group already had execute permissions, it did not remove it.

But, if you type chmod go=r foo, it will set file foo to be readable by group and other and turn off any write and execute permissions group and others had.

Now, whether you use the numbers or the text, you can name files using standard wild cards. For example, chmod 644 *.html will change the permissions on all your .html files, while chmod 644 foo* will change permissions on all files and directories with names starting with foo.

What Permissions Should I Set?

Text Files, Images and PHP Scripts (chmod 604):
-rw----r--  1 username    users        2525 Feb 18 09:17 index.html

Directories (chmod 701):
drwx-----x  2 username    users         512 Feb 22 17:48 cgi-bin/

CGI Scripts (chmod 705):
-rwx---r-x  1 username    users        3040 Feb 22 17:11 counter.cgi

For more information on the chmod and ls commands, check out the Unix Manual Pages. You'll find them by going to a Unix prompt and typing man chmod or man ls.