Understanding File & Folder Permission

Linux Folder & File Permissions

As a webmaster you need to know how to use the CHMOD command to set folder and
file permissions (also referred to as 'file attributes') on Linux web servers. You need to set
the correct file permissions especially with CGI script files when you install them.

On a Linux web server, every file and folder stored on the hard drive have a set of
permissions associated with it, which says who is allowed to do what with the file. Every
file (and folder) also has an "owner" and a "group" associated with it. If you created the
file, then you are the owner of that file, and your group, or the group associated with the
folder you created the file in, will be associated with that file.

There are three types of people that can do things to files - the Owner of the file, anyone
in the Group that the file belongs to, and Others (everyone else). In Linux they are
referred to using the letters U (for Owner or User), G (for Group), and O (for Others).

There are three things that can be done to files or folders:

read the file or folder (this means listing the contents of the file or folder)

write to the file. For folders this means creating and deleting files in the folder.

execute (run) the file if it's a program or script. For folders this means accessing files in
the folder.

Therefore there are three types of permissions:

r - read the file or directory
w - write to the file or directory
x - execute the file or search the directory
Each of these permissions can be set for any one of three types of user:
u - the user who owns the file (you)
g - members of the group to which the owner belongs
o - all other users

CGI script installation pages will tell you to 'CHMOD 755' or 'Set the file to executable'.
This all refers to setting the file permissions or attributes. When you use FTP or Telnet,
you'll notice some letters next to the file listings. These letters are the current settings for
the file or folder permissions. The details look like this:

- 15Kb 02/01/02 22:45 drwxrwxrwx

The string of letters, drwxrwxrwx, represents the permissions that are set for this folder.

drwxrwxrwx
Owner Group Other
Directory Read Write Execute Read Write Execute Read Write Execute

The string of letters breaks down into 3 sections of 3 letters each, representing each of the
types of users (the owner, members of the group, and everyone else). There is a 'd'
attribute on the left, which tells us if this is a file or a folder (directory). If any of these
letters is replaced with a hyphen (-), it means that permission is not granted.

For example:

drwxrwxrwx A folder which has read, write and execute permissions for the owner, the
group and for other users.
-rwxr--r-- A file that can be read and written by the user, but only read and executed by
the group, and only read by everyone else.

Using numbers

You can also use numbers for setting file and folder permissions. Each of the three
numbers corresponds to each of the three sections of letters. The first number determines
the owner permissions, the second number determines the group permissions and the
third number determines the other permissions. Each number can have one of eight
values ranging from 0 to 7. Each value corresponds to a certain setting of the read, write
and execute permissions.
These values are added together for any one user category:

1 = execute only
2 = write only
3 = write and execute (1+2)
4 = read only
5 = read and execute (4+1)
6 = read and write (4+2)
7 = read and write and execute (4+2+1)

or in a table format, it would look like this:

Number Read (R) Write (W) Execute (X)

0 No No No
1 No No Yes
2 No Yes No
3 No Yes Yes
4 Yes No No
5 Yes No Yes
6 Yes Yes No
7 Yes Yes Yes

For example:
777 is the same as rwxrwxrwx
755 is the same as rwxr-xr-x
Setting permissions using FTP

Your FTP program will most likely allow you to set file and folder permissions by
selecting the file or folder in the remote window and either right-clicking on it and
selecting an option such as CHMOD or Set permissions, or by selecting CHMOD / Set
permissions from a menu option. Once you've selected the appropriate menu option,
you'll see a dialog box similar to the following (this one is from CuteFTP for Windows):

Change File Attributes

(Note: This command is server-dependant It may not work with some servers)

Using the screen of your FTP client, it should be easy to set the read, write and execute
permissions for the owner, group and others using the check boxes. If you already know
which numbers are needed, you can type the 3 digit number. The FTP client will change
(chmod) the permissions for you. The above example of CHMOD 755 will be the one
used most, since almost all CGI scripts need to be 755.