UNIX commands allow
you to set permissions. file by file, allowing you to control who can
read a file, write to a file, or view
a file on a Web page. Files uploaded to your Unix account are automatically
owned by you. Unless you give permission for other group members
to edit or change a file, they cannot make modifications.
-- A UNIX string of information, showing
permissions for a file:
-rwxr--r--
8 username groupname
678
Jan
10:10
filename
[If you don't share a group space you need
not be concerned with group permissions.]
-- A UNIX string of information,
showing permissions for a directory:
drwxr-xr-x
7
username
229 16384
Dec 13 08:05 public_html
[The initial dash ("-")
in the first permissions string indicates the entry is a file. The letter
"d" instead of a ("-")
in the 2nd example indicates the entry is a directory.]
What do permissions mean?
-
The first three positions
(after the "-" or "d") designate
owner's permissions. The r indicates
the owner can read the file. The w indicates
the owner can write to the file. The x
indicates
the owner can execute the file.
-
The second three
positions designate permissions for the group. In this example,
the group members can read, but not write to it or
execute it. (Execution permission is usually only given for particular
files or a specific directory.)
If you don't give others access to write
or execute files, ignore this part.
-
The last three positions
are for the world/anyone. To allow your Web pages to be viewed using a
browser, you need this permission set to "read."
-
The number before
the user name indicates the levels of directories.
-
Username
indicates the owner of the file. Your username appears in this position.
-
Groupname indicates
the group to which this file belongs. Your group name will appear
in this space. If you don't share a group space you need not be concerned
with group permissions.
-
678 indicates
the file's size. The number will change, depending upon the size of the
file.
-
Jan 10:10 indicates
the date and time the file was modified. The info. will change when
the file is modified again.
-
filename
indicates
the name of your actual file.
Setting permissions:
When you create an .html file in your public_html
Web
space, you will need to set permissions so that visitors to your Web space
can see your file in the browser. (You can enter a directory by typing
cd
and then typing the
directory name.]
To see your permissions, type cd public_html.
Then at the prompt>
type: ls - l
The ls command
(the lowercase letter "l" (not the letter "i") and the letter lowercase
"s") allows you to see the list of all your files. The -
l command (a hyphen, then the letter "l"), will let you see
the long format where you can see file permissions.
The three actions you can perform a
file:
-
read (view the
file
-
write (create,
edit or delete)
-
execute (run a
script/program or enter a directory)
The categories of people's access:
-
a all users
-
u the owner user
-
g the owner group
-
o others (neither
u, nor g)
The format for permissions is:
chmod {a,u,g,o} {+,-} {r,w,x} files
The plus ("+")
sign indicates give permission. The minus ("-")
sign indicates remove permission.
Permission examples:
-
chmod a+r files are readable by all
-
chmod a-r files cancels the ability
for all to read the file
-
chmod a-rwx cancels all access
for all
-
chmod g+rw files give the group
read and write permission
-
chmod u+rwx files give the owner
all permissions
-
chmod og+rw files give the world and
the group read and write permission
To set permissions use the chmod
program:
For example, If you want all people
to read the home page of your Web site (the files which reside in your
public_html directory), but do not want to give permission for viewers
to alter your files, you would type:
chmod a+r index.html
[The default "home" page in a Web directory
should always be called index.html. The string a+r indicates that
all
can read the Web page file. Only the "home" /default page
in each folder is called index.html. Change the filename when
you set permissions for other files.]
Directory permissions:
Permissions are a bit different for directories:
-
read allows a
user to view the directory's contents
-
write allows a
user to create new files or delete files in the directory.
-
execute determines
if the user can enter (cd) into the directory or run a program or script.
If you want all group members to be able to
write, edit, or delete files you would type at the prompt (in the correct
directory): chmod g+w (All group members
can write to the file. (Caution -
This means that a user with write privileges in the DIRECTORY can delete
files even if he/she does NOT have write permissions for the FILE!)
If you want to create a group of users whose access can be controlled by
the group permissions, consult with your system administrator. The system
administrator usually has to set up the group.
Some prefer to use numbers to set permissions.
The number equivalents of r, w, x are:
OWNER
(USER) |
GROUP
(if you share a directory.file) |
PUBLIC
(OTHERS)
|
|
R W X
|
R W X
|
R W X
|
|
400 200 100
|
40 20 10
|
4 2 1
|
In order to translate the mode you require
to a number, simply add the numbers corresponding to the individual permissions
you want. So, if you want the files to be readable and writable by the
owner (that is, you), readable by the group, and readable by all the other
users of the system, you perform the addition:
| 4 |
0 |
0 |
owner
|
R ead |
| 2 |
0 |
0 |
owner
|
W rite |
| 1 |
0 |
0 |
owner
|
X execute |
| , |
4 |
0 |
group
|
R ead |
| , |
1 |
0 |
group
|
X execute |
| , |
, |
4 |
public
|
R ead |
| , |
, |
1 |
public
|
X execute |
| _ |
_ |
_ |
|
|
| 7 |
5 |
5 |
|
|
Your chmod permission command will look
like:
chmod 755 (Leave a space and type
in filename.)
Owner can read, write, execute files
Group can read and execute (use) but not
change files.
Public can read and execute (use) but
not change.
|
![[picture of a bar]](harvline.GIF){kind=small}
