Legacy Web Publishing - General Permissions Guide

Understanding Permissions Symbols

There are three categories of users:

There are three types of permissions (usually called modes):

The meaning of each type of permission is different for files and directories:

Viewing the Current Permissions

At your Unix prompt (e.g., spot>), go to the web directory where you want to make changes. For example, if you are making your own personal webpages, you would type:

• cd public_html
• Then hit Return

If, on the other hand, you are working on your department's or other university-related webpages, the directory would most likely be in /htdocs. If so, you would need to type:

cd /htdocs/yourdepartmentsdirectoryname/andpathname

• To look at the permissions for a file, type:
  • ls -l: That's a lowercase letter "L" and "S," a space, a minus sign, another lowercase "L" and space, and the name of the file at your prompt. For example:
    • ls -l index.html
: The ls is shorthand for "list" the contents of the directory, and the -l is shorthand for "long." So in plain English, you're saying, "Give me a long listing (i.e., all the information about the items contained in this directory) of the directory where I currently am."
  • After you hit Return, you will see a line as follows:
    -rw-r--r-- 1 smith 740 Sep 16 11:18 index.html

  • Permissions are listed via the second through tenth characters of the first column in the -l listing:

    - r w x	r w x	r w x
    user/owner	group	other

  • Looking again at our example:
    -rw-r--r-- 1 smith 740 Sep 16 11:18 index.html

    We can see that the file index.html is readable and writable by the User, and readable by the Group and Other. No other permissions have been allowed; thus, the rest of the spaces contain dashes as placeholders. Because the read permission for Other is set, this file is viewable on the web.

  • To look at the permissions for a Web directory, type:
    ls -ld public_html
drwx-----x 2 smith 512 Aug 16 13:52 public_html
  • The above directory (note the initial "d" in the first column) has read, write and execute permissions for the User and execute for Other. This directory is viewable on the web.

Changing Permissions

• The chmod command is used to change file and directory modes, as follows:
  • chmod
• In , you include the letter of the viewer ‹u(ser), g(roup), o(ther) along with a function (+ or -), and the type of permission ‹r(ead), w(rite) or (e)x(ecute).
To change the permissions of a file called message.html to readable and writable by the User, and readable by everyone else, type the following:
  • chmod u+rw,g+r,o+r message.html
  • Translation: User gets read and write access, Group gets read access, and Other gets read access.
• To remove read permissions from everyone but the user on message.html, use this command:
  • chmod g-r,o-r message.html
  • Translation: Group loses read access and Other loses read access.

Suggested Permissions

In general, the User (i.e., owner of the directory or file) should be able to read and write all files they own and read, write and execute all directories they own.

The group-owner, if there is one, should be able to do the same. A group-owner is really a collection of people who are granted write-access to the directory and/or files by the authority of the primary owner. Since group-owners are there to help maintain the webpages, they should have the same permissions as the primary owner. However, this does not mean that they can change the permissions of the file or directory, and they don't have the authority to request changes to group-owner membership. Only the primary owner (a.k.a., "User") has the authority to make permissions and access changes.

Important note: Once a member of the group that has group-ownership of a directory creates a new file, that person is the owner of the file that they just created. Thus, that person now has the responsibility to set the permissions correctly for that file.


Finally, the Other permissions are generally set to allow only read access to files and execute access to directories. Setting write access for Other is very dangerous, since then anyone with access to the server could make changes to your webpages.

For webpages on www.colorado.edu with a group-owner, you'll need these minimum permissions set:

Setting Webpage Permissions

Use the command chmod to change the mode (i.e., permissions) of a file or directory.

To change permissions for the directory under /htdocs/somedepartment called images, type the following, then hit Return:

• chmod u+rwx,o+x images
• And you should see returned:
  drwx-----x 1 smith 740 Sep 16 11:18 images

Note: You must be in the directory /htdocs/somedepartment before typing the command. See the instructions above for how to change your directory location.

For the file called index.html, type the following, then hit Return:

• chmod u+rw,o+r index.html
• And you should see returned:
  -rw----r-- 1 smith 740 Sep 16 11:18 index.html

Troubleshooting

If you receive an error trying to view or change webpages, it is most likely a file or directory permission problem. Examples:

• 403 Forbidden
  You don't have permission to access.
• 404 Permission Denied

If other people receive permissions errors on your pages, review your permissions to be sure they match the minimums stated above. In cases where more than one individual has write privileges on a webpage or directory, permissions can sometimes be changed inadvertently when other individuals upload files.

Need More Help?

Call the IT Service Center at 303-735-HELP. Or send your question to oithelp@colorado.edu.

You can also refer to the manual pages that reside on the Unix servers. To see the Unix manual pages about changing permissions, type: man chmod.