Understanding Permissions Symbols
There are three categories of users:
Type | Symbol |
---|---|
User/Owner | u |
Group | g |
Other (world) | o |
There are three types of permissions (usually called modes):
Mode | Symbol |
---|---|
Read | r |
Write | w |
Execute | x |
The meaning of each type of permission is different for files and directories:
Permission | What it means for a file | What it means for a directory |
---|---|---|
Read | view file contents | list files in directory |
Write | change file contents | create and remove files |
Execute | execute file as a command | search the directory |
Viewing the Current Permissions
At your Unix prompt (e.g., spot>), go to the web directory where you want to make changes. For example, if you are making your own personal web pages, you would type:
- cd public_html
- Then hit Return
If, on the other hand, you are working on your department's or other University-related web pages, the directory would most likely be in /htdocs. If so, you would need to type:
cd /htdocs/yourdepartmentsdirectoryname/andpathname
- To look at the permissions for a file, type:
- ls -l: That's a lowercase letter "l" and "s," a space, a minus sign, another lowercase "l" and space, and the name of the file at your prompt. For example:
- ls -l index.html : The ls is shorthand for "list" the contents of the directory, and the -l is shorthand for "long." So in plain English you're saying, "Give me a long listing (ie, all the information about the items contained in this directory) of the directory where I am currently."
- After you hit Return, you will see a line as follows:
-rw-r--r-- 1 smith 740 Sep 16 11:18 index.html - Permissions are listed via the second through tenth characters of the first column in the -l listing:
- r w x r w x r w x user/owner group other - Looking again at our example:
-rw-r--r-- 1 smith 740 Sep 16 11:18 index.htmlWe can see that the file index.html is readable and writable by the User, and readable by the Group and Other. No other permissions have been allowed; thus, the rest of the spaces contain dashes as placeholders. Because the read permission for Other is set, this file is viewable on the Web.
-
To look at the permissions for a Web directory, type:
ls -ld public_html drwx-----x 2 smith 512 Aug 16 13:52 public_html -
The above directory (note the initial "d" in the first column) has read, write, and execute permissions for the User, and execute for Other. This directory is viewable on the Web.
Changing Permissions
- The chmod command is used to change file and directory modes, as follows:
- chmod
- In , you include the letter of the viewer ‹u(ser), g(roup), o(ther) along with a function (+ or -), and the type of permission ‹r(ead), w(rite) or (e)x(ecute).
To change the permissions of a file called message.html to readable and writable by the User, and readable by everyone else, type the following:
- chmod u+rw,g+r,o+r message.html
- Translation: User gets read and write access, Group gets read access, and Other gets read access.
- To remove read permissions from everyone but the user on message.html, use this command:
- chmod g-r,o-r message.html
- Translation: Group loses read access and Other loses read access.
Suggested Permissions
In general, the User (ie, owner of the directory or file) should be able to read and write all files they own and read, write AND execute all directories they own.
The group-owner, if there is one, should be able to do the same. A group-owner is really a collection of people who are granted write-access to the directory and/or files by the authority of the primary owner. Since group-owners are there to help maintain the web pages, they should have the same permissions as the primary owner. However, this does not mean that they can change the permissions of the file or directory, and they don't have the authority to request changes to group-owner membership. Only the primary owner (AKA "User") has the authority to make permissions and access changes.
IMPORTANT NOTE: Once a member of the group that has group-ownership of a directory creates a new file, that person is the owner of the file that s/he just created. Thus, that person now has the responsibility to set the permissions correctly for that file.
Finally, the Other permissions are generally set to allow only read access to files and execute access to directories. Setting write access for Other is very dangerous, since then anyone with access to the server could make changes to your web pages!
For Web pages on www.colorado.edu with a group-owner, you'll need these minimum permissions set:
On Directories... | ||
---|---|---|
User/Owner | read, write, execute | rwx |
Group | read, write, execute | rwx |
Other | execute | --x |
On Pages... | ||
---|---|---|
User/Owner | read, write, execute | rw- |
Group | read, write, execute | rw- |
Other | read | r-- |
Setting Web Page Permissions
Use the command chmod to change the mode (ie permissions) of a file or directory.
To change permissions for the directory under /htdocs/somedepartment called images, type the following, then hit Return:
- chmod u+rwx,o+x images
- And you should see returned:
drwx-----x 1 smith 740 Sep 16 11:18 images
NOTE: you must be in the directory /htdocs/somedepartment before typing the command. See instructions above for how to change your directory location.
For the file called index.html, type the following, then hit Return:
- chmod u+rw,o+r index.html
- And you should see returned:
-rw----r-- 1 smith 740 Sep 16 11:18 index.html
Troubleshooting
If you receive an error trying to view or change Web pages, it is most likely a file or directory permission problem. Examples:
- 403 Forbidden
You don't have permission to access.
-OR-
- 404 Permission Denied
If other people receive permissions errors on your pages, review your permissions to be sure they match the minimums stated above. In cases where more than one individual has write privileges on a Web page or directory, permissions can sometimes be changed inadvertently when other individuals upload files.
Need More Help?
Call the IT Service Center at 303-735-HELP. Or send your question to oithelp@colorado.edu.
You can also refer to the manual pages that reside on the Unix servers. To see the Unix manual pages about changing permissions, type: man chmod.