The "chmod" Utility
July 19, 1998
The most commonly used permission modification
utility is chmod. This utility allows you to modify the
permission bits of a file or directory. It is also one of the
most difficult utility for new web technicians to master because
it is a little obtuse in design.
Essentially, the "chmod" utility breaks down the 9
fields into three numbers (owner rights, group rights and world
rights) such that each number defines three fields (readable,
writable, and executable).
The break down follows the following scheme. If a file
is readable, it gets 4 points. If it is writable, it gets 2
points and if it is executable, it gets 1 point. The total
number of points will define its access privileges.
But again, this is best seen by example.
Consider the following:
| Code |
Explanation |
| 0 |
No permission for anything |
| 1 |
executable only. Used rarely for executable application or
directory |
| 2 |
writable only. Rarely ever used |
| 3 |
writable and executable only. Rarely, if ever, used. |
| 4 |
Readable only. Good for HTML files. If you store them as
read only, then they are rarely lost if someone accidentally or
intentionally attempts to delete them. Not so useful for
directories |
| 5 |
Readable and executable but not writable. Used for CGI
scripts that should not be modified or deleted after they work.
Also good for directories |
| 6 |
Readable and writable but not executable. Okay for files
that you are working on, but it is best not to store files in a
writable form for your own safety. |
| 7 |
Readable, writable and executable. The wad. Just be very,
very careful, especially if you have something writable AND
executable in a CGI directory. |
But wait, you are not done there. Once you have determined
what numbers to assign, you must assign them to the correct
groups. That is you must provide permission instructions for
owner, group and world. To do that, you will use the "chmod"
utility that takes a three digit number and a filename.
The three-digit number will correspond to owner, group and world
values and will be a number between 0-7 according to the formula
explained above. Let's look at some examples...
| Command |
Explanation |
| chmod 444 myfile.txt |
Sets the permission for myfile.txt such that owner, group
and world have read permission only. This is a pretty secure
way to store HTML files when they are not being currently
edited. |
| chmod 644 *.html |
Sets the permission for all files with the .html extension
such that the owner may read or write to the file but group and
world may only read. |
| chmod 751 ../cgi-bin/*.cgi |
Sets the permission for all files with the .cgi extension in
the cgi-bin directory (which is up one directory from the current
directory) such that the owner may read or write and execute the
script, group members can read and execute it, and world may
only execute it. This is pretty good for CGI scripts but
it is probably better to use 551 so that you don't accidentally
modify or delete it |
| You can also use the
alternate method for defining permissions that uses letters
instead of numbers. In this system, you simply specify which
permission field you are modifying (g=group and a=all), the
permission type you are modifying (r=read, w=write, x=execute)
and whether you are adding or removing rights (-=remove, +=add).
Thus, for example, "chmod g+rw temp.txt" will give everyone in
the group read and write privileges whereas chmod a-xw will
take away write and execute privileges for everyone else.
Also, a cool trick for chmod is the -R option
that allows you to change permissions recursively such as
chmod -R 444 *.html
|
Additional Resources:
Permission Bits
Introduction to UNIX for Web Developers | Table of Contents
The "chown" Utility
|
