Unix/Linux Permissions

From EZP Knowledge Base

Jump to: navigation, search

This is a basic, quick and dirty article on permissions. At EZProvider all of our servers run some flavour of Linux for the Operating System. Linux uses permissions (technically, the linux filesystem does) to manage who is allowed access to files and directories and what level of access they have.

If you were to login to your account using SSH, and typed "ls -la", you would see a bunch of files, possibly looking like:

-rw-rw-rw- 1 test test 1024 May 8 22:08 index.htm

Note the "-rw-rw-rw-" part of the line. This is the permissions line, presented in "Symbolic Notation". Also note the "test test" section - this denotes the owner of the file, which is the "User" below.

The first character in that 10 character string indicates the file type. The most common characters are "-", which denotes a regular file and "d" which denotes a directory. Occasionally you will see an "l" which means the file is a symbolic link (which is the subject for a future article perhaps!).

Next, please note the "rw-rw-rw-". There are three groups of three characters here. First, let's explain the three groups:

  • User - shows what the owner of the file can do.
  • Group - shows what the group members can do.
  • Other - shows what everyone else can do.

Then you have the three characters for each group. These are:

  • "r" if the read bit is set, "-" otherwise
  • "w" if the write bit is set, "-" otherwise
  • "x" if the execute bit is set, "-" otherwise.
    o You may occassionally see an "s", "S", "t" or "T" in place of the "x". This has to do with the setuid, setgid and sticky bit and are something to be explained in a future article.

You will often see permissions referenced by their "Octal Notation". This is a fancy way of saying the permissions using numbers. There are two common forms of "Octal Notation", 3 digit and 4 digit. In 3 digit octal notation, the first number represents the "User", the second is the "Group" and the third is the "Other". They are represented by the sum of their component bits (read, write and execute). Each component bit is represented by a number, like so:

  • Read = 4
  • Write = 2
  • Execute = 1

Thus, if someone told you to set your permissions to "755", you could break it down to it's Symbolic Notation by the following handy chart:

  • 1 = Execute permissions (--x)
  • 2 = Write permissions (-w-)
  • 3 = Write and Execute permissions (-wx)
  • 4 = Read permissions (r--)
  • 5 = Read and Execute permissions (r-x)
  • 6 = Read and Write permissions (rw-)
  • 7 = Read, Write and Execute permissions (rwx)

In this case, 755 would translate to: rwxr-xr-x

With 4 digit octal notation you would have the previous example of "755" specified as "0755". The first number is again referencing the setuid, setgid and sticky bit while the remaining 3 numbers are the same as the 3 digit explanation above. In some cases, you will see cPanel using 4 digit octal notation - such as when you use the file manager. You can simply put in the 3 digit octal notation number or put a zero in front of your 3 digit permissions number and everything should run fine.

As a note, the following permissions are generally considered "safe":

  • 644 - for your .html/.htm/.php files
  • 755 - for your directories, .pl and .cgi files

A file or directory with "777" permissions is generally considered not safe! We will be writing up a more specific "security primer" article in the near future.

I hope you enjoyed this basic permissions primer article. Please know that this is just scratching the surface of permissions. For example the whole permissions thing is based on binary but I leave learning binary up to you! :)

Retrieved from "http://www.ezp.net/kbase/index.php/Unix/Linux_Permissions"