The most commonly used permission modification
utility is chmod. This utility allows you to modify the permission bits of
a file or directory. It is also one of the most difficult utility for
new web technicians to master because it is a little obtuse in design.
Essentially, the "chmod" utility breaks down the 9
fields into three numbers (owner rights, group rights and world rights)
such that each number defines three fields (readable, writable, and
The break down follows the following scheme. If a file
is readable, it gets 4 points. If it is writable, it gets 2 points and if it is
executable, it gets 1 point. The total number of points will define its access
But again, this is best seen by example.
Consider the following:
||No permission for anything
||executable only. Used rarely for executable application or directory
||writable only. Rarely ever used
||writable and executable only. Rarely, if ever, used.
||Readable only. Good for HTML files. If you store them as read only, then
they are rarely lost if someone accidentally or intentionally
attempts to delete them. Not so useful for directories
||Readable and executable but not writable. Used for CGI scripts that
should not be modified or deleted after they work. Also good for directories
||Readable and writable but not executable. Okay for files that you are
working on, but it is best not to store files in a writable form for your
||Readable, writable and executable. The wad. Just be very, very careful,
especially if you have something writable AND executable in a CGI directory.
But wait, you are not done there. Once you have determined
what numbers to assign, you must assign them to the correct groups. That is
you must provide permission instructions for owner, group and world. To do that,
you will use the "chmod" utility that takes a three digit number and a filename.
The three-digit number will correspond to owner, group and world values and
will be a number between 0-7 according to the formula explained above. Let's
look at some examples...
|chmod 444 myfile.txt
||Sets the permission for myfile.txt such that owner, group and world have
read permission only. This is a pretty secure way to store HTML files when they
are not being currently edited
|chmod 644 *.html
||Sets the permission for all files with the .html extension such that
the owner may read or write to the file but group and world may only
|chmod 751 ../cgi-bin/*.cgi
||Sets the permission for all files with the .cgi extension in the cgi-bin
directory (which is up one directory from the current directory) such that
the owner may read or write and execute the script, group members can read and
execute it, and world may only execute it. This is pretty good for CGI scripts but
it is probably better to use 551 so that you don't accidentally modify or
|You can also use the
alternate method for defining permissions that uses letters
instead of numbers. In this system, you simply specify which permission field
you are modifying (g=group and a=all), the permission type you are modifying (r=read,
w=write, x=execute) and whether you are adding or removing rights (-=remove, +=add)
. Thus, for example, "chmod g+rw temp.txt" will give everyone in the group
read and write privileges whereas chmod a-xw will take away write and
execute privileges for everyone else.
Also, a cool trick for chmod is the -R option
that allows you to change permissions recursively such as
chmod -R 444 *.html
Table of Contents