Essentially, the "chmod" utility breaks down the 9 fields into three numbers (owner rights, group rights and world rights) such that each number defines three fields (readable, writable, and executable).
The break down follows the following scheme. If a file is readable, it gets 4 points. If it is writable, it gets 2 points and if it is executable, it gets 1 point. The total number of points will define its access privileges.
But again, this is best seen by example. Consider the following:
|0||No permission for anything|
|1||executable only. Used rarely for executable application or directory|
|2||writable only. Rarely ever used|
|3||writable and executable only. Rarely, if ever, used.|
|4||Readable only. Good for HTML files. If you store them as read only, then they are rarely lost if someone accidentally or intentionally attempts to delete them. Not so useful for directories|
|5||Readable and executable but not writable. Used for CGI scripts that should not be modified or deleted after they work. Also good for directories|
|6||Readable and writable but not executable. Okay for files that you are working on, but it is best not to store files in a writable form for your own safety.|
|7||Readable, writable and executable. The wad. Just be very, very careful, especially if you have something writable AND executable in a CGI directory.|
But wait, you are not done there. Once you have determined what numbers to assign, you must assign them to the correct groups. That is you must provide permission instructions for owner, group and world. To do that, you will use the "chmod" utility that takes a three digit number and a filename. The three-digit number will correspond to owner, group and world values and will be a number between 0-7 according to the formula explained above. Let's look at some examples...
|chmod 444 myfile.txt||Sets the permission for myfile.txt such that owner, group and world have read permission only. This is a pretty secure way to store HTML files when they are not being currently edited|
|chmod 644 *.html||Sets the permission for all files with the .html extension such that the owner may read or write to the file but group and world may only read.|
|chmod 751 ../cgi-bin/*.cgi||Sets the permission for all files with the .cgi extension in the cgi-bin directory (which is up one directory from the current directory) such that the owner may read or write and execute the script, group members can read and execute it, and world may only execute it. This is pretty good for CGI scripts but it is probably better to use 551 so that you don't accidentally modify or delete it|
|You can also use the
alternate method for defining permissions that uses letters
instead of numbers. In this system, you simply specify which permission field
you are modifying (g=group and a=all), the permission type you are modifying (r=read,
w=write, x=execute) and whether you are adding or removing rights (-=remove, +=add)
. Thus, for example, "chmod g+rw temp.txt" will give everyone in the group
read and write privileges whereas chmod a-xw will take away write and
execute privileges for everyone else.
Also, a cool trick for chmod is the -R option that allows you to change permissions recursively such as
chmod -R 444 *.html