Dr. Mark Humphrys

School of Computing. Dublin City University.

Home      Blog      Teaching      Research      Contact

My big idea: Ancient Brain


CA216      CA249      CA318

CA400      CA651      CA668

Notes on File protections

"ls -l" shows something like:
-rwxr-xr-- 1 userid  groupid  153 Nov  6 2008 filename

-	file (d for directory, l for link/shortcut)
rwx	User (u) can read,write,execute.
r-x	Other members of group (g) can read,execute only.
r--	Other people (o) can read only.

set via the "chmod" command.
see "man chmod"

    user      group      other
 [ ][ ][ ]  [ ][ ][ ]  [ ][ ][ ]

r - read
w - write
x - execute

user bits

Note if turned off, user has power to turn them on any time.
So these can only be for some kind of temporary self-check.

[r][w][-] Don't execute by accident.
Because UNIX will try to execute any text file as shell script if name is typed.
e.g. text files, web pages
[r][-][x] write-protect for safety
[r][-][-] both of above
[r][w][x] normal

group/other bits

Shared writable file
Shared read-only file
[-][-][-] Normal - Hidden from others

Absolute minimum needed for:

Web pages (HTTP requests come in as "other"):


CGI text scripts:


CGI binaries only need execute:


(Normal binaries also only need execute.)

PHP page only needs r, not x:


Feeds      w2mind.org      ancientbrain.com

On the Internet since 1987.