Dr. Mark Humphrys

School of Computing. Dublin City University.

Home      Blog      Teaching      Research      Contact

Search:

CA216      CA249      CA318

CA400      CA651      CA668


Notes on File protections

"ls -l" shows something like:
-rwxr-xr-- 1 userid  groupid  153 Nov  6 2008 filename

-	file (d for directory, l for link/shortcut)
rwx	User (u) can read,write,execute.
r-x	Other members of group (g) can read,execute only.
r--	Other people (o) can read only.

  
set via the "chmod" command.
see "man chmod"


    user      group      other
 [ ][ ][ ]  [ ][ ][ ]  [ ][ ][ ]

r - read
w - write
x - execute



user bits

Note if turned off, user has power to turn them on any time.
So these can only be for some kind of temporary self-check.

[r][w][-] Don't execute by accident.
Because UNIX will try to execute any text file as shell script if name is typed.
e.g. text files, web pages
[r][-][x] write-protect for safety
annoying?
[r][-][-] both of above
[r][w][x] normal




group/other bits

[r][w][x]
[r][w][-]
Shared writable file
[r][-][x]
[r][-][-]
Shared read-only file
[-][-][-] Normal - Hidden from others


Absolute minimum needed for:

Web pages (HTTP requests come in as "other"):

 -rwx---r--

CGI text scripts:

 -rwx---r-x

CGI binaries only need execute:

 -rwx-----x

(Normal binaries also only need execute.)

PHP page only needs r, not x:

 -rwx---r--



Feeds      w2mind.org

On Internet since 1987.