Difference between revisions of "File Permissions"
Revision as of 13:23, 25 July 2013
LAMP Host's webservers obey unix-like file permissions. File permissions determine which users in the system can read, write, or execute a file. For detailed information and history on Unix Permissions, see Wikipedia's article at https://en.wikipedia.org/wiki/Unix_permissions.
Unix permissions can be displays in both textual symbols and numerical values. In its textual notation, a set of permissions is a ten-character string. In numerical notation, three octal digits represent for the file owner, group, and all other users.
The first digit determines the type of file on the server. For general use purposes, this will be a d character a directory or a - (hyphen) character for a normal file.
The next three digits determine the permissions for the file's owner (i.e., your LAMP Host username). These values always remain in the same order and can consist of r (read), w (write), and x (execute). Note that directories will always contain the execute permission for permitted users.
The second set of three digits determines permissions for a file's group. Unless you have explicitly requested that your server be configured otherwise, usernames and group names will be identical.
The final set of three digits determines permissions for other system users than your username and users that are not in the file's group. This set of permissions should generally be restricted to read-only except when you explicitly wish to allow the webserver to write to your files or directories.
The octal notation, commonly referred to as a file mode, generally consists of only three numeric characters. Each character represents the permissions for the user, group, and all users, respectively. Even numbers set read and write capabilities. Adding 1 to any odd numbered mode grants it executable permissions as well.
- 0: No Permissions
- 1: Execute-only (uncommon in practice)
- 2: Write-only (uncommon in practice)
- 3: Write-only + Execute (uncommon in practice)
- 4: Read-only
- 5: Read-only + Execute (standard for read-only directories)
- 6: Read + Write
- 7: Read + Write + Execute (standard for read+write directories)
- Regular file; owner can read and write; others can only read
- (These are the default file permissions for new files.)
- Sym: -rw-r--r--
- Oct: 644
- Regular file; only owner can read or write; others users are denied
- (Note: the Apache and Nginx webserver users will not have any access to these files. Files with these permissions will not be accessible over the web.)
- Sym: -rw-------
- Oct: 600
- Regular file; full read-write permissions
- (Note: if your web application needs to write to a file via PHP code, these are the proper permissions to set.)
- Sym: -rw-rw-rw-
- Oct: 666
- Directory (folder), owner can read, write, and create new files; others can only read
- (These are the default directory permissions for new directories.)
- Sym: drwxr-xr-x
- Oct: 755
- Directory; only owner can read, write, or create new files
- (Note: As above with regular file permissions, this breaks the webserver's ability to serve files from this directory.)
- Sym: drwx------
- Oct: 700
- Directory; full read-write permissions
- (Note: If your web application needs to create new files in a directory, these are the proper permissions to set.)
- Sym: drwxrwxrwx
- Oct: 777