Get Permission!
Of all the different problems associated with installing CGI scripts, many can be attributed to incorrect permission settings on one file or another. Permissions are very important on a Unix system because it prevents unauthorized people from viewing or editing files. Anyone using a Unix system has an identity, and file and directory access depends on "who" you are.
Unix files and folders are protected on three different levels.
- User
- This permission value effects what the owner of the file can do to it. While it would be fair to assume that only you as the owner would be affected by this setting - it may affect a group of users depending on how your host has set up the server.
- Group
- These are usually the permission determining the rights of a group of users (usually those using the same server as yourself) - these should generally be the same as the owner's permissions because you are a user of the group when you are logged into the server.
- Other
- This sets the permissions for anyone one else that may have access to the files but who is not an owner or group. This setting will affect anyone who is trying to access the file via the web, including the owner of the file (since the owner is only counted as the owner when they are using the "shell" account or using FTP).
Understanding permission values
If you've ever downloaded a script and read the installation instructions you'll have likely been told that you need to CHMOD a file to 666 or set the permissions to 755. So how does this set of numbers relate to the various groups of the typical Unix file protection system? Well, there are three numbers and three different types of permission...
- The first number relates to the permissions of the file owner
- The second relates to permissions for the group
- The third and last number relates to the permissions for any other type of user
So what do these numbers mean? There are three main reasons why a person may want to open a file; to read from it, to write to it or to execute it (i.e. run it or use it). Each of these properties has a value assigned to it, and it is the sum of these values that determines the permission settings.
| read | write | execute | |
| permission value | 4 | 2 | 1 |
Once you know the permission settings for a file, you can determine exactly who is allowed to do what to that particular file by doing some simple maths. Here is a table showing which file attributes need to be set for all possible values of a setting.
|
So, following this table we can see that a file whose permissions are to be set at 755 will allow...
|
In this case everyone has access to read the file and run the program (assuming it was a script), but only the owner of the file can write to it (via FTP or shell access).
Setting the File Permissions
So, now that you have an understanding of how to decipher the numbers used for expressing file permissions - you need to be able to set them. There are two ways you can do this. Either logging into your shell account and use the Unix CHMOD command, or using your FTP client to do it for you. Since Unix shell accounts are only usually available to those power users that pay for their hosting, FTP is the common method for doing this, as you do not have to know about the Unix commands.
Here is an example of the permissions setting interface of my favourite FTP client (WS_FTP LE). You will notice that there are a total of 9 check boxes on it, each acting as a toggle for switching the read, write and execute permissions of each of the three "groups" of Unix users.
To see this menu that allows you to set the permissions, right click on the file or folder that you want to set the permissions for and select the CHMOD file option. This will bring up a menu similar to the one shown here and in most programs; it is just a case of checking the boxes that you want to set the permission for.
Notes about Permissions
You will notice that there is a note at the bottom of the example shown above. While there are permission settings on Windows servers, they are usually only set at the server level and are not comparable with the built in security features of a Unix file system - thus individual file permissions can not be set by the owner via FTP on a Windows server. As for other file systems, if they are Unix compatible then the chances are that the server will support the CHMOD command, but the only way to be sure is to try and change the permissions of a file.
Another point to remember is that you are only considered the owner of a file when you access it via a shell account or FTP (both of which require you to log in to be able to identify yourself). If you are testing a script you have uploaded and you are using a browser to do it, then you do not have the owner's privileges, rather the results of the script will depend on the other user's permissions for the script and any files that are used for it. This is why it is common to set a script's permissions to 755 (which allows other users to read and execute the file) and its data-files to 666 (which allows them to read and write to the file)