Permissions are attributes of a file or directory that tell the server who can do what with the corresponding file or directory. Usually access rights regulate such actions as reading, writing to a file (or directory), and execution.
On Unix (Linux) systems, all users are divided into three groups:
user – the owner of the file itself;
group – a member of the same group the file owner belongs to;
world – everyone else.
When you connect to the server, it determines which group you belong to. For example, when you connect to a server via FTP, you log in with your username, and the server puts you in the user group. Other users connecting via FTP will be assigned to the group, and when a person enters your site through their browser, they will be assigned to the world group.
Once a group has been defined, the user has rights to act on objects, i.e. he can read, write or execute a file. To view a directory, it must be executable, to view its contents, it must have a read attribute, and to create a new file or directory in an existing directory, you must have write permission. Thus, to run an application or CGI- or PHP-script, you must put an attribute on the directory read and run.
By creating a file, a user automatically has the broadest rights to do anything with that file, his group has somewhat lesser rights, and everyone else has absolutely negligible rights. In Unix (Linux) there are only three basic rights: to read a file or to browse a directory (“Read”), to change a file or a directory by writing something to it, or to delete it altogether (“Write”). The last right is the right to run the file (“eXecute”).
Numerical symbols are used to allocate rights to the respective groups:
4 = read (right to read);
2 = write (right to write);
1 = execute (right to execute).
The first digit in the designation sets the rights for the user group (i.e. actually for you), the second for the group and the third for the world.
By simply adding up the numbers, it is possible to establish rights to a set of actions. For example:
3 (2+1) – allows writing and executing a file (directory);
5 (4+1) – allows reading and execution;
6 (4+2) – allows reading and writing;
7 (4+2+1) – establishes the right to read, write and execute.
So there are only seven options:
7 = read, write & execute;
6 = read & write;
5 = read & execute;
4 = read;
3 = write & execute;
2 = write (write);
1 = execute.
The CHMOD command is used to set access rights.
In spite of this, it never hurts to know a little bit more about Unix commands. So, the chmod command has two modes: Absolute (numeric) and Symbol mode. The chmod command used in Unix or the site chmod command used in some FTP managers (-clients) (FTP Explorer, for example) can be used in both modes.
The Absolute (digital) mode uses the 3-digit access rights code described above. Symbolic mode uses a letter format to set access rights. The letters r (read), w (write), and x (execute) are used here. And also u (user, user), g (group), o (other (world), others, the whole world) and a (all, all [not used]).
Here are some of the most common combinations:
CHMOD 755 – For directories, CGI scripts, PHP scripts
CHMOD 644 – For normal files, PHP scripts
CHMOD 600 – Hide files from everyone except your scripts
All modern FTP-clients have the ability to assign access rights by checking boxes or simply by entering a numeric code in the appropriate field.
