This page explains how to set file permissions for the three most common type of web files: pages, scripts and data/config files. If you're new to scripting, or getting the dreaded "Internal Server Error" when you try to run a sample script you've downloaded, start here.
The UNIX security model allows you to set different levels of access to a file for different groups of people. This allows you to let the web server modify a file via a CGI script, for instance, while preventing other users from having normal access to the file. There are three groups in terms of file access, and three different permission types they can receive.
The groups are:
- User/Owner - the "user" group consists only of the owner of the file (your account, in most cases)
- Group - the "group" group consists of the other users on the server -- you can usually remove their permissions entirely if you think it necessary
- Other/World - the "other" group consists of everyone else -- most imporantly, the web server falls into the "other" category
The potential permissions are:
- Read - the read permission allows a user or program the ability to read the data in a file
- Write - the write permission allows a user or program the ability to write new data into a file, and to remove data from it
- Execute - the execute permission allows a user or program the ability to execute a file, if it is a program or script.
To keep things simple, let's make the following assumptions:
- pages should be readable/writable by the owner and readable by the web visitor.
- scripts should be readable/writable/executable by the owner and readable/executable by the web visitor.
- data-config files should be readable/writable by the owner and readable/writable by the web visitor.
And also, lets use the following abbreviations:
- --- (or 0) = no permission
- r-- (or 4) = read-only permission
- rw- (or 6) = read/write permission
- r-x (or 5) = read/execute permission
- rwx (or 7) = read/write/execute permission
Sometimes you'll see these numbers referenced for a script. For instance, "chmod your script to "755" or "777". That means "set file permissions to "Read-Write-Execute/Read-Execute/Read-Execute". "755" is in fact the most common setting for CGI/Perl scripts - if your script does not work or you get an "Internal Server Error" when you run it try this first.
To change file permissions using your FTP software:
2. Log into your account and go to the directory where the files are located.
3. Highlight the file or directory that you want to change permission.
4. Locate the "file permission" or "chmod" command on your FTP software software (you may need to refer to the manual or help file)
There should be three groups. Each group should have either checkboxes or a selection for the permission type.
1. set pages to rw- for the owner, no permission for the group, and r--for other
2. set scripts to rwx for the owner, no permission for the group, and r-x for other
3. set data/config files to rw- for the owner, no permission for the group, and rw- for other