Chmod - change the mode of access to files

Increasingly, it is found that some novice saitostroiteli, keen on scripting (perl / cgi, php, etc.) do not know what chmod is and how to use it. In this short tutorial, you will learn what chmod is, how it is exposed and what it's all about.

It is very important sometimes to assign access rights to certain files and folders on the web server, whether for security reasons or just for the correct operation of the script. This action is called chmod ( ch ange file mod e), or in Russian: changing the mode of access to files. This name originates from the Unix command - chmod, which changes file permissions. Over time, "chmod" has become synonymous with the word "permission" ("permission").

There are three groups of users whose rights we will be interested in: the file owner, the group, and other users.

When creating a file, the user automatically gets the most extensive rights to do anything with this file, his group has slightly less rights, and all others are completely insignificant. In Unix, there are only three basic rights - read a file or browse the directory (" R ead"), change a file or folder, write something into it, or even delete it (" W rite"). The last right is the right to run the file ("e X ecute").

The chmod mode can be denoted in numeric or character format. For example: 755, rwxrxrx, 644, etc.

As you already understood, the symbols r , w and x denote, respectively, read , write, and execute . You can set permissions on files in any way through any ftp client, for example CuteFTP. This is how the chmod installation window looks in this program:

Chmod in CuteFTP


Pay attention to the alignment of the "tick". The first tick in the fields "Owner": read, write, execute (rwx); Then go the "Groups" fields: read, execute (rx); And finally the "Remaining" fields: read, execute (rx). As a result, we got rwxrxrx rights to the file (in turn, letters and fields). That is, the owner can read, write and execute the file; "Group" and "others" have the right to read and execute the file, but not to write! Now you should be aware of the importance of setting the rights to files and try to ensure the maximum security of your scripts and data on the server with this tool.


Note the number 755 in the Manual field. It turns out that every right has a certain numerical code and can be manually exposed:

  • 400 - the owner has the right to read;
  • 200 - the owner has the right to record;
  • 100 - the owner has the right to perform;
  • 40 - the group has the right to read;
  • 20 - the group has the right to record;
  • 10 - the group has the right to performance;
  • 4 - the rest have the right to read;
  • 2 - the rest have the right to record;
  • 1 - the rest have the right to perform.
The sum of these items gives the desired chmod. For example, we want the owner to do everything, and the group and the rest - just read the file. Fold: 400 + 200 + 100 + 40 + 4 = 744. That is, we need chmod 744. Now it only remains to sum the numbers corresponding to those access rights that we want to put the file in and install them.

Examples:

400 + 40 + 4 = 444 - all have the right to read only.

400 + 100 + 10 + 1 = 611 - the owner can read and execute, the rest - only perform.

400 + 200 + 40 + 4 = 644 - means that you allow everyone to read it, but only the owner of the file can write to this file. Even if you own the file and open it in the browser, you can not write anything to it, because access through the browser makes you an anonymous user.

400 + 200 + 40 + 20 + 4 + 2 = 666 - means that everyone can both read and write this file. It is necessary that the user can make entries in guest books, forums, etc.

400 + 200 + 100 + 40 + 10 + 4 + 1 = 755 is a classic command for the cgi script. A CGI script is an executable file, and everyone should have read and execute access to it. Only the owner of this file can modify or delete it.

I'll give you an even more convenient, in my opinion, table for calculating chmod:

Values Owner Group Public (Other)
Read = 4 X X X
Write = 2 X
Execute = 1 X X X
Amount: (4 + 2 + 1) = 7 (4 + 1) = 5 (4 + 1) = 5

And in the end I will briefly describe how these permits are being established. This is done using any ftp client:

  • In Windows Commander, they change through the menu items "File"> "Change Attributes". This changes the permissions on the selected file (s) and / or folder.
  • In FAR Manager, the permissions of the selected files are changed by pressing Ctrl + A:
    [X] [x] [] [x] [x] [] [x] [x] [] - 666
    [X] [x] [x] [x] [x] [x] [x] [x] - 755
  • In CuteFTP, permissions are changed using the "Change file attributes" item of the menu that appears when the right mouse button is clicked on the file name.