chmod - change the mode of access to files
It is very important to sometimes assign permissions to certain files and folders located on a web server, whether for security purposes or simply for the correct operation of the script. This action is called chmod ( ch ange file mod e), or in Russian: changing the mode of access to files. This name originates from the Unix command chmod, which changes permissions on files. Over time, “chmod” has become synonymous with the word “permission”.
There are three groups of users whose rights we are interested in: the owner of the file, the group and other users.
When creating a file, the user automatically gets the widest right to do anything with this file, his group is slightly lower, and all the others are completely insignificant. In Unix, there are only three basic rights - read a file or browse a directory (“ R ead”), change a file or folder, write something to it, or delete it altogether (“ W rite”). Last right - the right to run the file (“e X ecute”).
Chmod mode can be indicated in numeric or character format. For example: 755, rwxrxrx, 644, etc.
As you already understood, the symbols r , w and x denote, respectively, read , write and execute . You can set file permissions in this way through any ftp client, for example, CuteFTP. This is what the chmod installation window looks like in this program:
Pay attention to the arrangement of ticks. The first checkboxes are in the Owner fields: read, write, execute (rwx); Then come the “Groups” fields: read, execute (rx); and finally the “Rest” fields: read, execute (rx). As a result, we got the rights rwxrxrx to the file (in turn, letters and fields). That is, the owner can read, write and execute the file; "Group" and "others" have the right to read and execute the file, but not to write! Now you need to realize the importance of installing permissions on files and try to ensure the maximum security of your scripts and data on the server using this tool.
Note the number 755 in the Manual field. It turns out that every right has a certain numeric code and can be set manually:
- 400 - the owner has the right to read;
- 200 - the owner has the right to write;
- 100 - the owner has the right to perform;
- 40 - the group has the right to read;
- 20 - the group has the right to record;
- 10 - the group has the right to perform;
- 4 - the rest have the right to read;
- 2 - the rest have the right to record;
- 1 - the rest have the right to perform.
400 + 40 + 4 = 444 - everyone has the right to read only.
400 + 100 + 10 + 1 = 611 - the owner can read and execute, the rest - only execute.
400 + 200 + 40 + 4 = 644 - means that you allow everyone to read it, but only the owner of the file can write to this file. Even if you are the owner of the file and open it in the browser, you will not be able to write anything into it, because access via the browser makes you anonymous.
400 + 200 + 40 + 20 + 4 + 2 = 666 - means that everyone can read and write this file. This is necessary so that users can make entries in guest books, forums, etc.
400 + 200 + 100 + 40 + 10 + 4 + 1 = 755 is a classic command for the cgi-script. A CGI script is an executable file, and everyone should have access to it for reading and execution. Only the owner of this file can change or delete it.
I will give an even more convenient, in my opinion, chmod calculation table:
And at the end I will briefly say how these permissions are established. This is done using any ftp client:
- In Windows Commander, they are changed through the menu items "File"> "Change Attributes". This changes the permissions on the selected file (s) and / or folders.
- In FAR Manager, the permissions of selected files are changed by pressing Ctrl + A:
[x] [x]  [x] [x]  [x] [x]  - 666
[x] [x] [x] [x]  [x] [x]  [x] - 755
- In CuteFTP, permissions are changed using the “Change file attributes” item of the menu that appears when you right-click on a file name when clicked.