File permission controls can access files in UNIX systems. Quite often, I hear of beginning CGI programmers who try to write files into a directory in which they do not have write permission. UNIX permissions are also called rights.
UNIX can control file access in a number of ways. There are three levels of permissions for three classes of users. To view the permissions on a file use the lscommand with the -l command-line option. For example:
miles:~/public_html/test>ls -l total 40 -rw-r--r-- 1 dave staff 139 Jun 18 14:14 index.html -rwxr-xr-x 1 dave staff 9145 Aug 14 07:06 test.pl drwxr-xr-- 2 dave staff 512 Aug 15 07:11 tmp
Each line of this listing indicates a separate directory entry. The first character of the first column is normally either a dash or the letter d. If a directory entry has a d, it means that the entry is a subdirectory of the current directory.
The other nine characters are the file permissions. Permissions should be thought of in groups of three, for the three classes of user. The three classes of user are:
Each of the classes can have one or more of the following three levels of permission:
If a permission is not allowed to the user that ran the ls command, its position is filled with a dash. For example:
ls -l dir -rwx------ 1 dave staff 11816 May 9 09:19 test.pl
The owner, dave, has full rights - read, write, and execute for this file. The group, staff, and everyone else have no rights.
Tip Perl scripts are not compiled; they must be read by the Perl interpreter each time they are run. Therefore, Perl scripts, unlike compiled programs, must have execute and read permissions.
Here is another example:
ls -l pfind.pl -rwxr-x-- 1 dave staff 2863 Oct 10 1995 pfind.pl
This time, the owner has full access while the group staff can read and execute the file. All others have no rights to this file.
Most HTML files will have permissions that look like this:
ls -l search.html -rw-r--r-- 1 dave staff 2439 Feb 8 1996 search.html
Everyone can read it, but only the user can modify or delete it. There is no need to have execute permission since HTML is not an executable language.
You can change the permissions on a file by using the chmod command. The chmod command recognizes the three classes of user as u, g, and o and the three levels of permissions as r, w, and x. It grants and revokes permissions with a + or - in conjunction with each permission that you want to change. It also will accept an a for all three classes of users at once.
The syntax of the chmod command is:
chmod <options> <file>
Here are some examples of the chmod command in action
ls -l pfind.pl -rw------ 1 dave staff 2863 Oct 10 1995 pfind.pl chmod u+x pfind.pl ls -l pfind.pl -rwx------ 1 dave staff 2863 Oct 10 1995 pfind.pl
The first ls command shows you the original file permissions. Then, the chmod command add execute permission for the owner (or user) of pfind.pl. The second ls command displays the newly changed permissions.
To add these permissions for both the group and other classes, use go+rx as in the following example. Remember, users must have at least read and execute permissions to run Perl scripts.
ls -l pfind.pl -rwx------ 1 dave staff 2863 Oct 10 1995 pfind.pl chmod go+rx pfind.pl ls -l pfind.pl -rwxr-xr-x 1 dave staff 2863 Oct 10 1995 pfind.pl
Now, any user can read and execute pfind.pl. Let's say a serious bug was found in pfind.pl and we don't want it to be executed by anyone. To revoke execute permission for all classes of users, use the a-x option with the chmod command.
ls -l pfind.pl -rwxr-xr-x 1 dave staff 2863 Oct 10 1995 pfind.pl chmod a-x pfind.pl ls -l pfind.pl -rw-r--r-- 1 dave staff 2863 Oct 10 1995 pfind.pl
Now, all users can read pfind.pl, but no one can execute it.