next up previous contents
Next: HTTP Headers Up: Beginning CGI Programming in Previous: Exectiion of CGI Programs

Why Are File Permissions Important in UNIX?

File permission controls can access files in UNIX systems. Quite often, I hear of beginning CGI programmers who try to write files into a directory in which they do not have write permission. UNIX permissions are also called rights.

UNIX can control file access in a number of ways. There are three levels of permissions for three classes of users. To view the permissions on a file use the lscommand with the -l command-line option. For example:

miles:~/public_html/test>ls -l
total 40
-rw-r--r--   1 dave  staff        139 Jun 18 14:14 index.html
-rwxr-xr-x   1 dave  staff       9145 Aug 14 07:06 test.pl
drwxr-xr--   2 dave  staff        512 Aug 15 07:11 tmp

Each line of this listing indicates a separate directory entry. The first character of the first column is normally either a dash or the letter d. If a directory entry has a d, it means that the entry is a subdirectory of the current directory.

The other nine characters are the file permissions. Permissions should be thought of in groups of three, for the three classes of user. The three classes of user are:

Each of the classes can have one or more of the following three levels of permission:

If a permission is not allowed to the user that ran the ls command, its position is filled with a dash. For example:

ls -l dir
-rwx------   1 dave  staff      11816 May  9 09:19 test.pl

The owner, dave, has full rights - read, write, and execute for this file. The group, staff, and everyone else have no rights.

Tip Perl scripts are not compiled; they must be read by the Perl interpreter each time they are run. Therefore, Perl scripts, unlike compiled programs, must have execute and read permissions.

Here is another example:

 ls -l pfind.pl
-rwxr-x--   1 dave  staff       2863 Oct 10 1995  pfind.pl

This time, the owner has full access while the group staff can read and execute the file. All others have no rights to this file.

Most HTML files will have permissions that look like this:

ls -l search.html
-rw-r--r--   1 dave  staff       2439 Feb  8 1996  search.html

Everyone can read it, but only the user can modify or delete it. There is no need to have execute permission since HTML is not an executable language.

You can change the permissions on a file by using the chmod command. The chmod command recognizes the three classes of user as u, g, and o and the three levels of permissions as r, w, and x. It grants and revokes permissions with a + or - in conjunction with each permission that you want to change. It also will accept an a for all three classes of users at once.

The syntax of the chmod command is:

chmod <options> <file>

Here are some examples of the chmod command in action

ls -l pfind.pl
-rw------   1 dave  staff       2863 Oct 10 1995  pfind.pl

chmod u+x pfind.pl
ls -l pfind.pl
-rwx------   1 dave  staff       2863 Oct 10 1995  pfind.pl

The first ls command shows you the original file permissions. Then, the chmod command add execute permission for the owner (or user) of pfind.pl. The second ls command displays the newly changed permissions.

To add these permissions for both the group and other classes, use go+rx as in the following example. Remember, users must have at least read and execute permissions to run Perl scripts.

ls -l pfind.pl
-rwx------   1 dave  staff       2863 Oct 10 1995  pfind.pl

chmod go+rx pfind.pl
ls -l pfind.pl
-rwxr-xr-x   1 dave  staff       2863 Oct 10 1995  pfind.pl

Now, any user can read and execute pfind.pl. Let's say a serious bug was found in pfind.pl and we don't want it to be executed by anyone. To revoke execute permission for all classes of users, use the a-x option with the chmod command.

ls -l pfind.pl
-rwxr-xr-x   1 dave  staff       2863 Oct 10 1995  pfind.pl

chmod a-x pfind.pl
ls -l pfind.pl
-rw-r--r--   1 dave  staff       2863 Oct 10 1995  pfind.pl

Now, all users can read pfind.pl, but no one can execute it.


next up previous contents
Next: HTTP Headers Up: Beginning CGI Programming in Previous: Exectiion of CGI Programs
dave@cs.cf.ac.uk