Understanding File Permissions

User types

Files have permissions specified for three types of users: owner, group, and other. The owner is often the file creator, however ownership may be changed so this is not always the case. The group is the group of users that the file is associated with, and other represents all other users.

The Permissions

Permissions control a user's ability to perform three actions: read, write and execute. Allowing users read access enables them to view the contents of files and directories. Granting write access enables users to modify and delete files and directories. Lastly, granting execute permissions allows files, such as CGI scripts, to be executed, or run, on the server.

Reading File Permissions

Now that you have an understanding of what file permissions are, we'll go over how to read them. There are two ways you can view the permissions of the files and directories in your account, through your FTP client* and through the shell account that all of our *nix accounts come with.

Using Your FTP Client

Upon connecting to your account via an FTP client, you'll see a directory listing such as this:

If you connect to your account via SSH and do a list with the long list format switch, you'll a directory listing similar to this:

The fifth column, titled "Attr", of the FTP window and the first column of the SSH window show the permissions for each file and directory. For example, the permissions for the file index.html are -rw-r--r--.

• The first character which, in this case is a "-", denotes whether the item is a directory or not. If you look at the top of the listing you will see a directory, the first character of its permission description is a "d".
• The next three characters specify the owner's permissions for index.html; they indicate that the owner has read and write permission for this file.
• The second group of three characters describes the permissions for the group. In the case of this file, the group is only allowed to view the file.
• The last group of characters denotes the permissions any other users have. Again, you can see only read access has been granted for this file.

If you look at the directory list again, you'll see the file myscript.pl has the following permissions: -rwxr-xr-x. Unlike index.html, this file grants every user the ability to execute it. This is essential for this file, which happens to be a Perl script, to function properly.

Changing Permissions

Just as you can view a file or directory's permissions through an FTP or SSH connection to your account, you can also modify permissions through these means.