UNIX file permissions

If a script running on the server creates a file then the web server is the file’s owner. However, if I use my text editor and FTP to create a file then I am the file’s owner. It is important to take note of this as you consider the order in which permission letters are arranged. The owner’s permission letters are specified at the beginning of a permission string; followed by group; followed by other. Sometimes you will be other; and sometimes the server will be other. It depends on who created the file.

Note: the practices I am advocating on this post are for a development environment. If your code is being used just for a production environment then you can be more strict with the permissions.

For files

  • r read
  • w write
  • x execute

PHP files do not need to be executable unless you are going to run them from the command line; However, the web server needs an r to be able to read a script file so that it can run it. I, the programmer, should have rw on the file. If the server also needs to be able to make changes to a file then it will need rw on the file.

Based on what I’ve just said, the permissions on a file should be:

  • rw-r--rw- or rw-r--r-- if I’m the owner.
  • rw-r--rw- or r--r--rw- if the web server is the owner.

For directories

  • r list the files in the directory
  • w create or edit the files in the directory
  • x have access to the files in the directory

The server only needs an x on the directory. It does not need an r on it.

If I want the server to be create/edit files in a directory then the server needs to have rwx on that directory.

I should have rwx on all directories.

So what should directory permissions be:

  • rwx--xrwx or rwx--x--x if I’m the owner.
  • rwx--xrwx or --x--xrwx if the web server is the owner.

So, what am I saying?

The programmer needs to answer two questions to be able to specify permissions for a file or directory. First, whether they or the server is its owner. Second, whether they want the sever to be creating/editing files.

Mini-lesson

  • 7 is rwx
  • 5 is r-x
  • 4 is r--
  • 3 is -wx
  • 2 is -w-
  • 1 is --x

Example: 751 is rwxr-x--x

How to Change Permissions on a File Owned By the Server to Allow You More Access to it

If a script created the file then it is owned by the server. And, in that case, you can’t change those permissions. At this point only the server can change permissions on that file. So, how do you get the servers to do this kind of thing? Well, you should have had some code in the script which created the file. This code would have changed the permissions to something more favorable to you. Here is sample code which changes permissions on a file:

$docRoot = $_SERVER["DOCUMENT_ROOT"];
$locatorStr = $docRoot . "/web/how_web/" . "aTestOfChmod.php";

if (file_exists($locatorStr)) {
  echo "No file written. File already exists.<br />\n";
} else {
  touch($locatorStr);
  echo "File was created.<br />\n";
  if (chmod($locatorStr, 0646)) {
    echo "Successful at chmod.";
  } else {
    echo "Not successful at chmod.";
  }
}

clearstatcache();

How to Change Permissions on a File You Own to Allow the Server More Access to it

Use your web host’s web shell interface or the command line on the server. Since you own the file you can change the permissions in favor of the server.

Advertisements

About samehramzylabib

See About on https://samehramzylabib.wordpress.com
This entry was posted in PHP and Filesystem and tagged , . Bookmark the permalink.

Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s