Home > Megaphone > chmod command - Usage examples. chmod Command - Usage Examples Privileges for User Groups

chmod command - Usage examples. chmod Command - Usage Examples Privileges for User Groups

I have a web directory /www and a folder within that directory called store .

Inside store there are several files and folders. I want to grant store folders and all files and folders in the store folder all permissions.

How can I do this? I'm guessing via .htaccess.

If by all resolutions you mean 777

Go to the folder and

You can also use chmod 777 *

This will give permissions to all files currently in the folder and files added in the future, without granting permissions to the directory itself.

NOTE. This must be done in the folder where the files are located. For me it was the images that had the problem, so I went to the images folder and did that.

for mac, must be “superuser”;

so first:

Sudo -s password:

Chmod -R 777 directory_path

You can give permission to a folder and all its contents using the -R ie Recursive Permissions option.

But I would advise against giving 777 permission to the entire folder and that's all the contents. You must grant specific permission to each subfolder in the www directory folders.

Ideally give 755 permission for security reasons for the web folder.

sudo chmod -R 755 /www/store

Each number has a resolution meaning. Don't grant full permissions.

N Description ls binary 0 No permissions at all --- 000 1 Only execute --x 001 2 Only write -w- 010 3 Write and execute -wx 011 4 Only read r-- 100 5 Read and execute r-x 101 6 Read and write rw- 110 7 Read, write, and execute rwx 111

  • First number 7 - Read, write and execute for the user.
  • Second number 5 - Reading and performance for the group.
  • Third number 5 - Reading and performance for another.

If you have multiple users in your production web folder, you can set permissions and user groups accordingly.

More information

Working with file system in the Unix family, it often requires changing and setting access rights to certain types of data. These measures help reduce the risk of unauthorized viewing and use of system or other information important for the correct operation of the server.

However, such a protective function (for example, access rights 777) makes sense only for multi-user operating systems, since otherwise its installation would be rather a waste of time resources.

What does this term mean?

Anytime operating system, which involves operation by different groups of users, there is a restrictive element. He is appointed by the system administrator and regulates the order and capabilities of working with the directory under his control for three types of users:

  • The owner of the file.
  • Users who are in the owner group.
  • All other persons who have access to the server through a web browser.

Access rights 777 - an attribute that allows all of the above types of users to read, run and overwrite/create files in a directory, existing only for the Linux platform. This function provides full opportunities for interaction with information, but, unfortunately, is far from the concept of security. This action is similar to placing a file in the shared documents section in Windows.

Permission 777: number value

On Unix, group permissions are written on a single three-digit line. Each of them indicates the rights of one of the user types.

Thus, this numerical combination is the arithmetic sum of 2 (write), 4 (read) and 1 (execute) and describes the capabilities that this function provides.

How to set permissions to 777?

Knowing that the above-described attribute allows the user to decipher the numerical designation, setting it will not be difficult. To do this, you will need any file manager that supports an FTP connection to the server, which can be accessed as an administrator.

The answer to the question about a folder is no different from the instructions for a file: on the server you should select the desired object and call the context menu by right-clicking. Next, select “file” and “change attributes”.

In the manager window that opens, you need to enter a combination of numbers or check the boxes for each user group. For the server room Unix systems There is also a simpler method that only requires entering a command in the format: chmod 777 %filename% (file or folder name) in the hoster’s control panel.

Only for multiplayer servers

The main thing is to remember that 777 rights exist only for files located directly on a multi-user server and are not installed on a separate computer.

In addition, it is possible to set these rights to directories, where the “behavior” of the designated parameters will be the same as for a folder, with the only difference being that instead of reading the objects inside, the user will be able to view only a list of all contents. Setting rights to directories is carried out using the methods described above.

And, of course, you should remember that it will not be possible to set this type of access for the Denver package, since it simulates the operation of a network web service, however, in reality it is not one, carrying out activities on Windows platform. This OS does not belong to the category of server OS, therefore, when installing scripts on Denver, the requirements for changing access rights should simply be ignored.

Disadvantages of Full Control Rights

The server system uses rights 777 quite rarely; as a rule, most hosters adhere to the 755 type. They are distinguished by somewhat reduced functions for all users except the owner, depriving them of the ability to write and create files.

Setting rights that provide full access to content located on the server often leads to a violation of the security of the resource. Attackers do not miss the chance to take advantage of a noticeable gap in information security, since incorrectly set access settings give freedom of action to any user. Thus, not only the persons interested in this, but also the thoughtless actions of inexperienced users can harm the operation of the server.

Before setting access rights to 777, you should think carefully about whether such negligence will lead to hacking of the resource.

When working with files located on the web server, there is often a need to set or change access rights to folders and files (chmod) view 777. In the family server Unix operating systems, access rights (chmod) of the form 777 regulate the following actions: reading, writing to a folder or file, and executing the file.

What are "access rights" in the operating system

File or folder permissions are a security feature of any multi-user operating system or software from unauthorized access to important (system) information.

If the operating system is single-user, for example, like the home version of Windows, then there is no point in particularly limiting the user’s power over his user and system files and folders. Because, in this case, the same person is both a user and an administrator at the same time.

If the operating system (or program) is multi-user and there can be more than one user in it, then you first need to figure it out and decide which of the users can be allowed to access important system and user files, and which should “let stand on the sidelines.” In order to differentiate the capabilities and degree of access to files and folders for users, within the operating system, there are “access rights”.

Access rights to files and folders are assigned at the level system administrator and determine the technical capabilities of each user for his operations with files and folders, within the directories under his control

At the same time, access rights allow you to partially or completely close general access To important files and directories, thereby preventing unauthorized interference in the operation of the system (program, server, website) or changing user data (database, database) on the server.

How "permissions" work

By and large, the user’s work in any operating system or program is simply working with files or folders. Initially, when accessing any file or folder, the user is free to do anything with them - execute, delete, change (overwrite) or create a new object. However, the operating system is vigilant - it is always on alert - every time the user accesses a file or folder, every time he acts within the operating system, it scrupulously checks whether or not the user is allowed to work with this file or folder. These are “access rights”. Thus, the user’s capabilities are limited in the actions that he (the user) can perform with a file or folder on the computer territory under his control.

Unix Permissions

As already mentioned, access rights to files and folders are available in all operating systems that involve multi-user work. Both Windows OS, Unix OS, and any other multi-user operating system have a function for configuring and setting access rights to files and directories (folders, directories) for various categories of users. This article will discuss access rights for server OS of the Unix family, which is also often called .

Access rights (chmod) of the form 777 for server Unix OS regulates permission or prohibition for the user to perform such actions as: reading, writing to a folder or file and executing executable files

What is chmod

What is 777

IN server In Unix operating systems, access rights are written on a single line consisting of three digits, where each digit refers to a different user group type. In turn, all users are divided into groups of three types:

  1. Owner group - “Owner of a folder or file”
  2. group Group - “Member of the group of the owner of the folder or file”
  3. World or Public group - “All other users”

Thus, the three digits in the designation, like 777, are the access rights set for three groups of users of a folder or file at once, where - each of the three digits indicates the access rights for its own user group.

Now it remains to figure out who the “Owner” is,
What is "Owner Group Member"
and who these “All other users” are.

Owner, owner group member, and all other users

Since we are talking here about servers, websites and Unix server operating systems, then:

The division of all users into groups in Unix server operating systems is implemented as follows - the Owner and Members of the owner group connect to the server using a special connection (FTP, SSH) (FTP, SSH protocol), and all other users access the site from a web browser (http -protocol)

It follows that, depending on the protocol for accessing a file on the server, the Unix server OS immediately divides users into two parts, either the owner or a member of the owner’s group, or all other users. The basis for this “sorting” (I repeat) is network protocol connections - if a user connected to the server using an FTP account (FTP protocol), then this is either the owner or a member of his group. And if a user logs into the server from a web browser (http protocol), then this is the third group - all other users.

Thus, for the Unix server OS, there is a very clear and easy-to-understand distinction between the first two and third groups - the owner and a member of his group access the server using a special connection (FTP, SSH), and all other users - through their web browsers.

But the differences between the first two groups - the owner and the member of his group - are greatly erased and veiled. This is where the jungle of a hosting package and an individual approach for each case begins.

Reference:
All files in Unix (Linux) can have two owners: their immediate owner-creator (user owner) and his group (group owner). The concept of an owner group means a certain list of users that was created by the owner himself for sharing a file or folder.

Thus, for a Unix server OS, the owner of a file or folder is directly the server administrator. All others to whom the owner will allow access to files on his server and who will connect to this server via the FTP/SSH protocol are members of the owner’s group.

Renting disk space refers to the space on the server occupied by site files. As a rule, these are inexpensive hosting packages where their users do not have access to the server admin panel (not to be confused with the CP - account control panel). Accordingly, site administrators (owners) using such packages, when connecting via FTP to the server, fall exclusively into the owner’s group. Whereas the owner himself (server administrator) is somewhere out there, “far in the mountains”, in his cozy office technical service hoster.

When renting disk space, the owner of all site files is the hoster himself, while the tenant of disk space is just a member of the owner's group.

For server tenants (real and virtual) the situation is somewhat different. When renting a server, the renter installs the operating system himself; of course, he is the direct owner of the files for this system. But creating a group and adding other users to it is up to him, the owner.
What follows from all of the above?

And the conclusion is this: - Tenants of disk space may not bother with the first number of the form (chmod) 777, since they are not the owners, and will never be the owners of their files. For them, the first digit should always be seven. - Tenants of servers (real and virtual) do not have to bother with the second number of the form (chmod) 777. Provided that they have not created and are not going to create any user groups on their server. Here, as such, there is no clear and strong distinction. Or rather, it will happen if you create an owner group and add a list of users to it. But such a group can only be created by the server administrator himself. When he creates it, then he will think about what to do with the second digit.

What do the numbers 777 or 456 mean?

Each figure, for each group, represents
an arithmetic sum of three digits,
denoting the following rights:

  • 4 = Read
  • 2 = Write (write permission)
  • 1 = Execute (permission to execute)

For example:

  • 6=4+2 - Read+Write (read right + write right)
  • 5=4+1 - Read+Execute (read right + execute right)
  • etc.

All possible 7 addition options for these three digits
on setting access rights to a folder or file for user groups
look like this:

  • 7 = 1+2+4 - Read, Write, Execute (read, write and execute)
  • 6 = 4+2 - Read, Write (read and write)
  • 5 = 4+1 - Read, Execute (read and execute)
  • 4 = 4 - Read (read only)
  • 3 = 1+2 - Write, Execute (recording and execution)
  • 2 =2 - Write (write only)
  • 1 =1 - Execute (execution only)

Thus, by setting access rights (chmod) of the form 765,
We will set the following rights for groups:

  • First digit, group Owner, Owner of a file or folder
    First digit = 7
    This means that the Owner of a folder or file has the right to:
    7=4+2+1 - Read+Write+Execute
  • Second digit, Group, Owner Group Member
    Second digit = 6
    This means that a Member of the owner's group has the right to:
    6=4+2 - Read (read) + Write (write)
  • Third digit, World group, All other users
    Third digit = 6
    This means that All other users have the right to:
    5=4+1 - Read (reading) + Execute (execution)

Now it is clear that by setting access rights with the combination of numbers 777 (three axes), we open full access to the file for absolutely all user groups. A similar result can be obtained by placing the file in the " General documents" (Public) on Windows.

It should be noted that some combinations of numbers can indicate very crazy situations with file access rights. For example, a combination like 477 will allow access to rewriting and executing a file for everyone except its owner (read: administrator). Alas, this does not happen.

Access rights are always set “descending” from “Owner” to “Member of the owner’s group”, and then to the “Everyone else” group. But not the other way around!

How to set access rights like 777 on the server

Now that it has become absolutely clear what these three treasured numbers mean - set access rights (chmod) of the form 777, will not be difficult. To set access rights (chmod) to 777 for a folder or file that is on the server, you will need any file manager that is capable of establishing and maintaining an FTP connection to the server. It could be Total Commander, Windows Commander, CuteFTP, Filezilla or anything else. Personally, I prefer the simple and free FTP file manager Filezilla, despite the fact that I am an ardent fan of Total Commander.

To set access rights (chmod) to 777, go to the server via FTP with Administrator rights!, through a pair of Administrator login and password!. Next, we find and select the required object (folder or file). After that, right-click the context menu “File - Change attributes”. Next, specify the required attribute (access rights) and click “OK”. To “drive in” the desired combination of numbers, you will need to either check/uncheck the checkboxes next to the required items, or enter the required code of the form 777 from the keyboard in the window that opens. All FTP file managers support both methods.

Bummer view of 777 on Denver

Like all aliens from outer space, I regularly communicate with representatives of various extraterrestrial civilizations who begin building their websites before they arrive on Earth.

Message for aliens:
There is no need to try to set access rights (chmod) to 777 when working with a well-known package that only simulates the operation of a web server running a Unix operating system on local computer, actually running the Windows operating system. There is no such button.

Files in Linux have two owners

It is necessary to set the rights to files and folders correctly. You can do this using FileZilla. In general, each server needs its own specific settings, which are best learned from your hoster. But usually the rights are set as follows: for files that are in the root directory 444, for folders in the root directory set 755, for tmp and logs folders set 705, for your template pack set 555, for the image/stories folder you can put 755, for the folder Cache 777.

The owner of the new file is the user who created the file.

Files in Linux have two owners: a user owner and a group owner, which refers to a specific list of users, and the file owner does not have to be a member of the group that owns the file. Each user can be a member of several groups at once, one of which is called primary, and all the others are called supplementary. This gives greater flexibility in organizing access to a specific file. Sharing It’s very easy to organize some resources, just create new group and include in it everyone who really needs it, and if a person moves to another department and there is no longer a need to use this file. And everything is very simple, you just need to exclude him from this group. Well, what should we do with the rest? Will they really not be able to at least read the contents of the file or will they have to be included and excluded from the group every time.
But for all others (other) who do not belong to either the user owner or group owner, access rights are set separately and, as a rule, the most minimal. Usually the owner of the file is the user who created it. this file. Owner-group again created file is set equal to the primary group of the user who created the file, but in some versions of Unix the owner-group is inherited from the owner-group of the directory in which the file is created. To change the owner of a file, use the chown command, which takes the name of the new owner and a list of files as parameters: # chown new_owner file1 file2 ...Of course, the name of the file may be replaced by a directory name, but the owner of the files inside the directory will not change, so that It was best to use the -R (chown -R) flag. When using this command (as well as most) you can use regular expressions if there is a need to select files that meet a certain criterion (chown - R lys *.c). To change the owner of a group, use the chgrp command; the syntax for using this command is similar to the previous one: # chgrp sales /home/sales/*. By the way, the chown command allows you to immediately set the owner group; to do this, immediately after the owner’s name without spaces or other characters, put a colon and write the name of the required group
# chown - R sergej:gljuk * , this writing option is also allowed # chown - R:gljuk * (i.e., an analogue of the chgrp command).
File ownership determines the operations that a particular user can perform on the file. The most obvious of these is changing the owner and group of a file. These operations can be performed by the superuser and the owner of the file (in BSD UNIX derivatives only the superuser). If everything is clear with the first one, then, for example, writing a program and then making it the owner, for example, a superuser, alas, will not work, and although the option of changing the owner is allowed, I honestly did not find an option for such an application. But the group, if you are the owner of the file, can only be changed to your primary one (by default it has the same name as the name of the corresponding user). All these restrictions were introduced for several reasons, so that no one could slip in any malicious file and so that if a disk space limit was set on a computer for a specific user, it was impossible to simply override the owner to exceed it.
The following basic operations that can be performed on a file are: read access (Read), write access (Write) and execute access (eXecute). These operations are set for each of the three user groups separately. Moreover, only the owner user and, of course, the superuser can do this. To set the appropriate rights, use the chmod command. It is applied in two forms: absolute - when old rights are ignored and new ones are unconditionally established, and relative - when others are added/removed to existing rights. The absolute form involves setting access rights to a file by directly specifying it in octal form. In order to get the full code of the required file mode, you simply need to add the values ​​of the codes given in the table.

Many novice Linux OS users often get confused when assigning access rights using the command chmod.


In this advice, accessible and visual, I will give examples of using the chmod command . Just use these examples in your work, substituting the necessary files or directories.

chmod command is handy tool to enhance the security of the operating system and allows you to assign access rights to files or directories.

If you are running the system using (or granted) extended superuser privileges as root, you will be able tochange the access rights of any file and directory belonging to any user of the system.

If you are a standard user, you will only be able to assign or change permissions on directories and files that you create.

Assign access rights to files or directories using the command chmod can be done in two ways - using symbolic and absolute modes.

Examples of using the chmod command in character mode:

(The initial value of file permissions is rwxrwxrwx - full access for everyone)

To revoke permission to execute a file for all users and groups:

$ chmod a-x file (rw-rw-rw-)

To cancel writing to a file by a group and other users:

$ chmod go-w file(rw-r--r--)

Permission to execute a file by owner:

$ chmod u+x file(rwxr--r--)

Granting the group the same access rights that the file owner has:

$ chmod g=u file(rwxrwxr--)

Cancel reading and writing to a file by group users and other users:

$ chmod go-rw file(rwx--x---)

Examples of using the chmod command in absolute mode:

Permission to read, write, execute file file by all users and groups (full control):

$ chmod 777 file(rwxrwxrwx)

Set read and write permissions for owner, group, and other users:

$ chmod 666 file(rw-rw-rw-)

Installation full access to the file for the owner and read-only for the group and other users:

$ chmod 744 file(rwxr--r--)

Setting full access to the file for the file owner and denying access to the group and other users:

$ chmod 700 file(rwx------)

Setting read and write permissions for the file owner and read only for the group and others:

$ chmod 644 file(rw-r--r--)

Setting read and write permissions for the file owner and his group and denying access to others:

$ chmod 640 file(rw-r-----)

Setting file access with read permission for all users and groups:

$ chmod 444 file(r--r--r--)

File permissions for read, write, execute by owner and read, execute by group and others:

$ chmod 755 file(rwxr-xr-x)

Allowing read and execute access to a file for a user and others and denying access to a group:

$ chmod 505 file(r-x---r-x)

If you want to assign permissions to all files in the current directory, simply put an * (asterisk) after the permissions you assign:

$ chmod 755 *

As a result of executing this command, the owner will have full rights (read, modify, execute) to all files in the current directory, while the group and other users will have only read and execute rights.

If you want your actions to propagate recursively (including all subdirectories), use the -R option:

$ chmod -R 777 *

The result of running the above command will be to recursively "traverse" all subdirectories of the current directory and assign full access to all users and groups.

This article covers just a few examples of using the command. chmod. If you want to know more about the team's work chmod And access rights on Linux, pay attention to .

Good health, dear blog readers! We would all like everyone or a folder located on the hosting server and belonging to the site to be protected as much as possible from unauthorized access.

This protection is ensured due to the fact that 90% of hosters use Unix-like operating systems, in which it is possible to regulate access rights to all files and directories. The server of my hosting provider, on which several of my projects are located, is no exception.

By the way, be sure to take an interest by following the link provided. But let's continue. The rules established in Unix differ from the rules of work in the operating room that many are accustomed to. Windows system, where protection in this aspect is not so strong, which sometimes leads to disastrous consequences in the form of virus infection of the system.

CHMOD for users and access rights to files and folders (directories)

In systems managed by Unix, the situation is different and there is an opportunity to seriously complicate life for bad guys who will try to take advantage of the results of your painstaking work over a long period. Namely, correctly configure CHMOD access rights. Our task is to give the minimum possible rights to access files and folders, which nevertheless will not interfere with the correct operation of the site.

Agree, it’s a sin not to take advantage of the opportunity to seriously strengthen. Of course, in this case, editing some files will take a little more time, but here you have to choose: either optimizing system security, or... Below I will try to systematize the information on CHMOD (access rights), because there are several nuances that are necessary webmaster knows. So let's begin.

Access rights vary for different user groups. When a connection is attempted, the server determines which group to assign a particular user to. All users are divided into three categories:

  1. "user" - file owner
  2. "group" - one of the members of the group to which the owner belongs
  3. “world” - “rest of the world”, that is, all other users

If you connect to the server using and log in using your username and password, you will be identified as "user"(u) if anyone else connects via FTP it will be detected as "group"(g), if the user uses a browser, then he falls under the category "world"(o).

Now about CMOD access rights to files and directories. In essence, they are slightly different, although the designations are the same. File permissions:

  • r (read) - the right to read file data
  • w (wright) - the right to change content (you can only edit the content - write, but cannot delete)
  • x (eXutive) - the right to execute the file

Access rights to folders (directories):

  • r - the right to read a folder (you can get the contents of a directory, that is, a list of files included in it)
  • w - the right to change the contents (permission to create and delete objects in the directory; if you have the right to write files, then you can even delete objects that do not belong to you)
  • x - access right to a particular directory (the peculiarity here is that even if you have all the necessary rights to a file that is located “deep” in the directories, but do not have access rights to at least one subdirectory on the path to this object, then you won't be able to access it)

The hyphen “-” indicates the absence of any rights. All these rights are assigned by the administrator, who gains this opportunity by entering a password. If we can set the maximum possible restrictions on CHMOD access rights to certain resource files, then we can practically eliminate the danger of virus programs carrying out their “dirty deeds”.

For clarity, let's consider an example when the owner of the file u has all possible rights: read, write and execute. Users assigned to category g (group) have read and write only, all others (w) have only read rights. Then the CHMOD entry will look like this: “rwx rw- r- -”.

Access rights to files and folders in digital terms: CHMOD (777, 755, 444)

But more often, webmasters in their practical activities have to assign certain access rights in digital terms:

  • r (read) - 4
  • w (record) - 2
  • x (performance) - 1
  • - (no rights) - 0

Now let's look at the above example again to assign access rights "rwx rw- r- -". To display the rights of each user, the addition of his rights is used (r read + w write + x execute). Thus, part of the entry for the file owner u (user) - “rwx” will turn into 7 (4+2+1). For a member of the group g (group) - “rw-” in 6 (4+2+0) and for other users o (world) - “r- -” in 4 (4+0+0). As a summary, here is a summary table with the values ​​of CHMOD access rights, expressed in both letters and numbers:


Now I’ll present another table that reflects the total CHMOD rights for all user groups in numerical format:


These are the main combinations that are most often used in the work of a webmaster. The rest are formed by analogy. If you are an administrator of a site or blog, but are working with a project without connecting via the FTP protocol, you also belong to the “Other users” group. In this case, when working with a site in this mode, you need to take into account the last digit in the CHMOD value.

Usually on the server where your files are located WordPress blog, folders have access rights of 755, and files that are part of them are set to 644. This is true when the resource is built using HTML files, however, in modern conditions, CMS (content management systems) are widely used to build a website, which include and WordPress. And here there may be objects that need to be written to by the “world” user group. There may be folders in which content is downloaded, including images.

Therefore, the assignment of CHMOD rights to certain files must be differentiated. If you log into site management via FTP, you can perform any actions, however, in many cases we work with our project through, and in this case problems may arise if the rights are too high, and, conversely, if access rights to one or another file (folder) are underestimated, then the security threat increases. Therefore, based on the above, we can determine some recommendations for the practical use of CHMOD for a WordPress blog:

777 - for folders in which files are constantly being written and erased (for the caching folder)
755 - in relation to folders in which files are constantly written but not deleted
666 - for files where you need to add an entry from time to time (for example, a .htaccess file)
644 - for files that are read-only (.php, .html, etc.)

How to configure CHMOD permissions using FileZilla FTP manager

If you need to make some changes when working with a resource, but because editing is prohibited, this cannot be done, you need to connect to the hosting server via FTP and change the access rights to 777. However, after making changes to the file, it is recommended to set the previous CHMOD again .

Now let's learn more about how to perform this operation using . To do this, open the program and connect via FTP to the hosting server. On the left side "Remote Server" First, we mark the files whose attributes will be edited:

And from context menu caused by pressing the right mouse button, select "File Permissions". After this a dialog box will appear "Change file attributes":

Here we assign the necessary CHMOD values ​​for the selected (or selected) files. But this is only if you selected a file or group of files. If you want to set or change CHMOD values ​​for a directory (folder), when you select “Change file attributes”, an analog window will appear, somewhat different from the one located above, namely:

See, they appeared here additional settings. If you check the box next to the line "Redirect to subdirectories", this means that the specified access rights will be applied to directories (folders) or files nested in this directory. When the box below is checked, the group of settings located will become active and you will also need to select how the settings should be applied: to all files and directories, only to attached files, or only to directories.


Related articles

Review of the free version of AdwCleaner AdwCleaner: what is it

Review of the free version of AdwCleaner AdwCleaner: what is it

How to turn your Android device into a wireless gamepad

How to turn your Android device into a wireless gamepad

Wireless router Asus RT-N11P How to connect a new router asus rt n11p

Wireless router Asus RT-N11P How to connect a new router asus rt n11p

×
Close