How-To

Understanding File Permissions and Ownership

The Numbering Scheme

File permissions are often noted as a three digit number. This number is the binary shorthand used to classify the owner, group and public permissions for the file. The value farthest to the left is for the file owner, the middle value is for the group, and the value on the right is for anyone who does not fit into the owner or group and in most circumstances should be the most restricted.

Each value is composed of a combination of read (4), write (2), and execute (1) permissions. If a file is 763 the owner would have read, write, and execute permissions (4+2+1), the group would have read and write (4+2), and everyone else would have write and execute (2+1). This is an odd permission set that we’re using purely for an example.  More common permissions types are 777, 775, and 664. 777 signifies that owner, group and everyone can do anything with the file or directory, generally a bad idea since even unauthorized users can make changes to the file. 775 is a common permissions scheme for directories since it gives the owner and group full control while allowing public users access to the directory without allowing them to make changes to it. 644 is the same concept applied to files, the difference being that directories need the execute permission in order to be opened.

Symbolic Notation

If you check the permissions of a file or directory on the command line by issuing the ls -la command, you will see the permissions written out in a series of dashes and letters like this:

-rwxrwxrwx
drwxr-xr-x

etc.

The first character signifies the file type. “” is a regular file and “d” is a directory. Next come the read, write, execute permissions (rwx) for each of the owner, group and public users. Putting this all together for our examples we have:

-rwxrwxrwx

This is a file with permissions 777. Owner, group and public all have full access.

drwxr-xr-x

This is a directory with permissions 755. Owner has full access and group and public users both have read and execute permission.

Changing Permissions

File permissions can be changed a variety of ways; the easiest is via FTP. Once you are FTP’ed into the your server, your FTP client will have an option for changing the permission of a file. To edit file permissions, right-click on a file and then select the appropriate option to edit file permissions.

In order change the ownership of a file, you will need to utilize sFTP. You can use an sFTP client (Filezilla or most FTP clients will have sFTP access within them) to get into the server as user ‘root’ over the ssh port (22 or 8888 by default). The sFTP client will have the same options as an FTP client but will also allow you to change the ownership and group permissions of a file.

If you are able to access the server via SSH (as root), then the following commands can be used to update the permissions and ownerships of a file.

Permissions:

chmod (permissions) filename

Ownership:

chown user:group filename

Examples:

a) Modify permissions: To modify the permissions of a file use the chmod command.

servint:~$ ls -la filename.php
-rwxrwxrwx 1 servint servint 2010-11-29 08:34 filename.php
servint:~$ chmod 644 filename.php
servint:~$ ls -la filename.php
-rw-r--r-- 1 servint servint 2010-11-29 08:34 filename.php

Note the permissions changed from -rwxrwxrwx (777) to -rw-r--r-- (644).

b) Modifying ownerships: To modify the ownership of a file use the chown command.

servint:~$ ls -la filename.php
-rw-r--r-- 1 servint servint 2010-11-29 08:34 filename.php
servint:~$ chown nobody:root filename.php
servint:~$ ls -la filename.php
-rw-r--r-- 1 nobody root 2010-11-29 08:34 filename.php
servint:~$ chown nobody:nobody filename.php
servint:~$ ls -la filename.php
-rw-r--r-- 1 nobody nobody 2010-11-29 08:34 filename.php

Note that the first variable after chown is the user then a colon followed by the group.

Photo by Frederic

Find out more about ServInt solutions
VPS

Starting at $27

  • The New York Times
  • The Hill
  • Bloomberg
  • The Seattle Times
  • Computer World
  • Ars Technica
  • MSNBC