Tuesday, June 4, 2013

Understanding File Permissions: What Does “Chmod 777″ Means?

If you are a Linux user, or a webmaster managing your own website (which is probably hosted on a Linux server), you will surely come across a situation when you try to upload a file or modify a document and receive the error “You do not have the permissions to upload file to the folder“. And after some googling, the solution is often as easy as setting the file permission to “775″ or “777″. So what exactly does “777″ mean? And why must it be ’7′, and not ’8′ or ’9′?

Understanding File Permissions

Unix systems (including Linux and Mac OS X) come with a file control mechanism to determine who can access a particular file or folder and what actions they can do to it. There are two parts to the file control mechanism, namely Classes and Permissions. Classes determines who can access the file while the Permissions determines the kind of action the user can do to the file.
There are three Classes – Owner, Group, Others.
  • The Owner is the usually the creator of the files/folders. In Linux, files or folders that you created in your Home directory are usually owned by you, unless you specifically change the ownership.
  • The Group contains a group of users who share the same permissions and user privilege.
  • Others means the general public.
As for permissions, there are 3 type of actions that you can perform on a file/folder. You can either read, write or execute.
  • Read – You can only view the file, but cannot modify the content of the file. When applied on Folder, you can only view the files in the folder, but you can’t delete from or add files into the folder.
  • Write – You can edit and modify the file. For Folders, you can delete and add files into the folder.
  • Execute – Execute is mainly used when you need to run the file (commonly used when you need to run a script).
When you combine the Classes and the Permissions, you will be able to control who can access the file and what actions they are able to do with it.
For example, the owner will usually have all the permissions (read, write and execute) to access the file. If you are not the owner of the file/folder, you have to change the Ownership of the file to your name, or change the permissions of Group or Others to read, write or execute. In a web server, if you are not able to upload a file, it is probably because you are not the owner of the destination folder, or you are not given sufficient permissions to add files to the folder.

What’s about the number?

With the basic understanding of the Classes and Permissions, let’s delve into it further and see how the “777″ or “775″ come about.
Every file and folder contain a 8-bit data that control the permissions. At its basic binary form, it will be “000″, which means no permissions of any form is granted. When you set a “Read” permission, it will add 4-bit to the data, making it “100″ (in binary format) or a “4″ in the usual decimal format. Setting a “Write” permission will add 2-bit to the data, making it “010″ and “2″ in decimal form. Lastly, setting an “Execute” permission adds 1-bit to the data, which will result in “001″, or “1″ in decimal form. In short:
  • Read is equivalent to ’4′.
  • Write is equivalent to ’2′.
  • Execute is equivalent to ’1′
When we want to set permissions, we just add up the number. For example, to set the permissions to read and write, we will use ’6′ (4 + 2) for the permission. For read, write and execute, we will use ’7′ (4 + 2 + 1) for the permission. Here’s the different permutation:
0 – no permission
1 – execute
2 – write
3 – write and execute
4 – read
5 – read and execute
6 – read and write
7 – read, write, and execute
Depending on the permissions you want to grant to the file, you just set the number accordingly.
What about the 3 digits ’777′? Well, the first digit is assigned to the Owner, the second digit is assigned to the Group and the third digit is assigned to the Others. So for a file with ’777′ permission, everyone can read, write and execute the file. Here are some of the commonly used permissions:
  • 755 – This set of permission is commonly used in web server. The owner has all the permissions to read, write and execute. Everyone else can only read and execute, but cannot make changes to the file.
  • 777 – Everyone can read write and execute. In a web server, it is not advisable to set ’777′ permission for your files and folders as it allows anyone to add malicious code to your server. However, in some cases, you will need to set the 777 permissions before you can upload any file to the server (For example, uploading images in WordPress)
  • 644 – Only the owner can read and write. Everyone else can only read. No one can execute the file.
  • 655 – Only the owner can read and write, but not execute the file. Everyone else can read and execute, but cannot modify the file.

Setting File Permissions in Command Line

In Linux, you can easily change the file permissions by right-clicking the file or folder and select “Properties”. There will be a Permission tab where you can change the file permissions. In the terminal, the command to use to change file permission is “chmod“.
chmod 775 /path/to/file
Hopefully, this article can help you understand better about the file permissions in Unix system and the origin of the magical number “777″.
Source: http://www.maketecheasier.com