If you are new to understand Unix permissions . i suggest to read this Unix File system permissions and check this out.
what is chmod?
As per Wiki, In Unix-like operating systems,
chmod is the command and system call which may change the access permissions to file system objects (files and directories).Link to Wiki: WIKI-CHMOD
Suppose you want to write to a file but you don't have access right to do so. you will get write access abounded error.
So, logically we use chmod to change the permission access to enable the read/write/execute permissions with the help of sudo.
At first list out the file you want to alter
$ ls -l findPhoneNumbers.sh -r-xr-xr-- 1 dgerman staff 823 Dec 16 15:03 findPhoneNumbers.sh $ stat -c %a findPhoneNumbers.sh 554
with above command you can see the access given to the file
it states that the user and group does not have write access (have only read and execute ) access. so , user cannot delete this file.
sudo chmod 754 findPhoneNumbers.sh
The above command will change the user permission to write as well . Hence, you can delete the file.
When it comes to Directory, The execute is mostly not used. Only read /write is used to see and delete files in the directory.
$ ls -l shared_dir # show access modes before chmod d rwx r-x r-x 2 teamleader usguys 96 Apr 8 12:53 shared_dir
d represents directory and as you see 755 in which only user is allowed to delete the folder.
Group and outside world don't have access to do so.
Mostly , we set 755 for folders and 644 for files.
Explanation :
644 means that files are readable and writeable by the owner of the file and readable by users in the group owner of that file and readable by everyone else.
755 is the same thing, it just has the execute bit set for everyone. The execute bit is needed to be able to change into the directory. This is why directories are commonly set to 755.
Regular HTML files need to be viewable by the Apache user (user nobody on cPanel servers). Since this user is typically not in the group of the ownership of the file (and if it were, and in a shared hosting environment every user would have to be in this group, which kind of defeats the purpose of limiting to 640 or 750) the world section of the permissions needs to be set to readable.
Now in a suPHP environment, PHP files can just as easily be set to 600. This is because the PHP files are read by the web server as the username specified in the virtualhost section in Apache. In a non-suPHP environment though, PHP files are still read by the apache user and therefore would require a world-readable bit. Again, this would only apply to PHP parsed files, not regular .html or .htm files.
Most scripts have separate config files which include login information. And yes, for those files I would recommend that they are set to a permission setting of 600 to prevent others from reading it. Other PHP files could also be set to 600, but you're really not saving yourself anything if the PHP files have no critical information included. For example, setting the permissions to Wordpress's main index.php file to 600 kind of defeats the point because someone can just download Wordpress from Wordpress's site and read the index.php file.
suPHP and PHP as CGI really are not a standard. PHP developers cannot recommend to set the permissions on the files to 600 because if PHP is running as a DSO module on the server, then using 600 permissions will not work. This is one reason why I think suPHP and PHP as CGI should be standard on any shared hosting server, but the owner of that server or the owner of the account on that server needs to realize that it is important to set the permissions on these config files to 600 and ignore the recommendations in the software's specifications.
Source: Cpanel
No comments:
Post a Comment