chmod command - Usage examples. chmod Command - Usage Examples Linux Files Have Two Owners

I have a web directory /www and a folder within that directory called store .

Inside store there are several files and folders. I want to grant store folders and all files and folders in the store folder all permissions.

How can I do it? I'm guessing via .htaccess.

If by all resolutions you mean 777

Go to the folder and

You can also use chmod 777 *

This will give permissions to all files currently in the folder and files added in the future, without granting permissions to the directory itself.

NOTE. This must be done in the folder where the files are located. For me it was the images that had the problem, so I went to the images folder and did that.

for mac, must be “superuser”;

so first:

Sudo -s password:

Chmod -R 777 directory_path

You can give permission to a folder and all its contents using the -R ie Recursive Permissions option.

But I would advise against giving 777 permission to the entire folder and that's all the contents. You must grant specific permission to each subfolder in the www directory folders.

Ideally give 755 permission for security reasons for the web folder.

sudo chmod -R 755 /www/store

Each number has a resolution meaning. Don't grant full permissions.

N Description ls binary 0 No permissions at all --- 000 1 Only execute --x 001 2 Only write -w- 010 3 Write and execute -wx 011 4 Only read r-- 100 5 Read and execute r-x 101 6 Read and write rw- 110 7 Read, write, and execute rwx 111

First number 7 - Read, write and execute for the user.
Second number 5 - Reading and performance for the group.
Third number 5 - Reading and performance for another.

If you have multiple users in your production web folder, you can set permissions and user groups accordingly.

More information

The mechanism for distributing rights in operating systems, developed back in the 70s of the last century, turned out to be so successful that it is still used in UNIX systems, that is, for more than forty years.

Permissions 777 - what is it?

The basic principle of the method of distributing access includes the existence of mandatory attributes, such as the names of system users, as well as their groups. It is almost obvious that in Linux each user can have only one name, which must be unique within this system. Using a nickname, the user logs into the system, that is, undergoes authorization. In addition, the operating system contains a finite number of user groups. Each of them can be part of one or more groups. Superuser - root - can edit properties, create and delete groups. Members of different groups have different rights to operate in the system. For example, an administrator has more rights than a guest.

The inode (which every file has) contains the owner's login and the name of the user group that has rights to the file.

When a file is created, its owner becomes the user on whose behalf the process is running. The group of the newly created file is also determined using the group identifier of the current process. During further work, all these values can be changed using console commands, which will be discussed further.

How to change permissions

The chmod command can change the user access mode of a file. Only its owner or superuser is allowed to change these rights in any way. In Unix systems, the code is usually specified as a number in octal form, or using special mnemonic signs (letters). Using each method has its advantages and disadvantages. So, with the help of digital indication of access rights, the system administrator will be able to quickly configure the desired type of access, and with the help of mnemonic codes, he will be able to do this more precisely - for example, add or remove the write right, or deny the read right.

The first argument of the chmod console command is a specification of user permissions, and this is a mnemonic notation, or an octal number. The second and next arguments are the names of the files to which we are trying to change access rights. When setting rights in the form of three numbers, the first digit determines the rights for the owner, the 2nd for the group, and the third for all other users.

Access rights mnemonics

Access to files in the rights system has the following variations:

r - access to read the file;
w - the right to edit data (but not delete);
x - the ability to launch a file for execution.

The following system of rights applies to directories:

r - the user can read any files in the directory;
w - with these rights you can create and delete files in a folder, even if some of them in the directory belong to another user;
x - indicates the right to enter the directory. If you have w rights to a subfolder but do not have rights to a folder at a higher level, then you will not be able to get through to your folder.

A total of 8 different combinations are possible, which are shown in the figure below.

Using the table below, you can understand how to implement complex permission assignments, as well as how to set 777 permissions using the chmod mnemonic specification.

How to set permissions to 777 via SSH

Here are some examples of using the chmod command:

chmod 711 file_name.txt.

Using this file distribution scenario will result in the owner having full rights to the file, and all other user groups will only be able to execute it.

When using code 775, we will provide the owner and his entire group with a full list of rights. Other users will not be able to make changes to the file. It must be said that to specify a file only by its own name, it must be in the directory where this file is located. Otherwise, you can move to this directory with the command cd directory_name/subdirectory_name or use the following structure:

chmod 775 /var/bin/file_name.txt.

To recursively change the permissions of all files in a directory and all subfolders, you need to add the -R switch to the chmod command. The resulting command will look like this:

chmod -R 711 file_name.

As a result, how to set access rights to 777 for a file or directory will not be a problem - you just need to log in to your web server via SSH and run the command:

chmod 777 filename.

How to set access rights to 777 in the server control panel

You can also implement a similar procedure through the visual interface of the FileZilla FTP client or the WinSCP SFTP client. To do this, you will need to authorize on your server in one of these programs, select your file or folder in the visual interface, then right-click and check the boxes next to the required rights.

Sometimes, in case of urgent need, you may not have access to the Windows client, so you can change access rights through the web server control panel. To do this, using the file manager of your control panel, select the necessary files and click on the Change Permissions button. Next, you will also need to check all the boxes, and now the question of how to set 777 access rights to a folder will no longer be difficult for you.

Working with the file system in the Unix family often requires changing and setting access rights for certain types of data. These measures help reduce the risk of unauthorized viewing and use of system or other information important for the correct operation of the server.

However, such a protective function (for example, access rights 777) makes sense only for multi-user operating systems, since otherwise its installation would be rather a waste of time resources.

What does this term mean?

In any operating system that is intended to be used by different groups of users, there is a restrictive element. He is appointed by the system administrator and regulates the order and capabilities of working with the directory under his control for three types of users:

The owner of the file.
Users who are in the owner group.
All other persons who have access to the server through a web browser.

Access rights 777 - an attribute that allows all of the above types of users to read, run and overwrite/create files in a directory, existing only for the Linux platform. This function provides full opportunities for interacting with information, but, unfortunately, is far from being secure. This action is similar to placing a file in the shared documents section in Windows.

Permission 777: number value

On Unix, group permissions are written on a single three-digit line. Each of them indicates the rights of one of the user types.

Thus, this numerical combination is the arithmetic sum of 2 (write), 4 (read) and 1 (execute) and describes the capabilities that this function provides.

How to set permissions to 777?

Knowing that the above-described attribute allows the user to decipher the numerical designation, setting it will not be difficult. To do this, you will need any file manager that supports an FTP connection to the server, which can be accessed as an administrator.

The answer to the question about a folder is no different from the instructions for a file: on the server you should select the desired object and call the context menu by right-clicking. Next, select “file” and “change attributes”.

In the manager window that opens, you need to enter a combination of numbers or check the boxes for each user group. For a Unix server system, there is also a simpler method that only requires entering a command in the format: chmod 777 %filename% (file or folder name) in the hoster’s control panel.

Only for multiplayer servers

The main thing is to remember that 777 rights exist only for files located directly on a multi-user server and are not installed on a separate computer.

In addition, it is possible to set these rights to directories, where the “behavior” of the designated parameters will be the same as for a folder, with the only difference being that instead of reading the objects inside, the user will be able to view only a list of all contents. Setting rights to directories is carried out using the methods described above.

And, of course, you should remember that it will not be possible to set this type of access for the Denver package, since it simulates the operation of a network web service, however, in reality it is not one, operating on the Windows platform. This OS does not belong to the category of server OS, therefore, when installing scripts on Denver, the requirements for changing access rights should simply be ignored.

Disadvantages of Full Control Rights

The server system uses rights 777 quite rarely; as a rule, most hosters adhere to the 755 type. They are distinguished by somewhat reduced functions for all users except the owner, depriving them of the ability to write and create files.

Setting rights that provide full access to content located on the server often leads to a violation of the security of the resource. Attackers do not miss the chance to take advantage of a noticeable gap in information security, since incorrectly set access settings give freedom of action to any user. Thus, not only the persons interested in this, but also the thoughtless actions of inexperienced users can harm the operation of the server.

Before setting access rights to 777, you should think carefully about whether such negligence will lead to hacking of the resource.

When working with files located on the web server, there is often a need to set or change access rights to folders and files (chmod) view 777. In the family server Unix operating systems, access rights (chmod) of the form 777 regulate the following actions: reading, writing to a folder or file, and executing the file.

What are "access rights" in the operating system

File or folder permissions are a protective feature of any multi-user operating system or software against unauthorized access to important (system) information.

If the operating system is single-user, for example, like the home version of Windows, then there is no point in particularly limiting the user’s power over his user and system files and folders. Because, in this case, the same person is both a user and an administrator at the same time.

If the operating system (or program) is multi-user and there can be more than one user in it, then you first need to figure it out and decide which of the users can be allowed to access important system and user files, and which should “let stand on the sidelines.” In order to differentiate the capabilities and degree of access to files and folders for users, within the operating system, there are “access rights”.

Access rights to files and folders are assigned at the system administrator level and determine the technical capabilities of each user for his operations with files and folders within the directories under his control

At the same time, access rights allow you to partially or completely block public access to important files and directories, thereby preventing unauthorized interference in the operation of the system (program, server, website) or changing user data (databases, databases) on server.

How "permissions" work

By and large, the user’s work in any operating system or program is simply working with files or folders. Initially, when accessing any file or folder, the user is free to do anything with them - execute, delete, change (overwrite) or create a new object. However, the operating system is vigilant - it is always on alert - every time the user accesses a file or folder, every time he acts within the operating system, it scrupulously checks whether or not the user is allowed to work with this file or folder. These are “access rights”. Thus, the user’s capabilities are limited in the actions that he (the user) can perform with a file or folder on the computer territory under his control.

Unix Permissions

As already mentioned, access rights to files and folders are available in all operating systems that involve multi-user work. Both Windows OS, Unix OS, and any other multi-user operating system have a function for configuring and setting access rights to files and directories (folders, directories) for various categories of users. This article will discuss access rights for server OS of the Unix family, which is also often called .

Access rights (chmod) of the form 777 for server Unix operating systems regulate whether the user is allowed or prohibited to perform such actions as: reading, writing to a folder or file, and executing executable files

What is chmod

What is 777

IN server In Unix operating systems, access rights are written on a single line consisting of three digits, where each digit refers to a different user group type. In turn, all users are divided into groups of three types:

Owner group - “Owner of a folder or file”
group Group - “Member of the group of the owner of the folder or file”
World or Public group - “All other users”

Thus, the three digits in the designation, like 777, are the access rights set for three groups of users of a folder or file at once, where - each of the three digits indicates the access rights for its own user group.

Now it remains to figure out who the “Owner” is,
What is "Owner Group Member"
and who these “All other users” are.

Owner, owner group member, and all other users

Since we are talking here about servers, websites and Unix server operating systems, then:

The division of all users into groups in Unix server operating systems is implemented as follows - the Owner and Members of the owner group connect to the server using a special connection (FTP, SSH) (FTP, SSH protocol), and all other users access the site from a web browser (http -protocol)

It follows that, depending on the protocol for accessing a file on the server, the Unix server OS immediately divides users into two parts, either the owner or a member of the owner’s group, or all other users. The basis for this “sorting” (I repeat) is the network connection protocol - if a user connected to the server using an FTP account (FTP protocol), then this is either the owner or a member of his group. And if a user logs into the server from a web browser (http protocol), then this is the third group - all other users.

Thus, for the Unix server OS, there is a very clear and easy-to-understand distinction between the first two and third groups - the owner and a member of his group access the server using a special connection (FTP, SSH), and all other users - through their web browsers.

But the differences between the first two groups - the owner and the member of his group - are greatly erased and veiled. This is where the jungle of a hosting package and an individual approach for each case begins.

Reference:
All files in Unix (Linux) can have two owners: their immediate owner-creator (user owner) and his group (group owner). The concept of an owner group means a certain list of users that was created by the owner himself for sharing a file or folder.

Thus, for a Unix server OS, the owner of a file or folder is directly the server administrator. All others to whom the owner will allow access to files on his server and who will connect to this server via the FTP/SSH protocol are members of the owner’s group.

Renting disk space refers to the space on the server occupied by site files. As a rule, these are inexpensive hosting packages where their users do not have access to the server admin panel (not to be confused with the CP - account control panel). Accordingly, site administrators (owners) using such packages, when connecting via FTP to the server, fall exclusively into the owner’s group. Whereas, the owner himself (server administrator) is somewhere out there, “far in the mountains,” in his cozy office of the hoster’s technical service.

When renting disk space, the owner of all site files is the hoster himself, while the tenant of disk space is just a member of the owner's group.

For server tenants (real and virtual) the situation is somewhat different. When renting a server, the renter installs the operating system himself; of course, he is the direct owner of the files for this system. But creating a group and adding other users to it is up to him, the owner.
What follows from all of the above?

And the conclusion is this: - Renters of disk space may not bother with the first number of the form (chmod) 777, since they are not the owners, and will never be the owners of their files. For them, the first digit should always be seven. - Tenants of servers (real and virtual) do not have to bother with the second number of the form (chmod) 777. Provided that they have not created and are not going to create any user groups on their server. Here, as such, there is no clear and strong distinction. Or rather, it will happen if you create an owner group and add a list of users to it. But such a group can only be created by the server administrator himself. When he creates it, then he will think about what to do with the second digit.

What do the numbers 777 or 456 mean?

Each figure, for each group, represents
an arithmetic sum of three digits,
denoting the following rights:

4 = Read
2 = Write (write permission)
1 = Execute (permission to execute)

For example:

6=4+2 - Read+Write (read right + write right)
5=4+1 - Read+Execute (read right + execute right)
etc.

All possible 7 addition options for these three digits
on setting access rights to a folder or file for user groups
look like this:

7 = 1+2+4 - Read, Write, Execute (read, write and execute)
6 = 4+2 - Read, Write (read and write)
5 = 4+1 - Read, Execute (read and execute)
4 = 4 - Read (read only)
3 = 1+2 - Write, Execute (recording and execution)
2 =2 - Write (write only)
1 =1 - Execute (execution only)

Thus, by setting access rights (chmod) of the form 765,
We will set the following rights for groups:

First digit, group Owner, Owner of a file or folder
First digit = 7
This means that the Owner of a folder or file has the right to:
7=4+2+1 - Read+Write+Execute
Second digit, Group, Owner Group Member
Second digit = 6
This means that a Member of the owner's group has the right to:
6=4+2 - Read (read) + Write (write)
Third digit, World group, All other users
Third digit = 6
This means that All other users have the right to:
5=4+1 - Read (reading) + Execute (execution)

Now it is clear that by setting access rights with the combination of numbers 777 (three axes), we open full access to the file for absolutely all user groups. You can get a similar result by placing the file in the Public Documents folder in Windows.

It should be noted that some combinations of numbers can indicate very crazy situations with file access rights. For example, a combination like 477 will allow access to overwriting and executing a file for everyone except its owner (read: administrator). Alas, this does not happen.

Access rights are always set “descending” from “Owner” to “Member of the owner’s group”, and then to the “Everyone else” group. But not the other way around!

How to set access rights like 777 on the server

Now that it has become absolutely clear what these three treasured numbers mean - set access rights (chmod) of the form 777, will not be difficult. To set access rights (chmod) to 777 for a folder or file that is on the server, you will need any file manager that is capable of establishing and maintaining an FTP connection to the server. It could be Total Commander, Windows Commander, CuteFTP, Filezilla or anything else. Personally, I prefer the simple and free FTP file manager Filezilla, despite the fact that I am an ardent fan of Total Commander.

To set access rights (chmod) to 777, go to the server via FTP with Administrator rights!, through a pair of Administrator login and password!. Next, we find and select the required object (folder or file). After that, right-click the context menu “File - Change attributes”. Next, specify the required attribute (access rights) and click “OK”. To “drive in” the desired combination of numbers, you will need to either check/uncheck the checkboxes next to the required items, or enter the required code of the form 777 from the keyboard in the window that opens. All FTP file managers support both methods.

Bummer view of 777 on Denver

Like all aliens from outer space, I regularly communicate with representatives of various extraterrestrial civilizations who begin building their websites before they arrive on Earth.

Message for aliens:
There is no need to try to set permissions (chmod) to 777 when working with the well-known package, which only simulates the operation of a web server running a Unix operating system on a local computer that is actually running a Windows operating system. There is no such button.

Files in Linux have two owners

It is necessary to set the rights to files and folders correctly. You can do this using FileZilla. In general, each server needs its own specific settings, which are best learned from your hoster. But usually the rights are set as follows: for files that are in the root directory 444, for folders in the root directory set 755, for tmp and logs folders set 705, for your template pack set 555, for the image/stories folder you can put 755, for the folder Cache 777.

The owner of the new file is the user who created the file.

Files in Linux have two owners: a user (user owner) and a group (group owner), which refers to a specific list of users, and the owner of the file does not have to be a member of the group that owns the file. Each user can be a member of several groups at once, one of which is called primary, and all the others are called supplementary. This gives greater flexibility in organizing access to a specific file. Sharing of some resources is very simple to organize, just create a new group and include in it everyone who really needs it, and if a person moves to another department and there is no longer a need to use this file. And everything is very simple, you just need to exclude him from this group. Well, what should we do with the rest? Will they really not be able to at least read the contents of the file or will they have to be included and excluded from the group every time.
But for all others (other) who do not belong to either the user owner or group owner, access rights are set separately and, as a rule, the most minimal. Typically, the owner of a file is the user who created the file. The group owner of a newly created file is set to the primary group of the user who created the file, but in some versions of Unix the group owner is inherited from the group owner of the directory in which the file is created. To change the owner of a file, use the chown command as parameters, taking the name of the new owner and a list of files: # chown new_owner file1 file2 ...Of course, the name of the file may be replaced by the name of the directory, but the owner of the files inside the directory will not change, so that It was best to use the -R (chown -R) flag. When using this command (as well as most), you can use regular expressions if there is a need to select files that meet a certain criterion (chown - R lys *.c). To change the owner of a group, use the chgrp command; the syntax for using this command is similar to the previous one: # chgrp sales /home/sales/*. By the way, the chown command allows you to immediately set the owner group; to do this, immediately after the owner’s name without spaces or other characters, put a colon and write the name of the required group
# chown - R sergej:gljuk * , this writing option is also allowed # chown - R:gljuk * (i.e., an analogue of the chgrp command).
File ownership determines the operations that a particular user can perform on the file. The most obvious of these is changing the owner and group of a file. These operations can be performed by the superuser and the owner of the file (in BSD UNIX derivatives only the superuser). If everything is clear with the first one, then, for example, writing a program and then making it the owner, for example, a superuser, alas, will not work, and although the option of changing the owner is allowed, I honestly did not find an option for such an application. But the group, if you are the owner of the file, can only be changed to your primary one (by default it has the same name as the name of the corresponding user). All these restrictions were introduced for several reasons, so that no one could slip in any malicious file and so that if a disk space limit was set on a computer for a specific user, it was impossible to simply override the owner to exceed it.
The following basic operations that can be performed on a file are: read access (Read), write access (Write) and execute access (eXecute). These operations are set for each of the three user groups separately. Moreover, only the owner user and, of course, the superuser can do this. To set the appropriate rights, use the chmod command. It is applied in two forms: absolute - when old rights are ignored and new ones are unconditionally established, and relative - when others are added/removed to existing rights. The absolute form involves setting access rights to a file by directly specifying it in octal form. In order to get the full code of the required file mode, you simply need to add the values of the codes given in the table.