Permissions are what tells the system who can do what to a given file or directory. While Windows and the MacOS have their own means of setting the access permissions to files, ProHosting's servers run on a Unix-based system, so we need to use the Unix-type file permissions. The basic idea is quite simple.
A file or directory is owned by a particular user on the system, usually the user that created it. When you log in through FTP and upload files, you are the files' owner. (See the "Ownership" guide for more info.) Permissions determine who can do what to a file. There are three user types (the who's) and three access types (the what's) that define the permissions for a file or directory.
The three user types are:
The three access types are:
To set permissions, in the simplest form*, we use a three digit code: the first digit represents the access given to the user, the second digit represents the access given to the group, the third digit represents the access given to the world. The values that make up each access type are:
4 = read
2 = write
1 = execute
To apply more then one type of access to a user type, simply add the values together to get access permissions of the desired types:
7 = read, write & execute (4 + 2 + 1)
6 = read & write (4 + 2)
5 = read & execute (4 + 1)
4 = read
3 = write & execute (2 + 1)
2 = write
1 = execute
Putting together these digits determines the 3-digit* permission code that makes up the file's permissions.
E.g. User: read, write & execute (7) + Group: read & execute (5) + World: read & execute (5) = 755.
The way to change a file's permissions in Unix is with the "chmod" command, which is short for "change mode" (See How To Change Permissions below for specific FTP application usage). The "chmod" command can actually use two methods to change permissions:
u", "g", "o" and "a" for user, group, other (world), and all, respectively, and it uses "r", "w" and "x" for read, write and execute, respectively. For example: Of course, it's easier to type "chmod 755" then "chmod u=rwx,go=rx". And while either method should work, I only mention Symbolic Mode to be thorough. Any examples of permissions throughout the FAQ use the Numeric Mode. Applications like WS_FTP, which provide their own interface for changing permissions, actually use the the "chmod" behind the scenes.
* There is a longer form which is more technically accurate. This uses four digits, the first being for special things, but it's not really important to know. See "The Fourth Digit" below.
Now that you know what permissions are, in all the gory detail, the next step is to actually change them. (To determine what the permissions should be, see the next question.)
Often, you'll see script instructions tell you to telnet to the server to change permissions. With ProHosting, telnet access isn't available. However, you can use most FTP applications to change permissions for files and directories. This is better then telnet anyway, because most of the changes you make need to be done right after uploading files anyway.
Depending on what FTP software you use, the way to change the permissions of files may differ. Some applications provide a simple checkbox interface for you to pick the permissions. Others make you type stuff into special command fields. Here are the instructions for permission changing for a number of FTP applications. If you have the instructions for application not listed here, e-mail me. However, most FTP programs will work the same as one of those mentioned here.
In all cases, "###" is the 3-digit permission code and "filename" is the name of the file or directory.
Change into the directory with the file or directory you want to change. Type:
Change into the directory with the file or directory you want to change. Type:
Change into the directory with the file or directory you want to change. Right-click the mouse button on the file to change in the "Remote Site" listing and select "chmod (UNIX)" from the popup menu. A dialog box will appear with nine checkboxes (the currently checked boxes are not necessarily the current permissions of the file). Check or uncheck the boxes as necessary to define the permissions you want the file to have. Click "OK".
Change into the directory with the file or directory you want to change. Either...
A dialog box will appear with nine checkboxes (the currently checked boxes should be the current permissions of the file) and a text field. Check or uncheck the boxes as necessary to define the permissions you want the file to have, or enter the 3-digit permissions number in the "Manual" field. Click "OK".
Once connected to ProHosting, open the "FTP log" from the "Window" menu of the "Site Window". In the command line, type:
...where "/path/to/filename" is the path to the file or directory, e.g. "/html/cgi-bin/script.cgi". You shouldn't need the full system path. Thanks to Benoit Landry.
Change into the directory with the file or directory you want to change. From the "Tools" menu, select "Quote". In the dialog box, type:
Click "OK".
Change into the directory with the file or directory you want to change. From the "Remote Menu" menu, select "Send FTP Command...". In the dialog box, type:
Click "OK".
So now that you know what permissions are, and how to change them, you might be wondering what permissions you should be using for your files. In most cases, you won't need to change them, the default permissions assigned by the server are fine.
When you first create a new directory at ProHosting, its permissions are set to 755 by default. When you first upload a new file, its permissions are set to 644 by default. Unfortunately, the server does not automatically assign 755 permissions to ".cgi" and ".pl" (or other CGI files) files, so you'll have to change those manually. When you replace an existing file, overwriting it by uploading a new copy, the permissions stay the same as they were.
Technically, you can set the permissions for any file or directory you own to anything you like. But there is one limitation imposed on the server for security reasons: You cannot give write access to files and directories for the group and the world. As long as you don't use 3, 6 or 7 for the second two digits, you'll be fine. Except for that one restriction, you can define any other combination of permissions for your files.
DO NOT USE 777 or 666, regardless of what a script's instructions might say. Many people get confused by a the setup instructions that come with most CGIs. Usually, the directions say to use 777 permissions for the scripts and directories and 666 for other files. While this might have been the case for the system that the script was originally run on, for ProHosting it will not work. On ProHosting servers, all you need to know is that 755 & 644 will work exactly the same as 777 & 666 on other servers.
Why? Because CGIs are run as though they are you, the user (owner), so if you don't have permissions to access a particular file, the CGI can't either. (Yes, you can remove your own read/write/execute permissions, but as long as you still own a file, you can change it back.)
For added security, if a file or directory involved with a CGI has write access enabled for the group and the world, the server won't let the CGI run at all. If the server could execute a CGI that could write to files outside the users control, e.g. someone else's files, then the CGI could do damaging things like deleting or overwriting other people's files. This is why you must use 755 for all directories and CGIs and 644 for other files.
Here is a table of the common permissions that you would use:
| Common Permission Settings | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Permissions | Value | Description | |||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||
| U = User; G = Group; W = World r = Read; w = Write; x = Execute; - = No Permission |
|||||||||||||||||||||||||||
* 600 and 700 are ways to hide files and directories from browsers and other CGIs. Since 644 still gives read access to group and world, other people's CGIs and web browsers can still read those files. Even .htaccess won't stop CGIs, only browsers. This will make the file unreadable by anyone but you and your CGIs. A common use would be to make your page counter file or database files 600, or a whole directory 700, so that someone can't simply guess the name of the file to download it. There should be no reason these two permissions shouldn't work, but if they don't, see .htaccess: Access Control to see another way to hide directories.
Perhaps you are quite familiar with Unix permissions and are wondering about the fourth number in the permissions code. Actually, it's the first number. Technically, a files permissions are defined as four digits, e.g. 0644. The first digit is actually used for some special purposes. As far as I know, on ProHosting, you cannot change the first digit, and it is always set to 4### by default. This has to do with how the files are used by the system. Basically, 4### means that files, CGIs in particular, are managed or run as the user's ID. But don't worry about it.