WWW Basic Content Management - General Permissions Guide

Last Updated: 07/01/2013

Overview

Every Web page has permissions set behind the scenes, which allow the creator of the page and other individuals to read that page on the Web and/or to make changes to that page.

Understanding Permissions Symbols

There are three categories of users:

Type Symbol
User/Owner u
Group g
Other (world) o

There are three types of permissions (usually called modes):

Mode Symbol
Read r
Write w
Execute x

The meaning of each type of permission is different for files and directories:

Permission What it means for a file What it means for a directory
Read view file contents list files in directory
Write change file contents create and remove files
Execute execute file as a command search the directory

Viewing the Current Permissions

At your Unix prompt (e.g., spot>), go to the web directory where you want to make changes. For example, if you are making your own personal web pages, you would type:

  • cd public_html
  • Then hit Return

If, on the other hand, you are working on your department's or other University-related web pages, the directory would most likely be in /htdocs. If so, you would need to type:

cd /htdocs/yourdepartmentsdirectoryname/andpathname

  • To look at the permissions for a file, type:
    • ls -l: That's a lowercase letter "l" and "s," a space, a minus sign, another lowercase "l" and space, and the name of the file at your prompt. For example:
    • ls -l index.html
: The ls is shorthand for "list" the contents of the directory, and the -l is shorthand for "long." So in plain English you're saying, "Give me a long listing (ie, all the information about the items contained in this directory) of the directory where I am currently."
    • After you hit Return, you will see a line as follows:
      -rw-r--r-- 1 smith 740 Sep 16 11:18 index.html
    • Permissions are listed via the second through tenth characters of the first column in the -l listing:
      - r w x r w x r w x
      user/owner group other
    • Looking again at our example:
      -rw-r--r-- 1 smith 740 Sep 16 11:18 index.html

      We can see that the file index.html is readable and writable by the User, and readable by the Group and Other. No other permissions have been allowed; thus, the rest of the spaces contain dashes as placeholders. Because the read permission for Other is set, this file is viewable on the Web.

    • To look at the permissions for a Web directory, type:
      ls -ld public_html
drwx-----x 2 smith 512 Aug 16 13:52 public_html

    • The above directory (note the initial "d" in the first column) has read, write, and execute permissions for the User, and execute for Other. This directory is viewable on the Web.

Changing Permissions

  • The chmod command is used to change file and directory modes, as follows:
    • chmod
  • In , you include the letter of the viewer ‹u(ser), g(roup), o(ther) along with a function (+ or -), and the type of permission ‹r(ead), w(rite) or (e)x(ecute).
To change the permissions of a file called message.html to readable and writable by the User, and readable by everyone else, type the following:
    • chmod u+rw,g+r,o+r message.html
    • Translation: User gets read and write access, Group gets read access, and Other gets read access.
  • To remove read permissions from everyone but the user on message.html, use this command:
    • chmod g-r,o-r message.html
    • Translation: Group loses read access and Other loses read access.

Suggested Permissions

In general, the User (ie, owner of the directory or file) should be able to read and write all files they own and read, write AND execute all directories they own.


The group-owner, if there is one, should be able to do the same. A group-owner is really a collection of people who are granted write-access to the directory and/or files by the authority of the primary owner. Since group-owners are there to help maintain the web pages, they should have the same permissions as the primary owner. However, this does not mean that they can change the permissions of the file or directory, and they don't have the authority to request changes to group-owner membership. Only the primary owner (AKA "User") has the authority to make permissions and access changes.


IMPORTANT NOTE: Once a member of the group that has group-ownership of a directory creates a new file, that person is the owner of the file that s/he just created. Thus, that person now has the responsibility to set the permissions correctly for that file.


Finally, the Other permissions are generally set to allow only read access to files and execute access to directories. Setting write access for Other is very dangerous, since then anyone with access to the server could make changes to your web pages!


For Web pages on www.colorado.edu with a group-owner, you'll need these minimum permissions set:

On Directories...
User/Owner read, write, execute rwx
Group read, write, execute rwx
Other execute --x
On Pages...
User/Owner read, write, execute rw-
Group read, write, execute rw-
Other read r--

Setting Web Page Permissions

Use the command chmod to change the mode (ie permissions) of a file or directory.

To change permissions for the directory under /htdocs/somedepartment called images, type the following, then hit Return:

  • chmod u+rwx,o+x images
  • And you should see returned:
    drwx-----x 1 smith 740 Sep 16 11:18 images

NOTE: you must be in the directory /htdocs/somedepartment before typing the command. See instructions above for how to change your directory location.

For the file called index.html, type the following, then hit Return:

  • chmod u+rw,o+r index.html
  • And you should see returned:
    -rw----r-- 1 smith 740 Sep 16 11:18 index.html

Troubleshooting

If you receive an error trying to view or change Web pages, it is most likely a file or directory permission problem. Examples:

  • 403 Forbidden
    You don't have permission to access.

-OR-

  • 404 Permission Denied

If other people receive permissions errors on your pages, review your permissions to be sure they match the minimums stated above. In cases where more than one individual has write privileges on a Web page or directory, permissions can sometimes be changed inadvertently when other individuals upload files.

Need More Help?

Call the IT Service Center at 303-735-HELP. Or send your question to help@colorado.edu.

You can also refer to the manual pages that reside on the Unix servers. To see the Unix manual pages about changing permissions, type: man chmod.