Re; [techtalk] Permissions

Jenn V. jenn at simegen.com
Tue Jun 20 00:50:25 EST 2000 

"Lilly S." wrote:
> 
> Followup to this post...
> 
> Does anyone have a reference that tells what files need to be what? For
> example, what permissions do CGI files need to be? How about the cgi-bin
> directory? And the html or public_html directory?

I don't know of such a reference. I tend to trust the installation
guides and/or package managers to get it right. :/



cgi-bin: the webserver's cgi-handling program needs to be able
to read and execute the files, but only I (or my group) should
be able to write it.
public_html:  the webserver needs to be able to read it, but only 
I (or my group?) should be able to write it.

Precisely who should own or group-own the files probably depends
on the exact webserver program you're using.


Actually, you can manage most file permissions by thinking things
through like that. Though README and other docs for the relevent
programs is really the best way to manage it.




Directories have to be executable /to you/ for you to get into 
them.
They have to be readable /to you/ for you to be able to 'ls'.
They have to be writable /to you/ for you to be able to add or
delete files in them.

Files have to be executable /to you/ for you to be able to run
them (if they're programs, or devices, or whatever). 
They have to be readable /to you/ for you to be able to look 
at the contents. (this does allow copying)
They have to be writable /to you/ for you to be able to change
them, remove them, or change permissions. (The file owner may be 
a special case here.)

Symbolic links are a special case, they take on the permissions 
of the file they link to.

There's also special-case stuff with suid, but I would need to 
read up on precisely what happens there.


Notes:
* root has full permissions for everything.
* when considering what permissions to put on a file, I recommend
going for 'if it ain't broke don't fix it' as the first rule. 
If it /is/ broke, I read as many diagnostic things as I can. 
IFF that suggests file permissions, I record what the permissions
were before I changed anything, then think about who is using 
the file and for what. Plot the permissions needed from the POV
of owner, group, and all.



I hope this was helpful, even though it's not what was asked 
for.



Jenn V.
-- 
  "We're repairing the coolant loop of a nuclear fusion reactor. 
   This is women's work!"
		Helix, Freefall. http://www.purrsia.com/freefall/

Jenn Vesperman    jenn at simegen.com     http://www.simegen.com/~jenn

More information about the Techtalk mailing list