10/30/1999 Backend A quick and dirty chmod Tutorial...... Print Article By Anthony Baratta (AnthonyB) 'chmod' or "change mode" is the *NIX way of changing file permissions. It is VERY different from DOS/Windows, if you are new to *NIX or always wondered what "drwxr-xr-x" meant read on..... Where Windows/DOS machines realistically have one set of file permissions: Read/Write - Archive - System - Hidden and then add on User Permissions to the files and directories; *NIX breaks the permissions into three groups, 1 - user, 2 - group, 3 - world. When you do an ls -la you might see the following: [user@linux sites]$ ls -la drwxr-xr-x 16 root root 1024 Oct 20 19:56 . drwxr-xr-x 9 root root 1024 Sep 5 22:56 .. drwxr-xr-x 9 foo user 1024 Sep 5 22:56 dir1 drwxr-xr-x 9 foo user 1024 Sep 5 22:56 dir2 drwxr-xr-x 9 foo user 1024 Sep 5 22:56 dir3 -rw-r--r-- 9 foo user 1024 Sep 5 22:56 file1 -rw-r--r-- 9 foo user 1024 Sep 5 22:56 file2 -rw-r--r-- 9 foo user 1024 Sep 5 22:56 file3 All the gobblygook at the beginning of each line is the file permissions. Note: To *NIX, directories are just special files. In order to allow someone to 'traverse' the directory tree, the user must have eXecute permissions on the directory even if they have read/write privileges. Within each set of permissions (you, group, world) there are three permissions you can set: Read - Write - Execute. Therefore when you set the permissions on a file you must take into account 'who' needs access. Here's a stripped down list of the options chmod takes: (for more info do a man chmod at the command line.) chmod [-R] ### -R is optional and when used with directories will traverse all the sub-directories of the target directory changing ALL the permissions to ###. Very useful but use with extreme caution. The #'s can be: 0 = Nothing 1 = Execute 2 = Write 3 = Execute & Write (2 + 1) 4 = Read 5 = Execute & Read (4 + 1) 6 = Read & Write (4 + 2) 7 = Execute & Read & Write (4 + 2 + 1) Of course you need a file name or target directory. Wild cards * and ? are acceptable. If you don't supply the -R, with the target directory, the directory itself will be changed, not anything within it. Again you must supply the #'s in a set of three numbers (you, group, world). To make a file readable and writable by you, and only read for your group, and no access from the world,it would look like: chmod 640 filename The result would look like... -rw-r----- 9 foo user 1024 Sep 5 22:56 file3 To make all files that end in .cgi read-write-executable for you, and read-executable for everyone else: chmod 755 *.cgi The result would look like... -rwxr-xr-x 9 foo user 1024 Sep 5 22:56 file3.cgi -rwxr-xr-x 9 foo user 1024 Sep 5 22:56 file4.cgi Here are some standard permissions for files and directories: [This is a gross approximation, a place to start. Your sysadmin maybe really loose with permissions or a really tight-butt. Your mileage *will* vary.] For Apache running as nobody:nobody.....Most Perl Scripts should be set to 755. Most HTML files should be set to 644. And most data files that must be written to by a web server should be 666. The standard directory permission should be 755. Directories that must be written to by a web server should be 777. If the web server is running within the same group as you....Most Perl Scripts should be set to 750. Most HTML files should be set to 640. And most data files that must be written to by a web server should be 660. The standard directory permissions should be 750. Directories that must be written to by a web server should be 770. Your home directory should be 700. If you are operating a ~username type server, the public_html directory should be 777. (You may also need to open up the home directory to 755.) Side Note: any file name that starts with a '.' is invisible to the webserver when a directory list is generated. This is a quick and dirty way to hide a file.

Recursively Change File Permissions(#12) You can recursively change file permissions using the find and chmod commands. For example, to change the file permissions for all files in the private directory and all of its subdirectories so that no one but you has access use the following commands. $ CD ~/private $ find . -name '*' -exec chmod go-a \{\} \; To change the file permissions starting from your home directory so that others have no access use the following command.{\} \; $ Find ~ -name '*' -exec chmod o-a Be careful if you have a web page. If others have no access to the web page files then they can't load your pages in their browser. You can use more advanced features of the find command to search for files and change permissions. For example, search for any files that have write access for the group or others and remove them. $ Find ~ -perm -002 -exec chmod o-w \{\} \; $ find ~ -perm -020 -exec chmod g-w \{\} \;

there's a nice way of doing it (which escapes me at present), which I'm sure someone will point out as I write this but.. for i in `find /web directory/ -print` do if [ -d $i ] ; then chmod 755 $i else chmod 644 $i fi done should do it.. Replace the chmod commands with "echo" commands to test it works as you want it to first.. Donncha. adam beecher wrote: > > Say I have a web directory, and I want to recursively chmod all the > directories 755 and all the files 644, how would I go about that then then? > http://www.linux.ie/pipermail/cork/2001-March/001799.html

ab> Say I have a web directory, and I want to recursively chmod ab> all the directories 755 and all the files 644, how would I go ab> about that then then? find . -xtype d -exec chmod 755 {} \; find . -xtype f -exec chmod 644 {} \; I've used -xtype so that symbolic links won't be followed. -- "Pity has no place at my table." -- Dr Hannibal Lecter

Actually it should be find . -type d -exec chmod 755 {} \; find . -type f -exec chmod 644 {} \;