This article shows how to change file or directory permissions using SSH or FTP. For an overview of permissions, view the following article:
Changing permissions via SSH
If you're logged into your server via SSH, you can change permissions by running the chmod command. There are two ways to set permissions using chmod.
- Numeric Mode
- Named Mode
Numeric Mode is easier to understand as you just need to add up the values.
Using the numeric mode, you can assign numbers to each permission. For example:
- 4 = r (read)
- 2 = w (write)
- 1 = x (execute)
Then, you would add all three together for each owner to get the full value. The following table illustrates the different permissions each owner could possibly have.
|7||read, write, and execute ("rwx")||4 + 2 + 1 = 7|
|6||read and write ("rw-")||4 + 2 = 6|
|5||read and execute ("r-x")||4 + 0 + 1 = 5|
|4||read only ("r--")||4 + 0 + 0 = 4|
|3||write and execute (rare) ("-wx")||0 + 2 + 1 = 3|
|2||write only (rare) ("-w-")||0 + 2 + 0 = 2|
|1||execute only (rare) ("--x")||0 + 0 + 1 = 1|
|0||no permissions ("---")||0 + 0 + 0 = 0|
Remember, there are three sets of owners of a file or directory:
All three have their own permissions. Thus, all three must now be added together to get the full value.
[server]$ chmod 600 file.txt
[server]$ chmod 700 dir
[server]$ chmod 755 file.txt
[server]$ chmod 644 file.txt
[server]$ chmod 664 file.txt
While the above commands regarding chmod are useful, it can be understandable if a user doesn’t want to have to log in via SSH just to change permissions on a file. Fortunately, many FTP clients such as FileZilla have the ability to change permissions directly within the client.
There are two sets of permissions to assign when using 'Named Mode', which are 'who' and 'what' permissions. For example:
|u||change the user bits|
|g||change the group bits|
|o||change the other bits|
|a||change the bits for everybody|
|r||grant read access|
|w||grant write access|
|x||grant execute access|
|s||set the sticky bit|
Using ("+") and ("-") with the information above, you’d combine permissions from the 'who' and 'what' groups to assign the exact permissions you desire.
The format to use chmod in the following commands is:
[server]$ chmod "groups"+"access" file.example
Allows everybody to read file.txt. In the following example, 'a' is the bit for 'everybody' and the 'r' (read) permission is added:
[server]$ chmod a+r file.txt
Strips everybody of all permissions, except for the owner who retains any former permissions. In the following example, 'g' is group bit, 'o' is the 'other users' bit and the ("-") sign is removing all permissions (rwx):
[server]$ chmod go-rwx file.txt
The file named script.cgi is now executable by the user and group. In the following example, 'u' is the user bit, 'g' is the 'group' bit, and the 'x' permission is added to both:
[server]$ chmod ug+x script.cgi
All files created in the directory somedir are owned by the group that owns somedir. In the following example, 'g' is the group bit and the 's' flag is added to it:
[server]$ chmod g+s somedir
Special permissions can be added which allow you the special ability to automatically change users or group, or to specify a directory as a "temporary" directory.
The 's' flag
An 's' can be added to the owner or group 'read' permission. This indicates the setuid/setgid permission.
- If set on the group read permission, it sets the setgid bit. This means that any user who changes into that directory suddenly performs all actions as if the owners group was their default group. This can be helpful if you want all files in that directory to be created/owned by that owner group.
- If set on the owners read permission, it sets the setuid bit. This is not usually a good idea, so don't do it unless you really know what you're doing.
The 't' flag
The t flag is basically the same thing as the "s" flag for a user or group, but is used when applied to all others. Here, the meaning is a little different. It means that anyone can create a file in the directory, but only the owner is allowed to remove the file, regardless of permissions set. This is the "temporary" directory permission and should also be avoided unless you really know what you're doing.
Changing permissions in an FTP client
If you right click on a file in an FTP client, you can view it's permissions. For example:
As discussed above, this format uses the Numeric Mode to set permissions. You just need to add up the values to change them.
This example uses Filezilla. You can either click the checkboxes, or type in the Numeric value of the permissions you need to change.