or
Contents:
By default, any file you create on a Unix system is readable only by you, the owner of the file. Nobody else has access to it, unless you specifically grant access to it. This is not a characteristic of only Unix systems. Any multi-user system, including VAX and WindowsNT behave in the same manner. It does make sense, since in most cases, you don't want people to be able to look at the contents of your home directory, or your M: drive.
However, when creating web files the philosophy is exactly the opposite. You need for your web files to accessable by everybody in the world. Since in many cases, we are using our Unix accounts for both web and non-web files, we need to have a way to protect non-web files, while allowing world wide access to your web files within the same account.
There are several ways to deal with permission issues. Which method you use depends upon how you access your Unix files. By this, I mean, do you log directly onto the Unix system to do web development, or do you connect to your Unix account with a PC or a Macintosh? Each method has it's own syntax.
The unix perspective is quite detailed, but also by far, the most flexible.
A quick workaround:
The easiest way to take care web file permission requirements is to use the fix_web_perms command. To run this program, simply log onto the Unix system and type fix_web_perms at the "%" prompt. This program will change the permissions for all files in your www-docs directory, making them "world readable".
Important: Keep in mind, that if you create any new files in your www-docs directory, you will have to run the fix_web_perms command again, in order to update the permissions of your newly created files.
Changing your file creation default permission settings.
Wouldn't it be nice if any file you created had the proper permission settings for web access? There is a way to set the default file creation permissions. At a unix prompt, simply type umask 022. This will cause the permissions on any file you create to have the proper permissions for web access. However, this setting will be in effect during the current session only! This means that if you open a new window, (such as winterm, xterm, or console), you will have to set the umask for that window too!
Making the umask setting permanent.
There is a way to set the default file permission automatically when you log in to the system. All you have to do is edit your .cshrc file and make the last line of the file read umask 022. Next log out and log back into the Unix system, and your new default permission settings will take effect for the entire login -- in all windows you open.
WARNING: If you change your umask setting in this manner, every file you create from that point forward will be readable by everyone on the system. If you use your Unix account for purposes other than Web files, this may be a serious problem. You can however, use the chmod command to take away permissions from a file or directory in this case.
Changing File Permissions on a File by File Basis
If you require or desire greater control over individual file permissions than fix_web_perms or umask afford, the following is a more detailed explanation of how file permissions work on the Unix system.
Viewing your file and directory permissions
The command to view the permissions of a file is ls -l. This command shows you the long listing for a file. For example, this is the output of a typical ls -l command.
jgramke@unix 1% ls -l drwxr-x--x 3 jgramke acs 512 Jan 11 13:10 Crossword/ drwx------ 2 jgramke acs 512 Feb 21 15:51 Helpsheets/ -rw-r--r-- 1 jgramke acs 1865 Feb 21 10:21 index.html -rw-rw---- 1 jgramke web 1219 Feb 21 10:35 list.txt
The first 2 entries are directories indicated by the 'd' as the first character of the line. The third file is simply a regular file. In this case, it happens to be an html file.
The permission settings are the displayed in the first through 10th characters of each line. For example, the permissions for the directory Crossword is drwxr-xr-x. These letters have the following meaning:
The first character is used to indicate if the file is a directory or not. If it is a "-" it is not a directory. If it is a "d" it is a directory.
The next 3 characters indicate the permissions the owner of file has. The next 3 characters indicate what permissions the group members have, and the last set of 3 characters indicate the permissions that the rest of the world have.
In the above example, with the file index.html, the owner has read and write permissions to the file, the other members of the group acs have only read permissions, and everybody else also has only read permissions.
In the case of the file list.txt, the owner has read and write permissions, the members of the group web have read and write permissions and everybody else has no permissions to that file.
When referring to directories, permissions mean something slightly different. In the case of the directory Crossword the owner has read, write & search permissions, the members of the group acs have read & search permissions, while everybody else has only search permissions.
Changing your file and directory permissions
If you wish to have a file be accessible from the web, you must have read permissions on the file, and the directory that contains the file must have search permissions for everybody.
To change the permissions on a file, you must use the chmod command. For example:
Originally, we had this file with these permissions:
-rw-rw---- 1 jgramke web 1219 Feb 21 10:35 list.txt
This file will not be accessible by the Web, because it does not have read permissions for "other" people besides the owner. If we issue the chmod o+r list.txt to add read permissions for "others", we will have this new file permission:
-rw-rw-r-- 1 jgramke web 1219 Feb 21 10:35 list.txt
Now that this file has read permissions for everybody, all "others", it will be accessable to the web.
For directories it needs to be searchable by all "others". For example we have this directory:
drwx------ 2 jgramke acs 512 Feb 21 15:51 Helpsheets/
This directory is not accessable from the web because its permissions grant no access to "others" (ie, the 3rd set of 3 dashes). To make it accessable from the web, we must issue the command: chmod o+x Helpsheets. This will change the permissions to:
drwx-----x 2 jgramke acs 512 Feb 21 15:51 Helpsheets/
This allows all "others" to have access to this directory and it's contents, provided that the individual files within that directory have the proper permissions set.
For more information on file permissions, see http://www.users.csbsju.edu/~jgramke/Help/unix/unix/data/chmod.html, and Running fix_web_perms as well as the on-line manual pages (type man chmod at the Unix prompt). Also see the online books that can be accessed via the Tool bar under Help/Online Books, and Help/Desktop Help, and Help/Man Pages)
There is basically 2 ways you can connect to your Unix account from a WindowsNT/95 system.
The first is to connect directly to your account. You would do this with this sort of syntax:
\\maple\unix_user_name
Example:
\\maple\jgramke
This sort of syntax, connects me directly to my home directory, and sets the file creation permission mode, so that any file I create on this drive, while connected in this manner will have private file permissions, ie. nobody will have access to them. This is the appropriate way to connect if you are saving homework, or sensitive files to your Unix account.
The second way to connect is more appropriate for the creation of web documents. It connects you directly to your www-docs directory, not to your home directory as in the above example. The syntax is like this:
In Windows 95: \\maple\www-docs%unix_username
In WindowsNT: \\maple\www-docs where you put your unix username in the Connect As box on the next line.
Any file created with this syntax will be written directly to your www-docs directory.
Any file created with this syntax will have the proper permissions to allow it to be accessible via the web.
For more detailed information see Connecting to your Unix Account from a Networked PC
The Macintosh has the simplest scheme. Any file you create inherits the permission of the directory in which it was created. If your www-docs directory is set for world-read access, any file or directory you create within that directory when connected from a Mac, will have the proper permissions. If your www-docs directory doesn't have the proper permissions, refer to the "Unix Perspective" section of this document, or contact the Helpdesk.
For more information on connecting to your Unix account from a Macintosh, see Connecting to your Unix files from a Networked Macintosh at CSB/SJU
If you have any problems or questions with the information on this page, contact the Computing Services Helpdesk
Last Revision 3-23-97 http://www.users.csbsju.edu/~jgramke/Help/Web/permissions.html Author: jgramke@csbsju.edu