Unix-like operating systems (Linux, Mac OS X, Solaris, FreeBSD, and others) use the standard POSIX file permission system for user and file security. It is simple yet powerful, and while there are other more complex options, such as ACL, these basic Unix permissions are sufficient for most web hosting dedicated servers.
In Unix permissions, there are three settings: read, write, and execute, and there are three types of users to which you can apply those settings: user, group, and other. That’s it. You now know all of the Unix file permissions. You can use that simplicity to your advantage to make sure your files are secure.
For most web files (HTML, PHP, etc), you will want file permissions that allow you (user) read and write access but allow only read access for anyone in your user group or people on the web. The permissions would look like this:
In a file manager or command line list (using the “ls” command), the file will look like this:
-rw-r–r– 1 user group 0 2011-08-04 13:03 test.html
If the file were set to global read, write, and execute (meaning anyone can access and modify it), the file line would look like this:
-rwxrwxrwx 1 user group 0 2011-08-04 13:03 test.html
You can change file permissions from the command line, using the “chmod” command, from within your web-based control panel’s file manager, or within your FTP client. As a general practice, it is a huge security risk to make anything writable by “other”, as that means visitors to your website could find a file and modify it. Many third-party scripts require specific permissions for their files, but otherwise, you can leave them at your server’s default setting.
In Unix permissions, there are three settings: read, write, and execute, and there are three types of users to which you can apply those settings: user, group, and other. That’s it. You now know all of the Unix file permissions. You can use that simplicity to your advantage to make sure your files are secure.
For most web files (HTML, PHP, etc), you will want file permissions that allow you (user) read and write access but allow only read access for anyone in your user group or people on the web. The permissions would look like this:
| User | Group | Other | |
| Read | x | x | x |
| Write | x | ||
| Execute |
-rw-r–r– 1 user group 0 2011-08-04 13:03 test.html
If the file were set to global read, write, and execute (meaning anyone can access and modify it), the file line would look like this:
-rwxrwxrwx 1 user group 0 2011-08-04 13:03 test.html
You can change file permissions from the command line, using the “chmod” command, from within your web-based control panel’s file manager, or within your FTP client. As a general practice, it is a huge security risk to make anything writable by “other”, as that means visitors to your website could find a file and modify it. Many third-party scripts require specific permissions for their files, but otherwise, you can leave them at your server’s default setting.
No comments:
Post a Comment