Google+
ITS and UVa logos for printed output

ITS Web Resources

UNIX File Permissions and Web Pages

Overview

UNIX file permissions control access to Web pages that are stored on UNIX servers. Most of the time, a Web developer need not be concerned with UNIX file permissions, but if you are encountering errors such as:

  • Access Forbidden error messages,
  • broken images, or
  • the inability to publish to a group-maintained site

the permissions of your Web files may need to be adjusted.

UNIX allows three types of permissions – read, write, and execute – and three types of people to which these permissions may be applied – user, group, and other.

Read, write, and execute each have a slightly different meaning when applied to either a file or a directory:

Permission File Directory
Read View the contents of a file List the contents of the directory (i.e. - do an ls on the directory)
Write Write to a file, edit a file Create a new file in the directory
Execute Run the file if it is an executable file (e.g. - a cgi script) Navigate through that directory level to subdirectories

The 3 types of people you can assign permissions to are user (yourself), group (a predefined set of people), and other (everybody else).

People who may be granted permissions Description
User The person who created the file or directory. Sometimes called "owner".
Group A group of users. By default, most people are already a member of the usr group.
Other Everybody else (including people browsing your site with a Web browser)

The following is an example of what a file's permissions might look like:

user group other
rwx r-- r--

In the example above:

  • user has read, write, and execute permissions
  • group has read permissions
  • other has read permissions

Setting Permissions

Single-user vs. Group-maintained Sites

If you suspect that you are having permissions-related troubles, you must first determine what type of site you have: single-user or group-maintained.

  • Single-user sites:
    • All sites that have a tilde in the URL, e.g. - http://www.people.virginia.edu/~mst3k
    • Sites without a tilde that are maintained by only one person
  • Group-maintained sites:
    • Sites without a tilde that are maintained by a group of people (ITS must create a group definition for you in order to use this setup)

Single-user Sites

For single-user websites, all files must be at a minimum readable by other, and all directories must be executable by other. Recommended permissions for single-user websites:

User Class File Permissions Directory Permissions
User read, write read, write, execute
Group read execute
Other read execute

If the site in question is hosted on www.people.virginia.edu, the easiest way to fix incorrect file permissions is to use the Home Directory Accounts Maintenance Page. Log in and choose the option to "Set your WWW file permissions."

Changing File Permissions for Single-user Websites Using UNIX Commands

The following information will help you to use UNIX commands to change file permissions.

The steps for correcting permissions errors on single-user sites are as follows:

  1. establish a secure connection (using something like SecureCRT (available from the UVa Software Gateway)) to the server which houses your Web pages,
  2. issue the UNIX command chmod for any files or directories which need to be changed.

Scenario:

User mst3k is getting a permissions error when trying to view his website at http://www.people.virginia.edu/~mst3k. After logging into the server with SecureCRT, mst3k issues the following command on the UNIX command line:

cd public_html

to go to the directory where his Web page is stored. He then views the permissions by issuing the command:

ls -l home.html

and sees the following output:

-rw-r----- 1 mst3k staff 724 Jan 17 2001 home.html

Permissions are organized into three major groupings. In this example the permissions for user are rw-, the permissions for group are r--, and the permissions for other are ---.

This file is not viewable on the Web because "other" does not have read permissions. To correct the problem, mst3k issues the command:

chmod o+r home.html

To verify that the command produced the desired results, mst3k again issues the command:

ls -l home.html

and sees the following output:

-rw-r--r-- 1 mst3k staff 724 Jan 17 2001 home.html

Provided that the permissions of the parent directories are correct, the page should now be viewable on the Web.

Group-maintained Sites

For group-maintained sites, the same guidelines as above apply, but extra permissions are granted to the group. Additionally, you must verify that the group ownership is correct, otherwise you may unintentionally grant write privileges to the wrong group. Recommended permissions for group-maintained websites:

User Class File Permissions Directory Permissions
User read, write read, write, execute
Group read, write read, write, execute
Other read execute, execute, execute

Changing File Permissions for Group-maintained Websites Using UNIX Commands

The steps for correcting permissions errors on group-maintained sites are as follows:

  1. establish a secure connection (using something like SecureCRT (available from Software Central)) to the server which houses your Web pages,
  2. verify that the group ownership of your files is correct,
  3. issue the UNIX command chmod for any files or directories which need to be changed.

Scenario:

User mst3k is getting a permissions error when trying to edit the file home.html in the group-maintained site http://www.virginia.edu/somesite. After logging into the UNIX system with SecureCRT, mst3k issues the following command on the UNIX command line:

cd /www/doc/somesite

to go to the directory where the Web page is stored. He then views the permissions by issuing the command:

ls -l home.html

and sees the following output:

-rw-r--r-- 1 abc2d staff 724 Jan 17 2001 home.html

There are two problems with this file:

  • The group ownership is not correct;
  • group write permissions have not been set.

To correct this problem, mst3k goes to find the owner of the file—abc2d. Only the owner of the file may change the group ownership or permissions. User abc2d then logs into her account and repeats the steps above. To change the group ownership, she issues the command:

chgrp somegrp home.html

where somegrp is the group that was designated for this website. She then adds group write permissions by issuing the command:

chmod g+w home.html

Finally, she verifies that the changes were made by issuing the command:

ls -l home.html

and sees the following output:

-rw-rw-r-- 1 abc2d somegrp 724 Jan 17 2001 home.html

Provided that mst3k is a member of the group somegrp, he will now be able to edit the file.

  Page Updated: 2015-07-16