ITS and UVa logos for printed output

ITS Web Support

UNIX File Permissions and Web Pages

Overview

UNIX file permissions control access to Web pages that are stored on UNIX servers. Most of the time, a Web developer need not be concerned with UNIX file permissions, but if you are encountering errors such as:

  • Access Forbidden error messages,
  • broken images, or
  • the inability to publish to a group-maintained site

the permissions of your Web files may need to be adjusted.

UNIX allows three types of permissions – read, write, and execute – and three types of people to which these permissions may be applied – user, group, and other.

Read, write, and execute each have a slightly different meaning when applied to either a file or a directory:

Permission File Directory
Read View the contents of a file List the contents of the directory (i.e. - do an ls on the directory)
Write Write to a file, edit a file Create a new file in the directory
Execute Run the file if it is an executable file (e.g. - a cgi script) Navigate through that directory level to subdirectories

The 3 types of people you can assign permissions to are user (yourself), group (a predefined set of people), and other (everybody else).

People who may be granted permissions Description
User The person who created the file or directory. Sometimes called "owner".
Group A group of users. By default, most people are already a member of the usr group, of which everyone with an account on blue.unix is a member.
Other Everybody else (including people browsing your site with a Web browser)

The following is an example of what a file's permissions might look like:

user group other
rwx r-- r--

In the example above:

  • user has read, write, and execute permissions
  • group has read permissions
  • other has read permissions

Setting Permissions

Single-user vs. Group-maintained Sites

If you suspect that you are having permissions-related troubles, you must first determine what type of site you have: single-user or group-maintained.

  • Single-user sites:
    • All sites that have a tilde in the URL, e.g. - http://www.people.virginia.edu/~mst3k
    • Sites without a tilde that are maintained by only one person
  • Group-maintained sites:
    • Sites without a tilde that are maintained by a group of people (ITS must create a group definition for you in order to use this setup)

Single-user Sites

For single-user websites, all files must be at a minimum readable by other, and all directories must be executable by other. Recommended permissions for single-user websites:

  File Permissions Directory Permissions
User read, write read, write, execute
Group read execute
Other read execute

If the site in question is hosted on www.people.virginia.edu, the easiest way to fix incorrect file permissions is to use the Home Directory Accounts Maintenance Page. Log in and choose the option to "Set your WWW file permissions."

Changing File Permissions for Single-user Websites Using UNIX Commands

The following information will help you to use UNIX commands to change file permissions. Please note that UNIX can be a somewhat difficult environment to work in. For a more on working in the UNIX environment, please see UVACSE's Introduction to UNIX documentation and UVACSE's UNIX Tutorial for Beginners.

The steps for correcting permissions errors on single-user sites are as follows:

  1. establish a secure connection (using something like SecureCRT (available from Software Central)) to the server which houses your Web pages,
  2. issue the UNIX command chmod for any files or directories which need to be changed.
Scenario: User mst3k is getting a permissions error when trying to view his website at http://www.people.virginia.edu/~mst3k.
After logging into blue.unix.virginia.edu with SecureCRT, mst3k issues the following on the UNIX command line:
cd public_html
to go to the directory where his Web page is stored. He then views the permissions by issuing the command:
ls -l home.html
and sees the following output:
-rw-r----- 1 mst3k staff 724 Jan 17 2001 home.html
Permissions are organized into three major groupings. In this example the permissions for user are rw-, the permissions for group are r--, and the permissions for other are ---.
This file is not viewable on the Web because "other" does not have read permissions. To correct the problem, mst3k issues the command:
chmod o+r home.html
To verify that the command produced the desired results, mst3k again issues the command:
ls -l home.html
and sees the following output:
-rw-r--r-- 1 mst3k staff 724 Jan 17 2001 home.html
Provided that the permissions of the parent directories are correct, the page should now be viewable on the Web.

Group-maintained Sites

For group-maintained sites, the same guidelines as above apply, but extra permissions are granted to the group. Additionally, you must verify that the group ownership is correct, otherwise you may unintentionally grant write privileges to the wrong group. Recommended permissions for group-maintained websites:

  File Permissions Directory Permissions
User read, write read, write, execute
Group read, write read, write, execute
Other read execute, execute, execute

Changing File Permissions for Group-maintained Websites Using UNIX Commands

The steps for correcting permissions errors on group-maintained sites are as follows:

  1. establish a secure connection (using something like SecureCRT (available from Software Central)) to the server which houses your Web pages,
  2. verify that the group ownership of your files is correct,
  3. issue the UNIX command chmod for any files or directories which need to be changed.
Scenario:
User mst3k is getting a permissions error when trying to edit the file home.html in the group-maintained site http://www.virginia.edu/somesite
After logging into the UNIX system with SecureCRT, mst3k issues the following on the UNIX command line:
cd /www/doc/somesite
to go to the directory where the Web page is stored. He then views the permissions by issuing the command:
ls -l home.html
and sees the following output:
-rw-r--r-- 1 abc2d staff 724 Jan 17 2001 home.html
There are two problems with this file: (1) The group ownership is not correct; (2) group write permissions have not been set.
To correct this problem, mst3k goes to find the owner of the file - abc2d. Only the owner of the file may change the group ownership or permissions.
abc2d then logs into her account and repeats the steps above. To change the group ownership, she issues the command:
chgrp somegrp home.html
where somegrp is the group that was designated for this website. She then adds group write permissions by issuing the command:
chmod g+w home.html
Finally, she verifies that the changes were made by issuing the command:
ls -l home.html
and sees the following output:
-rw-rw-r-- 1 abc2d somegrp 724 Jan 17 2001 home.html
Provided that mst3k is a member of the group somegrp, he will now be able to edit the file.

  Page Updated: 2012-02-16

Standards & Policy

University of Virginia
Information Technology Services
2015 Ivy Road
P.O. Box 400324
Charlottesville, Virginia, 22904-4324 USA

UVa Help Desk: 434-924-HELP (434-924-4357) • 4help@virginia.edu

Page Updated: 2012-02-16; © 2012 by the Rector and Visitors of the University of Virginia.

The information contained on the University of Virginia’s Department of Information Technology Services (ITS) website is provided as a public service with the understanding that ITS makes no representations or warranties, either expressed or implied, concerning the accuracy, completeness, reliability or suitability of the information, including warrantees of title, non-infringement of copyright or patent rights of others. These pages are expected to represent the University of Virginia community and the State of Virginia in a professional manner in accordance with the University of Virginia’s Computing Policies.