the School
Outreach
Instructions on using UNIX CHMOD
The 'chmod' command sets the proper protection for files and directories on a UNIX platform.In UNIX, files and directories have three sets of attributes that determine who can access them. These permissions are for the user (file owner), the group (those in a common unix group) and other (all other folks). Each of these three attribute sets have flags that are either set or not to determine if user (u), group (g), and/or other (o) can read (r), write (w) or execute (x) the file (or files within the directory). Something that is world or all (a) readable has all three "r" flags set. Files on the web must be readable by all, but must NOT be writeable by others.A file with the attributes "-rw-rw-rw-" during a directory listing from the UNIX command prompt (type "ls -la") has the user rw flags set, the group rw flags set, and the other rw flags set (in that order). A unix directory with the attributes "drw-rw-rw-" (note the beginning "d" tells us that this is a directory) has the user rw flags set, the group rw flags set, and the other rw flags set (in that order). Files put onto the network by typical PC and Mac FTP programs usually have world writeable files (meaning the "w" flag is set for u, g and o. They get these unwanted attributes (usually "-rw-rw-rw-" because they were written to a unix system by a Mac or PC FTP program running on a platform that typically doesn’t have strict equivalents to these permissions in its operating system). It is a major security problem to have files on our network that anyone can write over, so we must ensure that no files or directories have the "o" write permission flag set. You want to remove the "w" from the third set of file and directory attributes: For instance, directories should go from drwxrwxrwx to drwxrwxr-x and files should go from -rw-rw-rw- to -rw-rw-r--. Note that on the web, files need to have all the read flags set and directories need to have both the read and execute flags set for all three attribute sets. Remove the other "w" flag with "chmod" by typing "chmod o-w filename" at the unix command prompt. The "o-w" part means "remove write permission from others". The file attributes are split into three parts, for "user" (yourself), "group" (your group), and "other" (everyone in the universe). You may also want to remove group write access from files but this is not required. Do this with "chmod g-w filename". To later add back the group permission, do this with "chmod g+w filename". To change the attributes of all the files in a given directory in one fell swoop, type (for instance) "chmod o-w *". To make a set of files world readable what aren't already that way, use"chmod a+r filename", where the "a" sets the "r" flag for u,g and o all at once. Other attributes you can add (+) or subtract (-) are read (r) and execute (x), for user (u), group (g), other (o), or all (a). For more information on using "chmod", type "man chmod" from a UNIX command prompt. [ Back to the Instructions for SOEST web page developers. ] |
SOEST Home | Search | Directory | News | Academic Departments | Research at the School | Education | Resources |
Public Outreach | The School | Site Map | Contact Us
Comments or questions about this page go to bays@hawaii.edu. Last update Fri 22 Aug 08.