Web Development Support
    General Info   Cool Tools
    Getting Started   Troubleshooting
    Design & Promotion   Feedback
 

Search this site:


view site map

Unix File Permissions

Overview

Unix file permissions control access to web pages that are stored on Unix servers.

Most of the time, a web developer need not be concerned with Unix file permissions, but if you are encountering errors such as:

  • Access Forbidden error messages
  • Broken images
  • Inability to publish to a group-maintained site

the permissions of your web files may need to be adjusted.

Unix allows three types of permissions - read, write, and execute - and three types of people to which these permissions may be applied - user, group , and other.

The basic permissions that may be granted are read, write, and execute.  Each of these permissions has a slightly different meaning when applied to either a file or a directory.

Permission File Directory
Read view the contents of a file list the contents of the directory (i.e. - do an Ls on the directory)
Write write to a file, edit a file create a new file in the directory
Execute run the file if it is an executable file (e.g. - a cgi script) navigate through that directory level to subdirectories

The three types of people you can assign permissions to are user (yourself), group (a predefined set of people), and other (everybody else).

People who may be granted permissions Description
User The person who created the file or directory. Sometimes called "owner".
Group A group of users. By default, most people are already a member of the usr group, of which everyone with an account on blue.unix is a member. You can make a request to consult@virginia.edu to have a group created if you have need for multiple people to maintain the same files and directories.
Other Everybody else (including people browsing your site with a web browser)

The following is an example of what a file's permissions might look like:

user group other
rwx r-- r--

In the example above:

  • user has read, write, and execute permissions
  • group has read permissions
  • other has read permissions

If you suspect that you are having permissions-related troubles, you must first determine what type of site you have - single-user or group-maintained. A description of each type of site is below:

Single-user sites:
  • All sites that have a tilde in the URL
    e.g. - http://www.people.virginia.edu/~mst3k
  • Sites without a tilde that are maintained by only one person
Group-maintained sites:
  • Sites without a tilde that are maintained by a group of people (ITC must create a group definition for you in order to use this setup)

For single-user web sites, all files must be at a minimum readable by other, and all directories must be executable by other.

Recommended Permissions for single-user web sites
File Permissions
User
Group
Other
read
read
read
write
-
-
-
-
-
Directory Permissions
User
Group
Other
read
-
-
write
-
-
execute
execute
execute

Please note: if the site in question is hosted on www.people.virginia.edu, the easiest way to fix incorrect file permissions is to use the Home Directory Accounts Maintenance Page. Log in and choose the option to "Set your WWW file permissions."

For group-maintained sites, the same guidelines as above apply, but extra permissions are granted to the group. Additionally, you must verify that the group ownership is correct, otherwise you may unintentionally grant write privileges to the wrong group.

Recommended Permissions for group-maintained web sites
File Permissions
User
Group
Other
read
read
read
write
write
-
-
-
-
Directory Permissions
User
Group
Other
read
read
-
write
write
-
execute
execute
execute

Once you have determined whether your site is single-user or group maintained, you may select an appropriate tool for correcting your site's permissions (please note that the built-in FTP clients in web editors such as Dreamweaver and FrontPage do not allow you to perform the necessary operations):

Web Development Support | General Info | Getting Started | Design & Promotion
Cool Tools | Troubleshooting | Feedback

If you need further assistance with Web applications or questions, send e-mail to web-consult@virginia.edu or call the ITC Help Desk at 924-3731.

 

© 2008 by the Rector and Visitors of the University of Virginia.

The information contained on the University of Virginia’s Department of Information Technology and Communication (ITC) website is provided as a public service with the understanding that ITC makes no representations or warranties, either expressed or implied, concerning the accuracy, completeness, reliability or suitability of the information, including warrantees of title, non-infringement of copyright or patent rights of others. These pages are expected to represent the University of Virginia community and the State of Virginia in a professional manner in accordance with the University of Virginia’s Computing Policies.