{"id":8579,"date":"2014-10-28T16:45:03","date_gmt":"2014-10-28T16:45:03","guid":{"rendered":"https:\/\/wp.okra.host\/article\/permissions-overview\/"},"modified":"2021-03-07T14:30:50","modified_gmt":"2021-03-07T13:30:50","slug":"permissions-overview","status":"publish","type":"ht_kb","link":"https:\/\/kb.okra.host\/de\/article\/permissions-overview\/","title":{"rendered":"Eine \u00dcbersicht \u00fcber Berechtigungen"},"content":{"rendered":"

Every file is made up of a permission set. These permissions consists of\u00a03 sets of 3 bits for a total of 27 configurations. Just kidding!<\/em>\u00a0It’s not that complex!<\/p>\n

\n
\n
<\/div>\n
-r--r--r-- \u00a0 \u00a0root \u00a0 root 1972 Oct 13 23:14 test.mail
\n-rw-r--r-- \u00a0 admin \u00a0admin 4345 Aug 29 12:33 test.php
\n-rwxr-xr-x \u00a0nobody \u00a0admin\u00a0 592 Sep 25 10:20 test.py
\ndrwxrwxrwx \u00a0 admin nobody\u00a04096 Jul \u00a09 10:28 tmp
\n<\/code><\/div>\n<\/div>\n<\/figure>\n

Let’s take a look at output from a FTP client<\/a>. Three files and 1 directory exist in this example. A directory, tmp\/, denoted by “d<\/strong>” is also called a folder: a place to stash files. Each file has different permission sets, which permit different interactions.<\/p>\n

Permissions<\/h2>\n

Permissions are broken into chunks that consist of read (r), write (w), and execute (x) properties. Read<\/em> permits access to read file or folder contents, write<\/em> permits access to modify the file or remove files within a directory, and\u00a0execute<\/em> allows the file to run as a program\u00a0or to open a directory. An absence of a permission is replaced by “-“.<\/p>\n

\n

Note:<\/strong><\/span>\u00a0a directory could have just execute (x), lack read (r), and still be accessible by a user. File contents\u00a0could not be listed, but if the filename were known, then it could be opened. This approach is recommended\u00a0in multi-user accounts\u00a0to protect against file snooping.<\/p>\n

Likewise<\/em>, if a directory lacks an execute bit (x), then neither it nor any directories within it may be opened.<\/p>\n<\/blockquote>\n

Each file or directory consists of 3 chunks that are applied to the file owner<\/em>, group<\/em>, and everyone else (simply called “other<\/em>“). Notice how each file has two users next to it?<\/p>\n

\n
-rw-r--r-- \u00a0 \u00a0admin admin<\/b>\u00a04345\u00a0Aug 29 12:33 test.php<\/code><\/div>\n<\/figure>\n

These 2 fields represent the owner<\/em> and\u00a0group<\/em> to which the file belongs. Owner is the user who created the file, and group is the group to which the user belongs. “Everyone else” is everyone else who isn’t the owner nor a member of the\u00a0group, in particular the web server that runs as user “apache” in its own group. Only user admin<\/em> can write to the file. Other users created via Users<\/strong> > Add\u00a0User\u00a0<\/strong>can read the file, as can the web server, in addition to the creator, admin<\/em>.<\/p>\n

\n

Any file created by a user on your account will\u00a0possess the same group, which is the primary username of the account. A special user “apache” is any file\u00a0created by a web application. Permissions are applied nightly to permit\u00a0modification by\u00a0the primary user on the account. Ownership can be changed via Files<\/strong> > File Manager<\/strong> > Properties<\/strong> action within the control panel.<\/p>\n<\/blockquote>\n

Permissions must be changed to allow another user, like a PHP application, write access to the file. But before that, take a quick aside to learn about the alternative form of presenting permissions…<\/p>\n

Octal Conversion<\/h2>\n

Permissions can be presented in set or octal form. Previously permissions were presented as sets for easy understanding. Now, map each permission type: [r,w,x] into a number: [4, 2, 1]. Add these numbers up for each permission chunk and you get a 3-digit number between 0 and 7 that represents permissions for the\u00a0owner<\/em>,\u00a0group<\/em>, and other<\/i>.<\/p>\n

-rw----r--<\/code> becomes 604, drwxr-xr-x<\/code> becomes 755, and so on. Whenever permissions are referred to as “777”, this maps to -rwxrwxrwx<\/code>.<\/p>\n\n\n\n\n\n\n\n\n
604 Conversion<\/th>\n<\/tr>\n<\/thead>\n
owner<\/td>\ngroup<\/td>\nother<\/td>\n<\/tr>\n
r<\/td>\nw<\/td>\n–<\/td>\n–<\/td>\n–<\/td>\n–<\/td>\nr<\/td>\n–<\/td>\n–<\/td>\n<\/tr>\n
4<\/td>\n2<\/td>\n0<\/td>\n0<\/td>\n0<\/td>\n0<\/td>\n4<\/td>\n0<\/td>\n0<\/td>\n<\/tr>\n
6<\/td>\n0<\/td>\n4<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n\n\n\n\n
755 Conversion<\/th>\n<\/tr>\n<\/thead>\n
owner<\/td>\ngroup<\/td>\nother<\/td>\n<\/tr>\n
r<\/td>\nw<\/td>\nx<\/td>\nr<\/td>\n–<\/td>\nx<\/td>\nr<\/td>\n–<\/td>\nx<\/td>\n<\/tr>\n
4<\/td>\n2<\/td>\n1<\/td>\n4<\/td>\n0<\/td>\n1<\/td>\n4<\/td>\n0<\/td>\n1<\/td>\n<\/tr>\n
7<\/td>\n5<\/td>\n5<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
<\/div>\n

Permissions from now on will be referred to in octal for brevity.<\/p>\n

Changing Permissions<\/h2>\n

Permissions may be edited in a variety of ways:<\/p>\n