UNIX file permissions control who can do what to a file or directory. This is the only way to protect documents on your Web server, so it is important to discuss them in some detail.
UNIX permissions have three different levels of access to define who can do what to a file or directory:
The owner of the file (User)
A group of users who have access (Group)
Everyone else (Other) There are also three different things a user can do to a file:
View the contents of a file (Read)
Change the contents of a file (Write)
Run the file or program (eXecute) When the permissions are applied to a directory they have slightly different meanings:
List the contents of a directory (Read)
Create new files in the directory (Write)
Access files in the directory (eXecute) The different levels of access can be defined by a number. Read is 4, Write is 2 and eXecute is 1. To determine the permissions add up the numbers. For example to set Read and Write access would be 6 ( 4+2 ).
The UNIX command to change permissions on a file or directory is chmod ugo <file>. u is the access for the User, g is for the group and o is everyone else. To set a directory up for the user and group to be able to access and add files to a directory, called "hr" and everyone else to be able to get files from the directory we would do "chmod 771 hr" . To set up a file, say "policy1", for the user to be able to change and the group and everyone else to be able to read would require "chmod 644 policy1". We could also use "chmod 755 policy1" - in the case of htmL files, the execute doesn't matter, unless using the XbitHack directive.