Jump to content

All about CHMOD's


K1u
 Share

Recommended Posts

Tutorial I wrote on my site... thought I would share it here. Just trying to contribute... sorry if it does not meet the standards. I wrote this not to long back.

By K1u

Commonly asked. -

What are CHMOD's?

To break it down basically they are rules or permissions. It stands for CHange MODe.

How can I edit them?

Use a FTP client to connect to your server, I suggest Filezilla. Other popular method through SSH.

If they are configured badly can I get hacked?

Short answer No. Long answer... lets put it like this, if you have something CHMODDED to 777, yes it is writable to the public... but they must gain access to your server to be able to write in any of these files. But... I am not saying to go out and CHMOD your whole root directory to 777... no not at all, yes you can get hacked... though this is with result of the groups not being configured properly.

Well then whats the best CHMOD?

755.

Now for the information. -

So let me first explain what the 3 places on a CHMOD are with a diagram.

68izwpg.png

Now to explain what these numbers can mean. Before I do that I will point out another way you might see CHMOD's formatted, particularly on Unix based systems when looking at file permissions.

R - Read

W - Write

X - Execute

0 = No permissions at all. (---) - Avoid this.

1 = Only permission to execute. (--x)

2 = Only permission to write. (-w-) - Avoid this.

3 = Permissions to write and execute. (-wx)

4 = Permission to read only. (r--)

5 = Permissions to read and execute. (r-x) Good.

6 = Permissions to read and write. (rw-)

7 = Permissions to do anything. (rwx)

Examples. -

Bad - 777 (-rwxrwxrwx) = Anyone can Read, Write, and Execute.

Good - 755 (-rwxr-xr-x) = You can do Read, Write, and Execute. Others can only Read and Execute.

Bad situations. -

I CHMODDED myself so I have no permissions to the file, what the heck do I do?!?

Ouchies! First off why did you do that? Find a backup of the file or try to download it to your system and chmod it as root.

My Web server has been attacked and my host blames my CHMOD's!

Blame your host for not setting up the groups correctly!

More questions! -

How do I change CHMOD's on my computer?

Simply -

chmod value filename

Example -

chmod 755 priv.txt

I want to change who is the owner of the file?

Use the chown command.

Syntax -

chown [-hHLPR] [[user]] [:group] target1 [[target2 ..]]

I want to change the group(s) of the file?

Use the chgrp command.

Syntax -

chgrp group target1 [target2 ..]

I am using windows what am I supposed to do?

Cacls.exe (Change Access Control Lists)

Links! -

CHMODDING on FreeBSD - http://www.freebsd.org/cgi/man.cgi?query=chmod&sektion=1

CHMODDING on Mac OS X - http://www.hmug.org/man/1/chmod.php

CHMODDING on Solaris - http://docs.sun.com/app/docs/doc/817-0689/...hmod&a=view

CHMODDING on Linux - Already shown in tutorial.

I hoped you enjoyed. Its 10:47PM and I loved writing this Tutorial. If you find anything wrong with it (including typos) PM me.

Link to comment
Share on other sites

You missed out the bit about the number 0 - 7 been the octol representation of the binary for the rwx permissions.

So...

1 = --x becasue 001 = 1

2 = -w- becasue 010 = 2

3 = -wx becasue 011 = 3

4 = r-- becasue 100 = 4

do we see a pattern emerging?

777 = 111 111 111 = rwxrwxrwxr

755 = 111 101 101 = rwxr-xr-x

Get it?

Link to comment
Share on other sites

You missed out the bit about the number 0 - 7 been the octol representation of the binary for the rwx permissions.

So...

1 = --x becasue 001 = 1

2 = -w- becasue 010 = 2

3 = -wx becasue 011 = 3

4 = r-- becasue 100 = 4

do we see a pattern emerging?

777 = 111 111 111 = rwxrwxrwxr

755 = 111 101 101 = rwxr-xr-x

Get it?

Thank you for adding this!

Link to comment
Share on other sites

Also, there is a more user friendly syntax for people who (like me) who can't remember numbers.

chmod o-rwx <file> (for example) would remove every one else's permissions to do any thing to the file. Or (as is fairly common) to make a file executable by every one you can do chmod +x <file>.

Link to comment
Share on other sites

Also, there is a more user friendly syntax for people who (like me) who can't remember numbers.

chmod o-rwx <file> (for example) would remove every one else's permissions to do any thing to the file. Or (as is fairly common) to make a file executable by every one you can do chmod +x <file>.

the best chmod is not 755

the best chmod is the lowest number that allows you to do what you need with the file

if YOU are the only one who need to read it and you don't want to change it then the best mod is 400

Link to comment
Share on other sites

Also, there is a more user friendly syntax for people who (like me) who can't remember numbers.

chmod o-rwx <file> (for example) would remove every one else's permissions to do any thing to the file. Or (as is fairly common) to make a file executable by every one you can do chmod +x <file>.

the best chmod is not 755

the best chmod is the lowest number that allows you to do what you need with the file

if YOU are the only one who need to read it and you don't want to change it then the best mod is 400

Note that this tutorial is for n00bs who do not know much about chmods.

755 is usually the best (most safe) chmod to use on a webserver, 755 is usually a default chmod most of the time and me saying that is in correspondence to what I said above.

If I were to say something like "the best chmod is the lowest number that allows you to do what you need with the file" then all that would cause is confusion.

Good day.

Link to comment
Share on other sites

You know chmod is just the name of the utility to change modes (which includes permissions and things like setuid), right? Permissions are not called chmods.

Yes you are right but usually we say "I have it chmodded to..." "I just chmod to" "my chmod for this is", so I am saying this because it is the normal tounge used. But Shaun you are correct Permissions are not called this.

Link to comment
Share on other sites

Also, there is a more user friendly syntax for people who (like me) who can't remember numbers.

chmod o-rwx <file> (for example) would remove every one else's permissions to do any thing to the file. Or (as is fairly common) to make a file executable by every one you can do chmod +x <file>.

the best chmod is not 755

the best chmod is the lowest number that allows you to do what you need with the file

if YOU are the only one who need to read it and you don't want to change it then the best mod is 400

Note that this tutorial is for n00bs who do not know much about chmods.

755 is usually the best (most safe) chmod to use on a webserver, 755 is usually a default chmod most of the time and me saying that is in correspondence to what I said above.

If I were to say something like "the best chmod is the lowest number that allows you to do what you need with the file" then all that would cause is confusion.

Good day.

plus people who don't understand chmod most of the time will be people running webservers and on a web server the best chmod is 644
Link to comment
Share on other sites

Also, there is a more user friendly syntax for people who (like me) who can't remember numbers.

chmod o-rwx <file> (for example) would remove every one else's permissions to do any thing to the file. Or (as is fairly common) to make a file executable by every one you can do chmod +x <file>.

the best chmod is not 755

the best chmod is the lowest number that allows you to do what you need with the file

if YOU are the only one who need to read it and you don't want to change it then the best mod is 400

Note that this tutorial is for n00bs who do not know much about chmods.

755 is usually the best (most safe) chmod to use on a webserver, 755 is usually a default chmod most of the time and me saying that is in correspondence to what I said above.

If I were to say something like "the best chmod is the lowest number that allows you to do what you need with the file" then all that would cause is confusion.

Good day.

plus people who don't understand chmod most of the time will be people running webservers and on a web server the best chmod is 644

This can be argued. I will explain...

Usually a file chmodded to 644 is a file at installation, example: a forum install. After this they are most likely defaulted to 755. Why limit yourself, the owner should always have 7, and read only for groups and public is not always a smart move.

Link to comment
Share on other sites

This can be argued. I will explain...

Usually a file chmodded to 644 is a file at installation, example: a forum install. After this they are most likely defaulted to 755. Why limit yourself, the owner should always have 7, and read only for groups and public is not always a smart move.

best is always subjective but

it's less of a  security risk to have 644 444 even if you'r not going to change the file and if the the default is 755 and someone uses a upload script to upload a file to compromise your host you just allowed the attacker to run it for free

Link to comment
Share on other sites

This can be argued. I will explain...

Usually a file chmodded to 644 is a file at installation, example: a forum install. After this they are most likely defaulted to 755. Why limit yourself, the owner should always have 7, and read only for groups and public is not always a smart move.

best is always subjective but

it's less of a  security risk to have 644 444 even if you'r not going to change the file and if the the default is 755 and someone uses a upload script to upload a file to compromise your host you just allowed the attacker to run it for free

Security with user-abilities sake would be best to use 755, but yes 644 would be more secure even though it restricts the owner.

Link to comment
Share on other sites

Mmm, why me? That sounds like something someone who wasn't incredibly lazy would do.

I do agree with SomeoneE1se though, something doesn't really need the execute bit set unless it's actually an executable or a directory. In case of web servers it would mostly be directories and stuff in cgi-bin which would need it. Stuff like .php files don't need it since they are parsed by the webserver, not executed like CGI script/programs.

Link to comment
Share on other sites

Well then whats the best CHMOD?

755

There is no 1-size-fits-all.

Understand what you're doing, or don't muck around with it on something you value.

The best CHMOD is the one that gives the minimum required set of rights.

Anything over that is unneccessary and should be avoided.

I CHMODDED myself so I have no permissions to the file, what the heck do I do?!?

Ouchies! First off why did you do that? Find a backup of the file or try to download it to your system and chmod it as root.

Um... What? How the hell do you chmod 'yourself'? And if you give a file the wrong permissions, rerun chmod to give it the right permissions.

Why put back a backup of a file after changing the mode bits? If you can replace the file, you can change the mode bits. If you need to be root (don't see how given your webserver scenario, but let's assume) just become root and change the bits. I don't see where the need for a backup comes in.

My Web server has been attacked and my host blames my CHMOD's!

Blame your host for not setting up the groups correctly!

Or apply a brick to your face repeatedly for changing them yourself without being aware of what you were doing.

Link to comment
Share on other sites

This can be argued. I will explain...

Usually a file chmodded to 644 is a file at installation, example: a forum install. After this they are most likely defaulted to 755. Why limit yourself, the owner should always have 7, and read only for groups and public is not always a smart move.

I know RHEL(at least version 5) does not allow you to configure umask to allow executable premissions on new files. They strictly do this for security reasons, which is deffiantly a must in a corporate environment. If fewer files are executable then their will be less likely a chance of someone being able to exploit your system. Now whether you choose to give new files the excute permission with chmod command is obviously entirely up to the views of the user.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...