page content

How do I set the permissions on my CGI programs and other files?

When you don't have shell access via SSH, you have to do this from within your FTP client program with which you upload your files. Do not change the permissions of the cgi-bin/ folder when doing so you could compromise the security of your website.

Most of the simpler FTP clients offer a graphical attribution of the permissions:

user group world

read () () ()

write () () ()

execute () () ()

You just have to click to grant the rights. As you can recognize the holder of the rights becomes less and less trustworthy: the user rights are for yourself, the group rights are for the groups you are a member of and the world are the visitors of your website.

As you are no group's member consider the group and the world as the entities that you have to grant very carefully rights to.

For a very simple CGI program you would grant for instance these rights:

user group world

-rwx --x --x

In certain cases your CGI could need read access for the world too:

user group world

-rwx r-x r-x

A good practise is to use always as few permissions as possible.

The above example could be also written in octal values, like this:

user group world

-rwx --x --x

would be 755.

and

user group world

-rwx --x --x

would be 711.

Putting it simple: you choose from 0-7 for each of the three groups, user, group and world.

0 means no access right at all

1 means execute rights (be careful)

2 means write rights (be careful)

4 means read rights (that's the only right needed for standard HTML files)

If you add the octal values together you combine the rights, for instance 1+2=3 3 means execute and write rights.

You may play around with these rights in your directory to better learn how to use them. Don't forget to always verify the rights you set. An error could be fatal to your content's security.

For your common HTML files you would grant only 644 permissions. This means that you, the user has read and write rights (4+2=6); the group has read rights (4) and the world has read access too (4); (sumed up this makes: 644). Generally your FTP client uses these careful permissions as default.