When managing websites and databases, you should ensure that file permissions are set correctly to prevent outsiders from having inappropriate access to your precious data. In this article, we’ll share how to set up file permissions and what permissions we should use in which circumstances.
The Three Types Of File Permissions and the Three Types of Users
There are three types of file permissions, listed below.
- Read permission
- Write permission
- Execute permission
Also, there are three types of users where file permissions must be considered separately:
- User group
- Other users
It’s obvious what the three types of permissions mean. Read permission means you can read the contents of the file, write permission means you can modify or move the file, and execute permission implies that you can execute the file. The meaning of the user groups is also very apparent.
How Can Permissions Be Expressed As an Integer?
If you’ve heard of the command “chmod”, you’ve probably been curious about the seemingly mysterious integer after the command. It turns out that it encodes the file permissions for the owner, the user group that the owner is in, and other users. Every set of permission is represented as a number from 0 to 7, from a “0” that means no permissions, to a “7” that means maximum permission. The range of permissions is listed below.
- 0: No read, write, or execute permission
- 1: Execute permission
- 2: Write permission
- 3: Write and execute permission
- 4. Read permission
- 5. Read and execute permission
- 6. Read and write permission
- 7. Read, write, and execute permission
The first digit represents the permission obtained by the owner of the file, the second one encodes one that is acquired by the user group that the owner is in, and the third one represents the permission that other users can work on. For instance, “777” implies maximum permission, where all users can read, write, and execute, and “744” means that the owner can read, modify, or run the file, and all other users can only read it.
What File Permissions Are Appropriate in Common Scenarios?
After that, we talk about the most critical part of this article, the appropriate file permissions. Read this if you’re unsure of your decisions or just want to confirm. File permissions are a hard-to-bypass way to secure your precious data from inappropriate access. Remember that it is at the file system level, so you cannot change it unless you are logged in as an administrator. As a rule of thumb, the permissions should be set to the minimum one that still allows your programs to function correctly.
A common set of permissions is “755”, which is suitable for executable files. The owner can read, modify, or execute it, but all other users can only read or execute it, but not change it. Another common one, “644”, is used for non-executable files. Note that “755” becomes “644” if the value of every digit is subtracted by one. That “one” is execution permission.
Moreover, you should manipulate file permissions if you want to debug some issues related to access to files. For instance, you can change the permission to “777”, meaning maximum permission for every user, to ensure that the “access denied” errors are not related to whether you can access the file. However, you should change it back once you’re done with it, and if you are troubleshooting such an issue in an application available live on the Internet, you should troubleshoot it on an offline copy. Cyberattacks can strike your website anytime, and you don’t want customers’ data to be stolen because you want to troubleshoot a minor issue. Also, if the problem is fixed after changing the permissions, take a deeper look at the actual issue instead of bypassing the file permissions permanently. For instance, search for the actual permission that mitigates the problem by removing access to the files one by one.
Furthermore, if you want some resource to be unavailable to all users, even those who have signed up, you can set a “0” on the third digit of the encoded file permission. Usually, this is done by simply setting the HTTP response to “403 Forbidden” when a visitor visits a webpage, but what is happening in the background is that it does not even grant read access to the file. This is also done on system files in local systems to prevent users from tampering with them and preventing some parts of the operating system from functioning normally, though it obviously does not return a 403 error code.
How to Change File Permissions?
If you need to change those variables, you need to be an administrator, have access to an admin account or be the owner of the file. That way, important system files or files owned by others will not be modified maliciously.
On Unix-like systems, this can be achieved through the “chmod” command. After that, you can enter the three-digit number to set up the permissions for each group. In Windows, you need to go to File Explorer and then open the “Properties” of the file so that you can control access to the file or directory for users.
//Running chmod on Unix-like systems chmod 644 document.txt chmod 755 executable.exe chmod 777 accessdenied.py
In this article, we’ve discussed the anatomy of file permissions and how to set them up. Remember that it is an excellent barrier for preventing unauthorized access to files and programs, though securing your passwords and exercising other cybersecurity precautions are equally crucial.