setting file permissions on a web server

J

John Salerno

I always read about how you need to set certain file permissions (for
cgi files, for example), but it's never been clear to me *how* you do
this. I know you can run the line

chmod 755 scriptname.py

but *where* do you run this? Is this done on your personal system, or on
the server? What if you are using Windows? If it's done on the server,
how do you do it?

The only way I've figured out so far how to do this is to upload my cgi
files to my server, then within my FTP program I right-click the file
and change its permission number that way, but that seems an inefficient
way to do it, especially having to do it each time.

Is there a way to put the above line within the script perhaps, so that
the script sets its permission automatically? Or do certain editors
allow you to save files with a predetermined permission?

Aside from my right-clicking method, I don't know how else to do it.
 
R

Rene Pijlman

John Salerno:
I always read about how you need to set certain file permissions (for
cgi files, for example), but it's never been clear to me *how* you do
this. I know you can run the line

chmod 755 scriptname.py

but *where* do you run this?

This is a Unix/Linux command. You run it in a shell login on the server
(e.g. in Putty, SecureCRT, or some other ssh client you're using).
Is there a way to put the above line within the script perhaps, so that
the script sets its permission automatically?

Not in the script itself via cgi of course, because it needs certain
permissions before it can be run as cgi script. But you could put the
command in an installation script that installs the cgi script.
 
D

Daniel Nogradi

I always read about how you need to set certain file permissions (for
cgi files, for example), but it's never been clear to me *how* you do
this. I know you can run the line

chmod 755 scriptname.py

but *where* do you run this? Is this done on your personal system, or on
the server? What if you are using Windows? If it's done on the server,
how do you do it?

The only way I've figured out so far how to do this is to upload my cgi
files to my server, then within my FTP program I right-click the file
and change its permission number that way, but that seems an inefficient
way to do it, especially having to do it each time.

Is there a way to put the above line within the script perhaps, so that
the script sets its permission automatically? Or do certain editors
allow you to save files with a predetermined permission?

Aside from my right-clicking method, I don't know how else to do it.

I guess this would be a good starting point:

http://www.linuxcommand.org/man_pages/chmod1.html

In short, chmod refers to local files so wherever you run it it will
refer to files on that machine. You run it simply by typing it in a
shell as a user who has privilage to perform the operatation, which
can mean you have to be an owner of the file but if you are root you
can do it in any case. Depending on your ftp, scp, http or whatever
method you use to transfer files the file permissions may or may not
change during the transfer. If permissions are kept intact you can
chmod on your local machine and then transfer, if they are not then
you transfer first and chmod on the server. When you transfer files
from a windows machine to *nix it again depends on the particular
method you choose how the permissions will be set.

There is no way of putting this permission information into the file
itself but some (most?) editors can be set to save the file with a
permission of your choice.

Hope this helps.
 
J

John Salerno

Daniel said:
In short, chmod refers to local files so wherever you run it it will
refer to files on that machine. You run it simply by typing it in a
shell as a user who has privilage to perform the operatation, which
can mean you have to be an owner of the file but if you are root you
can do it in any case. Depending on your ftp, scp, http or whatever
method you use to transfer files the file permissions may or may not
change during the transfer. If permissions are kept intact you can
chmod on your local machine and then transfer, if they are not then
you transfer first and chmod on the server. When you transfer files
from a windows machine to *nix it again depends on the particular
method you choose how the permissions will be set.

Thanks, but I'm still a little confused. Since I'm running Windows, I
assume that I can't run the chmod line on my own computer. My web server
uses Unix, but is it possible for me to have access to a command line
for the server? I didn't know that was possible for basic web hosting
plans (I'm using 1and1 right now).

I suppose I could write a script that would set the permissions of all
the files in a particular folder on my computer to 755, but is there a
Windows equivalent command for chmod to do this? Or am I stuck having to
do it on the server side?
 
D

Diez B. Roggisch

I suppose I could write a script that would set the permissions of all
the files in a particular folder on my computer to 755, but is there a
Windows equivalent command for chmod to do this? Or am I stuck having to
do it on the server side?

The chmod has to be executed on the machine the file resides on - aka
the server. If your plan includes a ssh-account you can use that.
Otherwise you might be able to create an ftplib-based script that will
automate this over ftp.

Diez
 
D

Dennis Lee Bieber

Thanks, but I'm still a little confused. Since I'm running Windows, I
assume that I can't run the chmod line on my own computer. My web server
uses Unix, but is it possible for me to have access to a command line
for the server? I didn't know that was possible for basic web hosting
plans (I'm using 1and1 right now).
Your provider would be the folk who can answer that better than any
of us.

However, while ProComm Plus's FTP module doesn't seem to offer a
means of changing protections on remote files... (Yes, I still have
that, even though it is overpriced for use just as an FTP program -- and
who needs multiple terminal emulations these days, even if they can be
used via telnet and not just dial-up)

I just opened the same site using FireFTP (Firefox plugin), selected
a file, and asked for properties... It looks like it has the ability to
set permissions including execute and SUID/GUID/sticky...

From the message log field

220 aloha.webkahuna.com FTP server (Version wu-2.6.1(2) Fri Nov 30
00:25:40 CST 2001) ready.
USER wulfraed
331 Password required for wulfraed.
PASS (password not shown)
230 User wulfraed logged in.
<snip>
CWD /dm/home/home/wulfraed/web_pages
250 CWD command successful.
PASV
227 Entering Passive Mode (216,89,180,17,254,61)
LIST
150 Opening ASCII mode data connection for /bin/ls.
226 Transfer complete.
SITE CHMOD 0644 /dm/home/home/wulfraed/web_pages/index.htm
200 CHMOD command successful.
TYPE A
200 Type set to A.
CWD /dm/home/home/wulfraed/web_pages
250 CWD command successful.
PASV
227 Entering Passive Mode (216,89,180,17,197,203)
LIST
150 Opening ASCII mode data connection for /bin/ls.
226 Transfer complete.
SITE CHMOD 0664 /dm/home/home/wulfraed/web_pages/index.htm
200 CHMOD command successful.
TYPE A
200 Type set to A.
CWD /dm/home/home/wulfraed/web_pages
250 CWD command successful.
PASV
227 Entering Passive Mode (216,89,180,17,165,155)
LIST
150 Opening ASCII mode data connection for /bin/ls.
226 Transfer complete.

This may supply you with the needed procedure...
--
 
D

Daniel Nogradi

In short, chmod refers to local files so wherever you run it it will
Thanks, but I'm still a little confused. Since I'm running Windows, I
assume that I can't run the chmod line on my own computer.

Correct, chmod is a *nix command.
My web server
uses Unix, but is it possible for me to have access to a command line
for the server?

This depends on your arrangements with your web server provider.
Perhaps you are allowed to ssh into that machine, perhaps not, you
need to ask your provider. In case you can use ssh, then you can log
in with putty (an ssh client for windows, grab it from here:
http://www.chiark.greenend.org.uk/~sgtatham/putty/) and you will have
a command line on the server so you can run chmod there.
I didn't know that was possible for basic web hosting plans (I'm using 1and1 right now).

I have absolutely no experience with public web hosting but I guess
some might provide ssh-ing possibilities although I imagine most
don't.
I suppose I could write a script that would set the permissions of all
the files in a particular folder on my computer to 755, but is there a
Windows equivalent command for chmod to do this?

I have next to zero experience with windows but as far as I know
windows doesn't have file permissions at all (anyone, please correct
me if I'm wrong :)) so in windows land it doesn't make any sense to
"change file permissions". Even if it has some sort of a notion of
file permissions I wouldn't know how that gets translated into unix.
Or am I stuck having to do it on the server side?

I guess so. But that's not a terribly big problem even if you can't
use ssh. What I would do is write a script (in python of course :))
that does the file permission changing and run that script over the
web. Since this can have serious security implications my strategy
would be to place this script somewhere which is not reachable through
the web and only relocate it to a web accessible directory when you
want to run it over the web, and when you are done, you place it back
to its secure location so nobody can reach it. You can find out how to
write this script from http://docs.python.org/lib/os-file-dir.html

HTH :)
 
E

Edward Elliott

John said:
Thanks, but I'm still a little confused. Since I'm running Windows

You misplaced your period, it goes at the end of that line. ;)
assume that I can't run the chmod line on my own computer.

Sure you can, install cygwin. chmod only affects files on your computer,
and won't alter the Windows permissions (which use a different scheme), but
you can do it.
My web server
uses Unix, but is it possible for me to have access to a command line
for the server? I didn't know that was possible for basic web hosting
plans (I'm using 1and1 right now).

It is entirely possible (indeed, I don't know how most things would ever get
done without it). Most basic hosting plans however don't provide shell
access.
I suppose I could write a script that would set the permissions of all
the files in a particular folder on my computer to 755, but is there a
Windows equivalent command for chmod to do this? Or am I stuck having to
do it on the server side?

1. Settings permissions on your computer won't do a thing.
2. There's probably a Windows-equiv of chmod for your own files, but it
won't affect files placed on another machine.
3. You're stuck having to do it on the server side. Now a good ftp program
can automate this for you, but it's still your job, not the servers.

These sound like good questions for your hosting provider, or failing that,
google.
 
E

Edward Elliott

Daniel said:
I have next to zero experience with windows but as far as I know
windows doesn't have file permissions at all (anyone, please correct
me if I'm wrong :)) so in windows land it doesn't make any sense to
"change file permissions".

Actually Windows has a quite good permission scheme, with full owner/group
ACLs and granular permissions for read, write, append, delete, and several
others I can't recall. The problem is no one uses them much. The
manipulation tools are a pain, and developers routinely ignore them
(including Microsoft's own developers, although I hear they've gotten much
better lately).
I guess so. But that's not a terribly big problem even if you can't
use ssh. What I would do is write a script (in python of course :))
that does the file permission changing and run that script over the
web. Since this can have serious security implications my strategy
would be to place this script somewhere which is not reachable through
the web and only relocate it to a web accessible directory when you
want to run it over the web, and when you are done, you place it back
to its secure location so nobody can reach it.

You're right about the security concerns, but your solution sounds like more
trouble than it's worth. With a bit more effort, you could write a local
python script that acts as an ftp client and applies permissions remotely.
But why bother when a good ftp client already has that built-in (and is
much less likely to contain destructive bugs).
You can find out how to
write this script from http://docs.python.org/lib/os-file-dir.html

You're worried about security and you turn a novice with a scripting
language loose in the briar patch of unix permissions, on a remote server
no less? And I thought I was sadistic! :)
 
K

Kirk McDonald

Daniel said:
I have next to zero experience with windows but as far as I know
windows doesn't have file permissions at all (anyone, please correct
me if I'm wrong :)) so in windows land it doesn't make any sense to
"change file permissions". Even if it has some sort of a notion of
file permissions I wouldn't know how that gets translated into unix.

This is getting a little off-topic, I admit, but the NT-derived versions
of Windows do indeed have file permissions. The Windows-equivalent of
chmod (and chown) is cacls ("Change Access Control Lists"):

http://www.ss64.com/nt/cacls.html

In essence, each file has an owner and a list of other users and groups,
who may each have "Full control" (meaning they can change permissions),
read-only, write-only, read-write, or no access.

Windows 95 and its descendants don't have permissions any more than DOS
does. (Except with respect to Windows network file-sharing.)

(Heh, I checked just before posting this and someone beat me to it.
Here's my post anyway.) :)

-Kirk McDonald
 
J

John Salerno

Daniel said:
This depends on your arrangements with your web server provider.
Perhaps you are allowed to ssh into that machine, perhaps not, you
need to ask your provider. In case you can use ssh, then you can log
in with putty (an ssh client for windows, grab it from here:
http://www.chiark.greenend.org.uk/~sgtatham/putty/) and you will have
a command line on the server so you can run chmod there.

Turns out that my web hosting company provides ssh access on the next
highest plan and up, but not mine. :)

Oh well, I think I'll explore FileZilla a little more and see if there's
more of an automated way to do it than just right-clicking each file (or
even right-clicking multiple files at once, if possible). It shouldn't
be too big of a deal anyway, but I'm always after more automated ways to
do things...call me lazy! :)
 
M

Martin P. Hellwig

John Salerno wrote:
<cut>

Most FTP servers do allow to use chmod in a ftp session, although you're
client must support it. See for example a cli ftp client (and server) on
FreeBSD.
mhellwig@xs2:~$ ftp ftp.xs4all.nl
Connected to ftp2.xs4all.nl.
220 XS4ALL ftpd DCLXVI
Name (ftp.xs4all.nl:mhellwig):
331 Password required for mhellwig.
Password:
230 User mhellwig logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls MHellwigCV_02_10_01.pdf
150 Opening ASCII mode data connection for file list
---------- 1 mhellwig user 211102 May 19 2003 MHellwigCV_02_10_01.pdf
226 Transfer complete.
ftp> chmod 400 MHellwigCV_02_10_01.pdf
200 SITE CHMOD command successful
ftp> ls MHellwigCV_02_10_01.pdf
150 Opening ASCII mode data connection for file list
-r-------- 1 mhellwig user 211102 May 19 2003 MHellwigCV_02_10_01.pdf
226 Transfer complete.
ftp>

See?
 
D

Dennis Lee Bieber

Actually Windows has a quite good permission scheme, with full owner/group
ACLs and granular permissions for read, write, append, delete, and several
others I can't recall. The problem is no one uses them much. The
manipulation tools are a pain, and developers routinely ignore them
(including Microsoft's own developers, although I hear they've gotten much
better lately).
The biggest problem is when you install an application that doesn't
know about multi-user XP (NT/2000) protections... I have a few that want
to write configuration data into the program install directory, but
WinXP makes those "read only" for non-admin accounts. So... I have to
subvert WinXP and manually set that application to allow "all users"
write access into the directory.
--
Wulfraed Dennis Lee Bieber KD6MOG
(e-mail address removed) (e-mail address removed)
HTTP://wlfraed.home.netcom.com/

(Bestiaria Support Staff: (e-mail address removed))
HTTP://www.bestiaria.com/
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,902
Latest member
Elena68X5

Latest Threads

Top