Sanders Hosting Linux Based Quality Web Hosting
Latest News / Updates
10 May 2004
Our reseller accounts disk space and bandwidth have been increased to the same levels as our regular accounts. This is the perfect way for a new web hosting company to resell our web space under there own name, or for current customers to get a great deal on a second account.
PayPal Verified
Control Panel Login
Domain Search
Welcome to
Tutorial: Preventing access to your directories

On UNIX type operating systems, all files and directories have a set of permissions that control who can do what with a file or directory. This set of permissions is divided in three different settings which indicate what the "Owner", the "Group" and "Other[s]" can do with your file. The "Owner" is you, "Other" is other people on the same server, and "Group" is a group of users that a system administrator can assign (all users on a UNIX system belong to a "group" that have certain privileges). Each of these settings are subdivided in seven more settings, which indicate "write", "read" or "execute" permissions. These settings are assigned numbers, which will be explained below.

When you create a directory or file (or upload it), its default settings are:

  • Owner: read, write, execute
  • Group: read and execute
  • Other: read and execute
This means that other users on the same server can at least read your website files and execute CGIs on your directory. Don't worry, this is not a security concern as they can't delete or modify files.

Note: Users on the server can't do this through FTP, only through Telnet.

Sometimes, you may want to change permissions to either block or open access to your directories. Permission changes can be done with the command "chmod", and it can be done through Telnet or through FTP (most FTP clients can do this. Check their help file for more info).

For example, to give yourself total access to a file or directory, but absolutely no access to anyone else, the permission you would have to set is permission 700 (numbers to be explained below). The first number is the "Owner" permission, the second one is the "Group" permission and the third one is the "Other" permission.

Warning: the webserver operates as a "Other" user. So any directory you block from local users will also not be viewable by users through the web. There is one exception to this: the webserver acts as "Owner" when accessing files from the /cgi-bin/ directory. This means that you can set such directory and its files to permissions 700, and the webserver could still execute and access files in it. This has security benefits: your CGIs usually contain confidential information, so you can block access to them to everybody.

Here are the numbering scheme for permissions:

4: read permission
2: write permission
1: execute permission

Combinations of those would be:

7: read, write and execute (4+2+1)
6: read and write (4+2)
5: read and execute (4+1)

And on and on...

So, permission 755 would be:

Owner (7): read, write and execute
Group (first 5): read and execute
Other (second 5): read and execute

Permissions 755 is the default permission given to any file or directory that you create.

File/dir permissions can also be set individually, and through a different method that is easier to most. The command:

chmod g+x file

gives "executable (x)" rights to the "Group" permission. More examples would be:

chmod o-x file (removes execute permissions to "Other")
chmod u+r file (adds read permission to user/owner)
chmod a+x file (give executable rights to all)

And this ends our short tutorial on file/dir permissions. For more information on the chmod command itself, enter the command "man chmod" on your account's shell.

Note: you can also password protect a directory. Check our support section for information on setting up a password protected directory.

Home:: Contact:: Support© 2003 Sanders Hosting