About folder permissions in linux

Source: Internet
Author: User


Talking about the folder permission in linux, during the data transfer process on several servers after homezz.com, many homezz.com users found that such errors occurred when they migrated to the new server, in the final analysis, the folder permission settings are incorrect. The old host is too open and does not have strict security performance control. Therefore, the File Permission is too large and there is no restriction on the security mechanism of the new server. Therefore, the server with too many permissions will reject the execution. The following describes the file permissions in linux. The File Permission of www.2cto.com Linux is one of the greatest guarantees for linux's security performance. Some may know that, many methods of attacking windows are to obtain the permissions of creating users through vulnerabilities to control computers. in linux, the Root account has the maximum permissions and can do everything, other users can only have all the permissions of their own files and the permissions granted to the files by the members of the Change Group. The following describes the file permissions. Read Permission R. Simply put, it is the permission to open the file to view the content. On the web server, if the file does not have the permission to open, the web server considers the file does not exist and sends the 404 file not found error, it is represented by number 4. Write Permission for www.2cto.com. If a file does not have the write permission, the file cannot be changed. If the folder does not have the write permission, a new file cannot be created in the folder, which is indicated by the number 2. Execution permission X. To execute a program file, you must have the execution permission; otherwise, the program file cannot be executed. Opening a folder is also executed, so the folder cannot be opened if it has no execution permission. It is represented by number 1. Who owns this permission file owner group user public user readable = 4 0 0 0 write = 2 0 0 0 executable = 1 0 0 0 actual permission, vertically add 0 0 0 public users as users outside the owner and group users. For example, when accessing the web, linux may use public users to read files, it can be understood as the user that the visitor can operate on. The following example (again, the folder and file are different): all users of the file can write: 666 (three types of users can read and write) who owns this permission file owner group user public user readable = 4 4 4 4 www.2cto.com writable = 2 2 2 2 executable = 1 0 0 0 actual permission, add 6 6 6 to the above link vertically. Suppose we want to set the folder to 0666. The result is very obvious because the folder has no execution permission and cannot be opened, therefore, if it is set to 0666, it cannot be accessed. The folder can only have all permissions of the file owner, including group users and public users reading and executing (755 ). In general, the web root directory folder must be set in this way to ensure security. Prompt again: if the folder has no execution permission, the user cannot open it. For normal servers, if the root directory permission is 0777, the Error 500 is displayed. Who owns the permission? In the file owner group, the user is public-readable = 4 4 5 4 writable = 2 2 0 0 executable = 1 1 1 1 Actual permission, add 7 5 5 vertically. If php needs to create a file in a folder, set all permissions for the file: users in the file owner group can write and execute 777. users in the file owner group can read = 4 4 4 4 Write = 2 2 2 www.2cto.com executable = 1 1 1 1 Actual permission, vertical addition 7 7 7 for security reasons, the normal PHP file should be set to: the owner can read and write, group users can read, public user readable 644 who owns this permission file owner group user public user readable = 4 4 4 4 writable = 2 2 0 0 executable = 1 0 0 0 actual permission, add 6 4 4 other permissions vertically. For those who suggest setting all files and folders to 777, I can only say that you are either misleading others or killing new users!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.