http://qs321.pair.com?node_id=1133900


in reply to Re^2: CGI script to output data as CSV
in thread CGI script to output data as CSV

chmod 777 on my cgi-bin folder

Are you aware of what that command does? You just have made your cgi-bin directory writeable for every user on that machine!

The three digits following chmod encode permissions for the owner ("user"), the group ("group"), and all other users ("others", "world"), in this order. Each digit has the same meaning: 4 means reading allowed ("read", "r"), 2 means writing allowed ("write", "w"), 1 means execute file / crossing directory allowed ("execute", "x"). 0 means nothing allowed. Other digits are just sums, 7 means full permissings, 5 just read and execute/cross, 6 means read and write, but no execute. 3 (write and execute) is rarely used.

Common combinations are:

400, r--------
read-only, only for the user. No permissions for group and world. Common for files that are secret (e.g. passwords) and should not accidentally overwritten.
600, rw-------
read-write. Like 400, but writeable.
700, rwx------
rwx for the user. A private, writeable program, e.g. a script with sensitive data. For directories, a private directory that nobody else may list, change, or even enter.
644, rw-r--r--
readable for everyone, but writeable only for the user. The common mode for all kinds of non-executable files.
755, rwxr-xr-x
like 644, but with executable flag set. The common mode for executable files and directories that may be listed by others.
711, rwx--x--x
full access for the owner, but only executable permissions for group and others. Useful for binary executables (not scripts) that can be run by everyone, but nobody except the owner may read or write it. For directories, this allows to cross the directory, but non-owner users can't list or change them.
666, rw-rw-rw-
Everybody may read or write, but not execute. Scratchpad. Don't trust such files.
777, rwxrwxrwx
"Stupid mode", everybody may read, write, and execute. For directories, everybody may list and write to that directory. Except for the temporary directories /tmp and /var/tmp, this is almost always wrong. You want 755. (/tmp and /var/tmp also have the sticky bit set, but that's a different story.)
640, 750, 710, 660, 770
as above, but limited to user and group. Others don't have access.

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Replies are listed 'Best First'.
Re^4: CGI script to output data as CSV
by Anonymous Monk on Jul 09, 2015 at 08:17 UTC

    1 means execute file / crossing directory allowed ("execute", "x").

    Boundaries? Like if its a link to a different mount?

      Boundaries? Like if its a link to a different mount?

      No:

      >mkdir foo >ls -ld foo drwxr-xr-x 2 alex users 40 Jul 9 10:44 foo/ >mkdir foo/bar >ls -l foo total 0 drwxr-xr-x 2 alex users 40 Jul 9 10:44 bar/ >chmod 000 foo >ls -ld foo d--------- 3 alex users 60 Jul 9 10:44 foo/ >ls foo /bin/ls: cannot open directory foo: Permission denied >cd foo -bash: cd: foo: Permission denied >chmod 100 foo >ls foo /bin/ls: cannot open directory foo: Permission denied >cd foo >pwd /tmp/foo >ls /bin/ls: cannot open directory .: Permission denied >cd bar >pwd /tmp/foo/bar >cd /tmp >chmod 400 foo >ls -ld foo dr-------- 3 alex users 60 Jul 9 10:44 foo/ >cd foo -bash: cd: foo: Permission denied >cd foo/bar -bash: cd: foo/bar: Permission denied >

      To read the contents of a directory (/bin/ls, opendir/readdir), you need read permissions, the "r" bit, 4 in the usual octal numbers.

      To "cross" the directory, e.g. make it the current directory or just use it in a path, you need execute permissions, the "x" bit, 1 in the usual octal numbers.

      Alexander

      --
      Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)