 |
The most secure way to protect
your file is to change the "permissions" of
a file on the server. This allows you to give certain groups different
levels of access to your file. This is a bit more complicated, because
the permissions will have to be set using software such as WS_FTP,
Dreamweaver, or connecting directly to the server via telnet.
Depending on which piece of software you use, the steps involved will
be different. The levels at which permissions should be set depend on
the desired access.
On a UNIX server, like Polaris and Nova, you can set permissions for
three groups of people:
- The owner (also called the "user") is the person
who created the file -- presumably you,
- The group (sometimes called the "user/group"), is
defined by default in your server account. If you're a faculty member
then files you create on Nova or Polaris will have a group "faculty" assigned
to them (which means all UMUC faculty members with server accounts).
- Everyone (also called "others" or "the world"),
refers to everyone else. Most importantly, this refers to everyone
-- including you -- who accesses the page via the worldwide web.
You can set three levels for each of these groups:
- read permission allows people to view a file but nothing more.
You should always give yourself ("owner") read permissions.
To stop a file from being viewable on the web, you should make sure
that read permission is not enabled for "everyone".
Note: You have to enable read permissions on a folder (or directory) in order
for any of the files within that directory to be viewable. To deny the viewing
of all files in a directory, read permission can be disabled for that directory.
- write permission allows people to edit or delete a file. In
general you should give this permission only to yourself ("owner").
- execute permission allows files which are programs to be run.
This generally won't come up unless you're writing programs in a language
like C++ or Perl on Nova or Polaris.
Note: Execute permission is necessary on a directory to make a directory
listing viewable. This is different from read permission on a directory:
read permission on a directory makes makes the files within the directory
accessible, execute permission on a directory makes the names of those files
viewable.
Specific recommendations
- You should always give yourself ("owner") full permissions
(read, write, and execute) for all of your files.
- You will probably not have reason to treat "group" and "everyone" differently.
- To make a file accessible, enable "read" and "execute" permission
for "everyone" and "group".
- To hide a file, disable all permissions ("read", "write",
and "execute") for "everyone" and "group"
- Don't forget to set permissions for the directory as well.
Numerical specifications
Many programs have a friendly user interface to allow you set the permissions
in a readily recognizable way. However, some programs require a three-digit
code to represent the permissions.
Here are the two you'll most often need:
- 700: disable access to everyone but yourself ("owner")
who have full access.
- 755: allow "read" and "execute" access to everyone,
plus "write" access only to yourself ("owner")
If you're curious what the numbers mean, each level of access
is given a number;
Permission |
Description |
Numeric
Value |
r
|
read
the file or directory |
4 |
w
|
write
to the file or directory |
2 |
x
|
execute
the file or directory |
1 |
|
|
To combine various levels of access,
these numbers are simply added.
For example, if someone should have read
and execute access, this comes to a value of 4 ("read")
+ 1 ("execute") = 5. If someone should have full access
(generally only you, the "owner"), this would be 4 ("read")
+ 2 ("write") + 1 ("execute") = 7. If someone
should have no access, then the number is 0. The
chart to the right shows the permissions set to 755. It grants
the owner the right to read, write and execute a file. It allows
all other users to read and execute a file, but does not allow
them to write (make changes to the file). |
| Grant |
Owner
|
Group
|
Other
|
r
|
4
|
4
|
4
|
w
|
2
|
-
|
-
|
x
|
1
|
1
|
1
|
| Total |
7
|
5
|
5
|
 |
For the three-digit number, the first digit
is the permission for the "owner", the
second is for the "group" and the final one
is for "everyone". |
|
|
|
