When creating sites, the user is necessarily faced with the need to determine the access rights to files and folders. If this is not done, the directories and files will be available to any visitor.
Instructions
Step 1
The situation when an Internet user, having entered the website of a commercial organization, suddenly finds out that he can freely view confidential documents, occurs quite often. The main mistake of the administrator who monitors the site, in this case, is that he did not define the access rights to the directories and files of the site. Having freely opened the folder, the visitor can view and, if necessary, copy the files in it without hindrance.
Step 2
Access rights to directories and files are assigned in the site's control panel. There are three categories of site visitors: the administrator (user) is you, you enter the site through an FTP client. Group (group) are users who can log into the server via FTP when entering a username and password. And the third category is all other (world) users who visit the site through a browser. Each user group has its own rights.
Step 3
There are three options for file access rights: the right to read the file, denoted as r. The right to edit, or w (but you cannot delete the file), and the right to run (execute) the file - x. For folders, there is a similar system for assigning rights: reading a folder, that is, getting a list of files in a folder - r. Editing the contents of a folder - w. The right to enter the folder is x.
Step 4
Now imagine that the rwx rwx rwx options are assigned to the file. The first three characters are administrator rights. The second three characters are the group entering the server with logins and passwords. And the third is the rest of the users. As you can see, here for all three groups the same rights are set. You can change the rights like this: rwx r-- r--. As you might guess, here the administrator retained all the rights to himself, and gave the rest of the users only the ability to read the file.
Step 5
The rwx text value can be replaced with a numeric one: r (4) w (2) x (1), or 4 + 2 + 1 = 7. Thus, an entry of the form rwx rwx rwx can be written as 777. When the access rights are changed, the numbers also change. For example:
rw- (6) - allowed to read and edit the file.
r-x (5) - allowed to read and execute the file.
-x (1) - allowed to execute the file.
Step 6
When assigning access rights, proceed from security considerations. As an example, the following values of rights can be given:
777 (rwx rwx rwx) - allowed to everyone and everything.
755 (rwx r-x r-x) - everyone has the right to read and run for execution, the administrator can edit.
744 (rwx r– r–) - the administrator has all rights, the rest can only read.
700 (rwx - -) - the administrator has all rights, other users have no rights.
666 (rw- rw- rw-) - everyone can read and edit.
664 (rw- rw- r–) - admin and group can read and edit, others can only read.
660 (rw- rw- -) - admin and group can read and edit, others have no rights.
644 (rw- r– r–) - the administrator can read and edit, the rest can only be read.
400 (r– - -) - the administrator can read, the rest have no rights.
There are other options, you can get acquainted with them in the specialized literature.
