Home > Articles > Security > General Security and Privacy

  • Print
  • + Share This
Like this article? We recommend

Like this article? We recommend

User Permissions

The default set by your ftp program or your web hosting provider should be okay, but if you or others can't access the page from a browser, check the permissions. When you are first using a site, you want to make sure that the default setting is not 777, or read/write/execute access for everybody. You don't want your readers to be able to randomly change content or run programs on your site.

In general, the only access a user needs to a web page is read access. The main exception to this is scripts (mini-programs) in cgi-bin, which activate things such as mail forms:

numeric setting
chmod 644 (set via telnet session to your site)
owner        group  world
read write execute  read   read
1

The most common cgi script setting is 755, which enables your users' browsers to access and execute the script:

chmod 755 
owner        group      world
read write execute  read execute  read execute.

Figure 1 shows how to set this from WS-FTP. Equivalent settings should exist in any FTP application you use; check Help if you can't find this.

Figure 1Figure 1 Ordinary web page permission check box settings.

The only check box setting activated for public access is Read. (As you can see in Figure 1, in WS_FTP, the setting that controls public access is called Other. In other ftp programs, this setting might be called World or Public.)

Figure 2Figure 2 Ordinary script permission check box settings.

Figure 2 shows how to set an ftp program for access to most common cgi scripts.

The user must be able to execute the script via browser as well as read it; otherwise, the script mail form/counter/guestbook won't work. If you install a script on a site and it won't run, check the permissions to make sure that it can operate. If the script specifies another permission level, use it.

  • + Share This
  • 🔖 Save To Your Account