You are here: Chmod and Ascii Mode Explained
Wizcrafts Computer Services
Apache web server file permissions
Apache Web Server Chmod and Ascii Mode Explained
This information is important to anybody who manages a website, hosted on an Apache Server, and uses an FTP Client or a file manager, to upload your files and folders and set the required access permissions for them.
This information applies to Unix, FreeBSD or Linux web servers, not Windows IIS, because Windows does not support the FTP CHMOD command. If your website is hosted on a Windows server contact your web host for help with changing file permissions.
- †CHMOD
- CHMOD is a UNIX term for a server operation to set or change the mode of the file access permissions. When executed, the command can change file system modes of files and directories. The modes include permissions and special modes.
- †Ascii Mode
- Ascii is an anacronym for American Standard Code for Information Interchange. Originally developed for teletype use, ascii represents a document that is in plain text, with no special formatting characters. When you upload plain-text-based files, such a html pages, Perl scripts, .txt, .css, .js, and .htaccess files to a web-server they must be sent in ascii mode.
- Binary Mode
- Binary mode is the other mode of transmission used by web-servers. It is used for images, executables, databases, soundfiles, or other specially formatted files. If you can't read and understand the contents of a file with Notepad, or Wordpad, you can bet is probably a binary file (the characters will look like gibberish). All FTP Clients (programs) are equipped with a means of choosing either ascii, binary or automatic detection modes for uploads to your server.
There are three ownership parts (O,G,E) to CHMOD permissions, in this order from left to right:
- "Owner" (Administrator, or owner of the Domain account)
- "Group" (Non-administrative, logged-in members of the Domain)
- "Everyone" (Outside visitors from the Internet, not part of the Domain, also known as "World")
There are three permission levels available for each user group:
- Read permission, abbreviated as r, equal to a numeric value of 4
- Write permission, abbreviated as w, equal to a numeric value of 2
- Execute permission, abbreviated as x, equal to a numeric value of 1
These permissions are listed from left to right for each group, in the order rwx. If a permission is listed it is considered to be turned on. Hyphens indicate that an attribute that is turned off. If all three are turned on their numeric equivilant is 7 (4+2+1). If all three groups have a permission of 7 everybody gets full control of that file or directory. If a file or folder is chmoded to zero permissions (000), it will disallow access to ALL users, including the owner! If you make that mistake you will need to ask your Web Host to restore default permission to it. If you chmod your root directory to the wrong permission you can lock yourself out of your own Domain!
All seven permissions are listed below, with their numeric values on the left.
- --x
- -w-
- -wx
- r--
- r-x
- rw-
- rwx
Common combinations in use on web servers are as follows:
- 644 = rw-r--r-- Usual permissions for reading an HTML web page or Read-only text files.
- 664 = rw-rw-r-- Used in most plain text hit-counter logs (writable = on)
- 666 = rw-rw-rw- Used in scripts that require World writable permission.
- 711 = rwx--x--x Used by Perl scripts to make them executable only upon access.
- 751 = rwxr-x--x Used by Perl scripts that must be written to and executed (hit counters).
- 755 = rwxr-xr-x Used by some Perl-scripts and binary database files.
- 775 = rwxrwxr-x Normal permission for your website's Root directory
- 777 = rwxrwxrwx The whole ball of wax. You better have tight security on any file marked with these permissions. 777 is usually only assigned to a CGI Directory, rather than to an individual file.
You can usually see the permissions listed on the server if you use an FTP program. The permissions are usually the last column on the right for each file or directory. A letter d on the left of a group of permissions indicates that it represents a directory; ie: "drwxrwxr-x" are the root directory's permissions
You can see how to put these permissions and modes into use on our Formmail Security Vulnerabilites and Solutions page.