Setting Unix Permissions For Web Pages
- On This Page
- What Causes "Permission Denied"
- Restoring the Special Web Directory Property
- Resetting Default File and Directory Permissions
- Technical Details
When you first activate Web publishing, your Web directory is created with special Unix permissions assigned to it which make it accessible only to you and the Web server. This prevents others from snooping. To ensure that this service works correctly, UW Information Technology recommends that you try to maintain the original permissions of your Web directory; the instructions below are intended to help when it is absolutely necessary to set the Unix permissions for Web pages.
When the Web server is unable to read files in your Web directory it will respond with an error message.
You are not authorized to access that resource. If you think you should have access, please contact the owner.
This message often indicates a problem with permissions that you can fix by restoring the original permissions of your Web directory and its contents (see steps below).
In order for the Web server to serve your pages properly, your Web directories need to have a special property set (see the bottom of this page for technical information). In the course of publishing to your Web site, some of your directories may fail to inherit this property. Follow these steps to restore this to your Web directory and its contents.
- At the prompt, enter the following command to apply
the correct base permissions to your Web directory:
chmod 750 public_html
- At the prompt, now enter the following command to
run a special command provided by UW Information Technology for
fixing permissions. Don't forget the trailing slash!
www-fixdir -r public_html/
You may see some printed output. At this point, the special property has been restored to all of your Web directories.
Note: the www-fixdir tool does not change the standard UNIX permissions that you may be familiar with; it only restores the special property necessary for the Web server to serve your pages properly.
In theory, as long as your Web directory has the right permissions, new files and subdirectories should inherit the right permissions, too. In practice, however, permissions sometimes need adjustment. Use these instructions to restore the correct permissions to files and directories in your Web directory.
- Log in to your Homer or Dante account with Tera Term or another terminal emulator.
- Press the O key for Other.
- Press the W key to drop into the Web development environment.
- At the prompt, enter the following command to move
into your Web directory:
If you want to change permissions of a file or directory located within a subdirectory, change directories again as needed.
- Use the chmod command to apply new permissions to
your file or subdirectory.
- HTML files, images, and other "content" files
need only to be world-readable. To reset the
default permissions of a file, enter the following
command at the shell prompt:
chmod 644 <filename>
Substitute your filename accordingly.
CGI programs need to be executable by you. Use the following command to set the default permissions for these files:
chmod 744 <filename>.cgi
Again, substitute your filename accordingly.
Note: files that are read or written by CGI programs should not be group writable. This poses a security risk and will cause the Web server to respond with a server error ('Premature end of script headers').
Subdirectories need to be readable and executable by the Web server. To reset the default permissions of a subdirectory, enter the following:
chmod 750 <dirname>
www-fixdir -r <dirname>/
Substitute your directory name accordingly.
To learn more about the chmod command, refer to How to Set File Permissions Using chmod
- HTML files, images, and other "content" files need only to be world-readable. To reset the default permissions of a file, enter the following command at the shell prompt:
Here are some technical details about the Unix permissions assigned to Web directories.
Each Web directory is owned by the user who activated it and is assigned to the special "www" group. The Web server runs in the "www" group, so this setting is important in determining if the Web server can read files it has been requested to serve.
Each Web directory has the set group ID (setgid) bit turned on in order to propagate the "www" group setting to new files and subdirectories.
Each Web directory, when the correct permissions are set, has the permissions that list as drwxr-s---. The lowercase "s" represents the setgid bit, overlaid on top of group execute permission.
The www-fixdir command provides a method, normally unavailable, to assign the "www" group and turn on the setgid bit.