NOTE: This is an archived copy of the Dragonfire Internet Services website. Dragonfire is no longer in operation; please do not attempt to contact any of the addresses listed on this site.

FTP file permission modes

Files

• 4 - file can be read
• 2 - file can be written to
• 1 - file can be executed (e.g. a CGI script)

Directories

• 4 - directory contents can be viewed
• 2 - files can be added to or removed from directory
• 1 - files in directory can be accessed

The first of the three digits represents the permissions you (the owner of the file) have; the second represents the permissions granted to everyone besides you your user group (in the case of Dragonfire, that's anyone with a Dragonfire account); and the third represents the permissions granted to all users not in your user group (i.e. anonymous FTP users and Web-surfers).

Useful file modes:

600

Private file: no one besides you can read the file.

644

World-readable file: anyone can read the file, but only you are allowed to modify it. This is the default file mode.

666

World-writable file: anyone can read or write to the file.

755

Executable file: anyone can read or execute the file. This is the proper mode for CGI scripts.

Useful directory modes:

700

Private directory: only you have access to the directory contents. (Note that the permissions of files inside such a directory don't matter; they could all be world-writable, but because of the directory protection, only you would be able to read from or write to the files.)

711

Semi-private directory: the directory's contents can only be seen by you, but files in the directory can be accessed by anyone (assuming the files' modes permit such access). This mode can be used to implement a crude form of password protection. If you create a directory with mode 711, then create another directory inside that directory with mode 755, people who know the inner directory's name will be able to view its contents, but people who don't know the inner directory's name will have no way of finding it out.

733

Upload directory: people other than you will not be able to see the directory's contents, but they can create or delete files in the directory. A mode similar to this (1703; see the description of the fourth digit below) is used for incoming directories created with FTP accounts.
Note: you may not create your own anonymous-FTP upload directories in this manner. In order to add an upload directory to your account (you can only have one), you must submit an account change request as described in the FAQ. Directories with this mode can be written to only by other Dragonfire users and CGI scripts.

755

World-readable directory: files in the directory can be accessed by anyone, but only you can create or delete files in the directory. This is the default directory mode.

777

World-writable directory: as above, but anyone can create or delete files in the directory. This directory mode is primarily useful for CGI scripts that need their own data directories, since the scripts normally run with no priviliges.

What about that fourth digit?

Warning: this section is fairly technical. The file modes described below are not needed for most uses, and this section may be skipped without loss of important information.

The fourth digit, which is optional, describes special modes that have certain effects on directories or executable files. (None of these affect regular files.) It is also composed of a sum of values.

Executable files:

4

Set user ID. An executable file with this mode set will, when run, have the same permission to access files that you do; in other words, it will be able to write to your world-readable files, create files in your world-readable directories, and so on. Normally, a program will have the same access permission to files that its "parent" program (the program that started it) does; in the case of the web server and CGI scripts, those are the "other user" permissions, i.e. the last digit of the file mode.

2

Set group ID. As above, but for the user group instead of the user ID. Generally not very useful; but see the description of set-group-ID for directories, and you may come up with something.

1

No meaning.

Directories:

4

No meaning.

2

Set group ID. For directories, this causes all files and subdirectories created in the directory to be owned by the same group as the directory itself is owned by. Additionally, any directories will inherit this mode by default, so their files and subdirectories will be owned by the same group, and so on. For example, you could use this mode to force all files in a directory to be owned by your user group. (Currently, this mode is not particularly useful, as all users on Dragonfire are in the same user group.)

1

"Sticky". Where the name for this mode came from seems to have been lost in the mists of time, but in a directory with the sticky mode set, files can only be deleted by their owners. (Normally, anyone with write access to the directory can delete files in it.)

The default value for the fourth digit is zero, and it can be omitted if not used.

How do I interpret the mode characters?

When in FTP, particularly with command-line clients, you'll often see a string like "-rw-r--r--" at the beginning of the line. This is a symbolic representation of the file's modes, and is interpreted as follows:

• The first character describes the file type. A "-" means a regular files; a "d" means a directory; other letters indicate special types of files.
• The second through fourth characters represent the user mode; that is, the first of the three numeric digits described at the top of this document. The first of these three chracters can be either "r" or "-", indicating that you either do or do not have read access to the file respectively. The second character can be "w" or "-", for write access; the third can be "x" or "-", for execute access. (If the set-user-ID mode is set, this will be "s" or "S" instead, respectively.)
• The fifth through seventh characters represent the group mode in the same way as described for the user mode above.
• The eighth through tenth characters represent the other-user mode in the same way as described above; however, the last character will be "t" or "T" instead of "x" or "-" if the "sticky" mode is set.