File Permissions for Web Pages

Note: A separate set of rules apply to CGI scripts in your cgi-bin directory. Please read the notes on the CGI Guidelines page for more information.

Security is a big deal these days, especially as more and more people start to use the web. Your web page really isn't any good if anyone can come along and change what you've written. There are a few ways to restrict access to who can see and modify your web pages, then. (This is most pertinent for keeping people with access to WPI machines from modifying files in your "public_html" web directory.)

If you are interested in knowing how to restrict access to your web pages from across the internet (i.e. through Netscape or some other web browser), please refer to our access restriction page.

Setting up your web site permissions

Automated

Try out the new automatic website permissions tool.

Manual

If you have never setup a web site on your WPI account, you will want to read the Creating Your Homepage at WPI page which will detail the beginning steps to setting up your account and first web site. If you are trying to view your web page and are getting errors such as "403 Forbidden" then you will want to read the following section to help resolve permission issues.

In order for the web server software installed on WPI's machine to find your web page, your home directory must have certain permissions. You can use the following command in SSH to set them:

chmod 711 ~

Once your home directory permissions are set, you will need to set permissions on the directory that your web site is stored in. The following command will do that for you:

chmod 711 ~/public_html

Now, you need to set the permissions of all of the files inside of the folder. To do this, use this command:

chmod -R 644 ~/public_html/*

If you have any directories in your Public HTML folder, you must set those to have a different permission. To do this, use this command:

chmod 755 ~/public_html/folder-name

Those commands should resolve any permission issues that you might be having with your web site. If you would like more information on the chmod command and how to use it as well as a list of other permissions you can set, please refer to the chmod page.

Permissions and .htaccess-related files

If you are using .htaccess files to restrict access to your webpage, you will want to ensure the associated security files (.htaccess, .htgroup and/or .htpasswd), are secure. To do this WPI has installed a program which will change the read permissions for a file to the owner (you), and "nobody." The result is a secure file you can modify and the webserver (thus the web browsers) can see, but others local at WPI can't modify.

To set a file's group to "nobody" run the nobody command at the UNIX prompt. The argument for this program is a directory name. It will descend a directory tree and change the files in it to the "nobody" group. After removing the access for "others" the web would be private. Examples:

nobody ~/public_html/directory-to-protect chmod -R 701 ~/public_html/directory-to-protect

If you want to return the files to a different group, use the reclaim program at the UNIX prompt. It takes a filename as an argument, and is not recursive like nobody, in other words, if you want to reclaim a directory and all of the files inside, you will need to run the command on every file and every directory.

Maintained by itweb.
Last modified: Mar 11, 2005, 20:47 UTC