Chmod, Umask, Stat, Fileperms, And File Permissions

7/24/2019 Chmod, Umask, Stat, Fileperms, And File Permissions

1/37

AskApache Web DevelopmentFREE THOUGHT FREE SOFTWARE FREE WORLD(http://www.fsf.org

/register_form?referrer=7511)

Skip

Home Security Chmod, Umask, Stat, Fileperms, and File Permissions

Chmod, Umask, Stat, Fileperms, and File Permissions

Easy boot.ini Hacks for Windows SysOpsMod_Rewrite Security

by Charles Torvalds8 Comments

Unix file permissions are one of the more difficult subjects to grasp.. Well, ok maybe "grasp" isn't the word.. Master is the right

word.. Unix file permissions is a hard topic to fully master, mainly I think because there aren't many instances when a computer

user encounters them. Windows has been trying to figure it out for decades with little progress, so don't feel bad if you don't know

much about it. Unless you're with the programand running Mac or any other BSD/Unix(http://www.archlinux.org/) based OS

you've never had the ability to secure your system in this most basic and fundamental way. Usually the first time someone

encounters file permissions it's because their website was cracked..

Contents [hide]

mod, Umask, Stat, Fileperms, and File Permissions http://www.askapache.com/security/chmod-stat.html#chmod-0-to-7777

37 03/03/2015 23:27


2/37

Tips before we dig inDeleting Files and Directories1.Creating Files in Restrictive Environments2.Stat FunctionEvery Permission 0000 to 0777Congratulations!Defining Permission Bits1.How File Permissions WorkThe OS Permission BitsProtection bits for File Owner1.Protection bits for File Group2.Protection bits for All Others3.Some Example PermissionsWhat's a FileStructure of File Mode BitsSetting PermissionsCopying Existing PermissionsUmask and ProtectionDirectories, Set-User-ID and Set-Group-ID BitsNumeric ModesOther users not in the file's group:1.Other users in the file's group:2.The file's owner:3.Special mode bits:4.Apache's Internal Bits (hex)umaskFile AttributesViewing stat results1.The OS Attribute BitsSpecial Permission Bits1.Bitmasking to determine Filetype2.Default Permission Masks3.Apache Stat Bits4.The Apache file information structure.5.File Time Attributes6.Shared hosting user securityApache SecurityMultiuser security setup exampleSSH key fingerprintsExternal Links

Example File Permission Bits/ usr / l i b/ w3m/ cgi - bi n/ di r l i s t . cgi1./ us r / l i b/ per l / 5. 8. 4/ l i nux/ s tat . ph2./ usr / i ncl ude/ l i bpng12/ png. h3./ usr/ l i b/ pyt hon2. 4/ stat . py4./ usr / i ncl ude/ bi ts / stat . h5./ usr / i ncl ude/ l i nux/ nf s . h6./ usr/ i ncl ude/ l i nux/ nf s3. h7./ usr / i ncl ude/ l i nux/ stat . h8.Further File Permissions ReadingRelated PHP Functions1.Special file types2.Changing file attributes3.

.htaccess ^

$ chmod 604 . ht access

604 - r w- - - - r - - / web/ askapache/ cgi - bi n/ . ht access

php.cgi ^

$ chmod 711 php. cgi

$ 711 - r wx- - x- - x / web/ askapache/ cgi - bi n/ php. cgi

.php.ini ^


37 03/03/2015 23:27


3/37

$ chmod 600 php. i ni

$ 600 - r w- - - - - - - / web/ askapache/ cgi - bi n/ php. i ni

I'm in the process of developing an updated version of the .htaccess security plugin, and one thing I have been working on is file

permissions. Some people had problems trying to create files on their server and I realized it was bad programming on my part.. so

I began researching permissions in detail. I went deep into the source code of Apache (which is why this site is called

AskApache, BTW), PHP, Python, Ocaml, Perl, Ruby, and POSIX operating systems and got a pretty good handle on it now..

Tips before we dig in^

Here's a few things I've learned that I didn't know before (using php).

Deleting Files and Directories^

Deleting a file may require chmodding the file to 666 or even 777 before you are able to delete it. You also might have to chmod the

parent directory of the file as well. Also, you may have to chdir to the directory the file is in. And lastly you may have to change the

owner or group of the file. Further than that you can try renaming the file first then deleting it..

Deleting a directory means you need to remove every file in it first. It needs to be empty. And if your file system uses NFS or someother networked FS you might have even more problems deleting files. If the file you are trying to delete is being used by say,

Apache or php then you might have to kill that process first.

Creating Files in Restrictive Environments^

My research has been geared to try and make my code as robust as possible, I'm throwing everything but the kitchen sink into

some of these functions because so many people are on such different types of servers. To create a file in a restrictive environment

is a fun excercise to take.. You can write a file using many different functions, but there are some tricks if they all fail. One trick is

instead of trying to "write" the data to the file, you can UPLOAD the data to the server and let PHP handle the file as if you used an

upload form. I like to use fsockopen to do it, as some installations have been setup to prevent this type of fake upload.

Then there are the various other hacks like using an ftp connection (if you know the user/pass) to send the file from php, using ssh

from php, whatever is available on the hosts php installation. In addition to those more involved workarounds you can often get

around this problem by doing little hacks discussed at php.net in the comments for various functions. Such as changing the umask,

changing directories with chdir first, creating a temporary file using a function like tempfile and then renaming or copying the

tempfile to your desired file which sometimes gives you the permissions needed to write to the location.

If the php installation is newer than you can also look into creating your own stream context to pass write the data direct.

Stat Function^

I've created a stat function in php that goes farther than the normal stat function... Just give the function a file to stat, and it returnsan array of information.


37 03/03/2015 23:27


4/37

f unct i on askapache_stat ( $f i l ename) { cl earst at cache( ) ; $ss=@st at ( $f i l ename) ; i f ( ! $ss) di e( "Coul dnt st at {$f i l ename}") ;$f i l e_convert =arr ay( 0140000=>' ssocket ' , 0120000=>' l l i nk' , 0100000=>' - f i l e' , 0060000=>' bbl ock' , 0040000=>' d

$p=$ss[ ' mode' ] ; $t =decoct ( $ss[ ' mode' ] & 0170000) ; $str = ( arr ay_key_exi sts( octdec($t ) , $f i l e_conver t ) ) ? $f i l e_convert [ octdec($t ) ] {0} : ' u' ; $st r . =( ( $p&0x0100) ?' r ' : ' - ' ) . ( ( $p&0x0080) ?' w' : ' - ' ) . ( ( $p&0x0040) ?( ( $p&0x0800) ?' s' : ' x' ) : ( ( $p&0x0800) ?' S' : ' $st r . =( ( $p&0x0020) ?' r ' : ' - ' ) . ( ( $p&0x0010) ?' w' : ' - ' ) . ( ( $p&0x0008) ?( ( $p&0x0400) ?' s' : ' x' ) : ( ( $p&0x0400) ?' S' : ' $st r . =( ( $p&0x0004) ?' r ' : ' - ' ) . ( ( $p&0x0002) ?' w' : ' - ' ) . ( ( $p&0x0001) ?( ( $p&0x0200) ?' t ' : ' x' ) : ( ( $p&0x0200) ?' T' : '

$s=ar r ay( ' per ms' =>ar r ay( ' umask' =>spri ntf ( "%04o", umask( ) ) , ' human' =>$st r , ' oct al 1' =>spr i nt f ( "%o", ( $ss[ ' mode' ] & 000777) ) , ' octal 2' =>spri nt f ( "0%o", 0777 & $p) , ' deci mal ' =>spr i nt f ( "%04o", $p) , ' f i l eperms' =>@f i l eperms( $f i l ename), ' mode1' =>$p, ' mode2' =>$ss[ ' mode' ] ) ,

' f i l et ype' =>ar r ay( ' t ype' =>subst r ( $f i l e_conver t [ oct dec($t) ] , 1) , ' t ype_octal ' =>spr i nt f ( "%07o", octdec($t) ) , ' i s_ f i l e' =>@i s_f i l e($fi l ename) , ' i s_di r ' =>@i s_di r ( $f i l ename) , ' i s_l i nk' =>@i s_l i nk($f i l ename) , ' i s_r eadabl e' => @i s_r eadabl e( $f i l ename), ' i s_wri t abl e' => @i s_wr i t abl e( $f i l ename) ) ,

' owner ' =>arr ay( ' f i l eowner' =>$ss[' ui d' ] , ' f i l egroup' =>$ss[' gi d' ] , ' owner_name' =>( f unct i on_exi st s( ' posi x_get pwui d' ) ) ? @r eset ( @posi x_get pwui d( $ss[ ' ui d' ] ) ) : ' ' , ' gr oup_name' =>( f uncti on_exi st s( ' posi x_get gr gi d' ) ) ? @r eset ( @posi x_get gr gi d( $ss[ ' gi d' ] ) ) : ' ' ) ,

' f i l e' =>arr ay( ' f i l ename' =>$f i l ename, ' r eal path' =>( @r eal path($f i l ename) ! = $f i l ename) ? @r eal path( $f i l ename) : ' ' , ' di r name' =>@di r name( $f i l ename) , ' basename' =>@basename( $f i l ename) ) ,

' devi ce' =>arr ay( ' devi ce' =>$ss[ ' dev' ] , / / Devi ce ' devi ce_number ' =>$ss[ ' r dev' ] , / / Devi ce number, i f devi ce.

' i node' =>$ss[' i no' ] , / / Fi l e seri al number ' l i nk_count ' =>$ss[ ' nl i nk' ] , / / l i nk count ' l i nk_to' =>( $s[' t ype' ] ==' l i nk' ) ? @r eadl i nk($f i l ename) : ' ' ) ,

' si ze' =>arr ay( ' s i ze' =>$ss[ ' s i ze' ] , / / Si ze of f i l e, i n bytes. ' bl ocks' =>$ss[ ' bl ocks' ] , / / Number 512- byte bl ocks al l ocated ' bl ock_si ze' => $ss[ ' bl ks i ze' ] ) , / / Opt i mal bl ock s i ze f or I / O.

' t i me' =>arr ay( ' mt i me' =>$ss[ ' mt i me' ] , / / Ti me of l ast modi f i cat i on ' at i me' =>$ss[ ' at i me' ] , / / Ti me of l ast access. ' cti me' =>$ss[ ' cti me' ] , / / Ti me of l ast st atus change ' accessed' =>@dat e( ' Y M D H: i : s' , $ss[ ' ati me' ] ) , ' modi f i ed' =>@dat e( ' Y M D H: i : s' , $ss[ ' mt i me' ] ) , ' creat ed' =>@dat e( ' Y M D H: i : s' , $ss[' cti me' ] ) ) , ) ;

cl earst at cache( ) ; r et ur n $s;}

PHP Stat Function Output ^

Example output, say from pr i nt _r ( askapache_st at ( __FI LE__ ) ) ;


37 03/03/2015 23:27


5/37

Ar r ay([ per ms] => Ar r ay ( [ umask] => 0022 [ human] => - r w- r - - r - - [ octal 1] => 644 [ oct al 2] => 0644 [ deci mal ] => 100644 [ f i l eper ms] => 33188 [ mode1] => 33188 [ mode2] => 33188 )

[ f i l etype] => Arr ay ( [ t ype] => f i l e [ t ype_oct al ] => 0100000 [ i s _f i l e] => 1 [ i s_di r] => [ i s_l i nk] => [ i s_r eadabl e] => 1 [ i s_wri t abl e] => 1 )

[ owner] => Ar r ay ( [ f i l eowner ] => 035483 [ f i l egr oup] => 23472 [ owner_name] => askapache [ group_name] => grp22558 )

[ f i l e] => Arr ay ( [ f i l ename] => / web/ askapache/ askapache-st at/ publ i c_ht ml / ok/ g. php [ r eal path] => [ di r name] => / web/ askapache/ askapache- st at / publ i c_html / ok [ basename] => g. php )

[ devi ce] => Ar r ay ( [ devi ce] => 25 [ devi ce_number ] => 0 [ i node] => 92455020 [ l i nk_count ] => 1 [ l i nk_to] =>

)

[ si ze] => Arr ay ( [ si ze] => 2652 [ bl ocks] => 8 [ bl ock_si ze] => 8192 )

[ t i me] => Ar r ay ( [ mt i me] => 1227685253 [ at i me] => 1227685138 [ ct i me] => 1227685253 [ accessed] => 2008 Nov Tue 23: 38: 58 [ modi f i ed] => 2008 Nov Tue 23: 40: 53 [ cr eat ed] => 2008 Nov Tue 23: 40: 53 )

)

Every Permission 0000 to 0777^


37 03/03/2015 23:27


6/37

(http://uploads.askapache.com/2008/11/danger-chmod-

screenshot.png) This shows what each numeric permission does to a REGULAR file. I'll provide the code to do this below so you

can do the same thing on your server.


37 03/03/2015 23:27


7/37

chmod 0- - - - - - - - - -

chmod 1- - - - - - - - - x

chmod 2- - - - - - - - w-

chmod 3- - - - - - - - wx

chmod 4- - - - - - - r - -

chmod 5- - - - - - - r - x

chmod 6- - - - - - - r w-

chmod 7- - - - - - - r wx

chmod 10- - - - - - x- - -

chmod 11- - - - - - x- - x

chmod 12- - - - - - x-w-

chmod 13- - - - - - x-wx

chmod 14- - - - - - xr - -

chmod 15- - - - - - xr - x

chmod 16- - - - - - xrw-

chmod 17- - - - - - xrwx

chmod 20- - - - - w- - - -

chmod 21- - - - - w- - - x

chmod 22- - - - - w- - w-

chmod 23- - - - - w- - wx

chmod 24- - - - - w- r - -

chmod 25- - - - - w- r - x

chmod 26- - - - - w- rw-

chmod 27- - - - - w- rwx

chmod 30- - - - -wx- - -

chmod 31- - - - -wx- - x

chmod 32- - - - - wx- w-

chmod 33- - - - - wx- wx

chmod 34- - - - -wxr - -

chmod 35- - - - -wxr - x

chmod 36- - - - - wxrw-

chmod 37- - - - - wxrwx

chmod 40- - - - r - - - - -

chmod 41- - - - r - - - - x

chmod 42- - - - r - - - w-

chmod 43- - - - r - - - wx


37 03/03/2015 23:27


8/37

chmod 44- - - - r - - r - -

chmod 45- - - - r - - r - x

chmod 46- - - - r - - r w-

chmod 47- - - - r - - r wx

chmod 50- - - - r - x- - -

chmod 51- - - - r - x- - x

chmod 52- - - - r - x-w-

chmod 53- - - - r - x-wx

chmod 54- - - - r - x r - -

chmod 55- - - - r - x r - x

chmod 56- - - - r - xrw-

chmod 57- - - - r - xrwx

chmod 60- - - - r w- - - -

chmod 61- - - - r w- - - x

chmod 62- - - - rw- - w-

chmod 63- - - - rw- - wx

chmod 64- - - - r w- r - -

chmod 65- - - - r w- r - x

chmod 66- - - - rw- rw-

chmod 67- - - - rw- rwx

chmod 70- - - - rwx- - -

chmod 71- - - - rwx- - x

chmod 72- - - - rwx- w-

chmod 73- - - - rwx- wx

chmod 74- - - - rwxr - -

chmod 75- - - - rwxr - x

chmod 76- - - - r wxr w-

chmod 77- - - - r wxr wx

chmod 100- - - x - - - - - -

chmod 101- - - x - - - - - x

chmod 102- - - x- - - - w-

chmod 103- - - x- - - - wx

chmod 104- - - x - - - r - -

chmod 105- - - x - - - r - x

chmod 106- - - x- - - r w-

chmod 107- - - x- - - r wx


37 03/03/2015 23:27


9/37

chmod 110- - - x - - x - - -

chmod 111- - - x - - x - - x

chmod 112- - - x- - x- w-

chmod 113- - - x- - x- wx

chmod 114- - - x - - x r - -

chmod 115- - - x - - x r - x

chmod 116- - - x- - xrw-

chmod 117- - - x- - xrwx

chmod 120- - - x-w- - - -

chmod 121- - - x-w- - - x

chmod 122- - - x- w- - w-

chmod 123- - - x- w- - wx

chmod 124- - - x-w- r - -

chmod 125- - - x-w- r - x

chmod 126- - - x- w- rw-

chmod 127- - - x- w- rwx

chmod 130- - - x- wx- - -

chmod 131- - - x- wx- - x

chmod 132- - - x- wx-w-

chmod 133- - - x- wx-wx

chmod 134- - - x- wxr- -

chmod 135- - - x- wxr- x

chmod 136- - - x- wxrw-

chmod 137- - - x- wxrwx

chmod 140- - - x r - - - - -

chmod 141- - - x r - - - - x

chmod 142- - - xr - - - w-

chmod 143- - - xr - - - wx

chmod 144- - - x r - - r - -

chmod 145- - - x r - - r - x

chmod 146- - - xr - - r w-

chmod 147- - - xr - - r wx

chmod 150- - - x r - x - - -

chmod 151- - - x r - x - - x

chmod 152- - - xr- x- w-

chmod 153- - - xr- x- wx


37 03/03/2015 23:27


10/37

chmod 154- - - x r - x r - -

chmod 155- - - x r - x r - x

chmod 156- - - xr- xrw-

chmod 157- - - xr- xrwx

chmod 160- - - xrw- - - -

chmod 161- - - xrw- - - x

chmod 162- - - xrw- - w-

chmod 163- - - xrw- - wx

chmod 164- - - xrw- r - -

chmod 165- - - xrw- r - x

chmod 166- - - xrw- r w-

chmod 167- - - xrw- r wx

chmod 170- - - xrwx- - -

chmod 171- - - xrwx- - x

chmod 172- - - xrwx-w-

chmod 173- - - xrwx-wx

chmod 174- - - xrwxr- -

chmod 175- - - xrwxr- x

chmod 176- - - xrwxrw-

chmod 177- - - xrwxrwx

chmod 200- - w- - - - - - -

chmod 201- - w- - - - - - x

chmod 202- - w- - - - - w-

chmod 203- - w- - - - - wx

chmod 204- - w- - - - r - -

chmod 205- - w- - - - r - x

chmod 206- - w- - - - rw-

chmod 207- - w- - - - rwx

chmod 210- -w- - - x- - -

chmod 211- -w- - - x- - x

chmod 212- - w- - - x- w-

chmod 213- - w- - - x- wx

chmod 214- -w- - - xr - -

chmod 215- -w- - - xr - x

chmod 216- - w- - - xrw-

chmod 217- - w- - - xrwx


di 37 03/03/2015 23:27


11/37

chmod 220- - w- - w- - - -

chmod 221- - w- - w- - - x

chmod 222- - w- - w- - w-

chmod 223- - w- - w- - wx

chmod 224- - w- - w- r- -

chmod 225- - w- - w- r- x

chmod 226- - w- - w- r w-

chmod 227- - w- - w- r wx

chmod 230- - w- - wx- - -

chmod 231- - w- - wx- - x

chmod 232- - w- - wx- w-

chmod 233- - w- - wx- wx

chmod 234- - w- - wxr- -

chmod 235- - w- - wxr- x

chmod 236- - w- - wxrw-

chmod 237- - w- - wxrwx

chmod 240- - w- r - - - - -

chmod 241- - w- r - - - - x

chmod 242- - w- r- - - w-

chmod 243- - w- r- - - wx

chmod 244- - w- r - - r - -

chmod 245- - w- r - - r - x

chmod 246- - w- r- - rw-

chmod 247- - w- r- - rwx

chmod 250- -w- r - x- - -

chmod 251- -w- r - x- - x

chmod 252- - w- r- x- w-

chmod 253- - w- r- x- wx

chmod 254- -w- r - xr - -

chmod 255- -w- r - xr - x

chmod 256- - w- r - xr w-

chmod 257- - w- r - xr wx

chmod 260- - w- rw- - - -

chmod 261- - w- rw- - - x

chmod 262- - w- r w- - w-

chmod 263- - w- r w- - wx


i 37 03/03/2015 23:27


12/37

chmod 264- - w- rw- r- -

chmod 265- - w- rw- r- x

chmod 266- - w- r w- r w-

chmod 267- - w- r w- r wx

chmod 270- - w- rwx- - -

chmod 271- - w- rwx- - x

chmod 272- - w- r wx- w-

chmod 273- - w- r wx- wx

chmod 274- - w- r wxr - -

chmod 275- - w- r wxr - x

chmod 276- - w- r wxrw-

chmod 277- - w- r wxrwx

chmod 300- -wx- - - - - -

chmod 301- -wx- - - - - x

chmod 302- - wx- - - - w-

chmod 303- - wx- - - - wx

chmod 304- -wx- - - r - -

chmod 305- -wx- - - r - x

chmod 306- - wx- - - rw-

chmod 307- - wx- - - rwx

chmod 310- - wx- - x- - -

chmod 311- - wx- - x- - x

chmod 312- - wx- - x-w-

chmod 313- - wx- - x-wx

chmod 314- - wx- - xr- -

chmod 315- - wx- - xr- x

chmod 316- - wx- - xrw-

chmod 317- - wx- - xrwx

chmod 320- - wx- w- - - -

chmod 321- - wx- w- - - x

chmod 322- - wx- w- - w-

chmod 323- - wx- w- - wx

chmod 324- - wx- w- r- -

chmod 325- - wx- w- r- x

chmod 326- - wx- w- r w-

chmod 327- - wx- w- r wx


di 37 03/03/2015 23:27


13/37

chmod 330- - wx- wx-- -

chmod 331- - wx- wx-- x

chmod 332- - wx- wx- w-

chmod 333- - wx- wx- wx

chmod 334- - wx- wxr- -

chmod 335- - wx- wxr- x

chmod 336- - wx- wxrw-

chmod 337- - wx- wxrwx

chmod 340- -wxr - - - - -

chmod 341- -wxr - - - - x

chmod 342- - wxr- - - w-

chmod 343- - wxr- - - wx

chmod 344- -wxr - - r - -

chmod 345- -wxr - - r - x

chmod 346- - wxr- - r w-

chmod 347- - wxr- - r wx

chmod 350- - wxr- x- - -

chmod 351- - wxr- x- - x

chmod 352- - wxr- x-w-

chmod 353- - wxr- x-wx

chmod 354- - wxr- xr- -

chmod 355- - wxr- xr- x

chmod 356- - wxr- xrw-

chmod 357- - wxr- xrwx

chmod 360- - wxrw- - - -

chmod 361- - wxrw- - - x

chmod 362- - wxrw- - w-

chmod 363- - wxrw- - wx

chmod 364- - wxrw- r - -

chmod 365- - wxrw- r - x

chmod 366- - wxrw- r w-

chmod 367- - wxrw- r wx

chmod 370- - wxrwx-- -

chmod 371- - wxrwx-- x

chmod 372- - wxr wx- w-

chmod 373- - wxr wx- wx


di 37 03/03/2015 23:27


14/37

chmod 374- - wxrwxr- -

chmod 375- - wxrwxr- x

chmod 376- - wxr wxr w-

chmod 377- - wxr wxr wx

chmod 400- r - - - - - - - -

chmod 401- r - - - - - - - x

chmod 402- r - - - - - - w-

chmod 403- r - - - - - - wx

chmod 404- r - - - - - r - -

chmod 405- r - - - - - r - x

chmod 406- r - - - - - r w-

chmod 407- r - - - - - r wx

chmod 410- r - - - - x- - -

chmod 411- r - - - - x- - x

chmod 412- r - - - - x-w-

chmod 413- r - - - - x-wx

chmod 414- r - - - - x r - -

chmod 415- r - - - - x r - x

chmod 416- r - - - - xrw-

chmod 417- r - - - - xrwx

chmod 420- r - - - w- - - -

chmod 421- r - - - w- - - x

chmod 422- r- - - w- - w-

chmod 423- r- - - w- - wx

chmod 424- r - - - w- r - -

chmod 425- r - - - w- r - x

chmod 426- r- - - w- rw-

chmod 427- r- - - w- rwx

chmod 430- r - - -wx- - -

chmod 431- r - - -wx- - x

chmod 432- r- - - wx- w-

chmod 433- r- - - wx- wx

chmod 434- r - - -wxr - -

chmod 435- r - - -wxr - x

chmod 436- r - - - wxr w-

chmod 437- r - - - wxr wx


di 37 03/03/2015 23:27


15/37

chmod 440- r - - r - - - - -

chmod 441- r - - r - - - - x

chmod 442- r - - r - - - w-

chmod 443- r - - r - - - wx

chmod 444- r - - r - - r - -

chmod 445- r - - r - - r - x

chmod 446- r - - r - - r w-

chmod 447- r - - r - - r wx

chmod 450- r - - r - x - - -

chmod 451- r - - r - x - - x

chmod 452- r - - r - x-w-

chmod 453- r - - r - x-wx

chmod 454- r - - r - x r - -

chmod 455- r - - r - x r - x

chmod 456- r - - r - xrw-

chmod 457- r - - r - xrwx

chmod 460- r - - r w- - - -

chmod 461- r - - r w- - - x

chmod 462- r- - rw- - w-

chmod 463- r- - rw- - wx

chmod 464- r - - r w- r - -

chmod 465- r - - r w- r - x

chmod 466- r- - rw- rw-

chmod 467- r- - rw- rwx

chmod 470- r - - rwx- - -

chmod 471- r - - rwx- - x

chmod 472- r - - r wx- w-

chmod 473- r - - r wx- wx

chmod 474- r - - rwxr - -

chmod 475- r - - rwxr - x

chmod 476- r - - r wxr w-

chmod 477- r - - r wxr wx

chmod 500- r - x - - - - - -

chmod 501- r - x - - - - - x

chmod 502- r - x- - - - w-

chmod 503- r - x- - - - wx


di 37 03/03/2015 23:27


16/37

chmod 504- r - x - - - r - -

chmod 505- r - x - - - r - x

chmod 506- r - x- - - r w-

chmod 507- r - x- - - r wx

chmod 510- r - x - - x - - -

chmod 511- r - x - - x - - x

chmod 512- r- x- - x- w-

chmod 513- r- x- - x- wx

chmod 514- r - x - - x r - -

chmod 515- r - x - - x r - x

chmod 516- r- x- - xrw-

chmod 517- r- x- - xrwx

chmod 520- r - x-w- - - -

chmod 521- r - x-w- - - x

chmod 522- r- x- w- - w-

chmod 523- r- x- w- - wx

chmod 524- r - x-w- r - -

chmod 525- r - x-w- r - x

chmod 526- r - x-w- r w-

chmod 527- r - x-w- r wx

chmod 530- r- x- wx- - -

chmod 531- r- x- wx- - x

chmod 532- r - x- wx-w-

chmod 533- r - x- wx-wx

chmod 534- r- x- wxr- -

chmod 535- r- x- wxr- x

chmod 536- r - x- wxrw-

chmod 537- r - x- wxrwx

chmod 540- r - x r - - - - -

chmod 541- r - x r - - - - x

chmod 542- r - xr - - - w-

chmod 543- r - xr - - - wx

chmod 544- r - x r - - r - -

chmod 545- r - x r - - r - x

chmod 546- r - xr - - rw-

chmod 547- r - xr - - rwx


di 37 03/03/2015 23:27


17/37

chmod 550- r - x r - x - - -

chmod 551- r - x r - x - - x

chmod 552- r- xr- x- w-

chmod 553- r- xr- x- wx

chmod 554- r - x r - x r - -

chmod 555- r - x r - x r - x

chmod 556- r- xr- xrw-

chmod 557- r- xr- xrwx

chmod 560- r - xrw- - - -

chmod 561- r - xrw- - - x

chmod 562- r - xrw- - w-

chmod 563- r - xrw- - wx

chmod 564- r - xrw- r - -

chmod 565- r - xrw- r - x

chmod 566- r - xrw- r w-

chmod 567- r - xrw- r wx

chmod 570- r- xrwx- - -

chmod 571- r- xrwx- - x

chmod 572- r - xrwx-w-

chmod 573- r - xrwx-wx

chmod 574- r- xrwxr- -

chmod 575- r- xrwxr- x

chmod 576- r - xrwxrw-

chmod 577- r - xrwxrwx

chmod 600- r w- - - - - - -

chmod 601- r w- - - - - - x

chmod 602- rw- - - - - w-

chmod 603- rw- - - - - wx

chmod 604- r w- - - - r - -

chmod 605- r w- - - - r - x

chmod 606- rw- - - - rw-

chmod 607- rw- - - - rwx

chmod 610- rw- - - x- - -

chmod 611- rw- - - x- - x

chmod 612- rw- - - x- w-

chmod 613- rw- - - x- wx


di 37 03/03/2015 23:27


18/37

chmod 614- rw- - - xr - -

chmod 615- rw- - - xr - x

chmod 616- r w- - - xr w-

chmod 617- r w- - - xr wx

chmod 620- rw- - w- - - -

chmod 621- rw- - w- - - x

chmod 622- r w- - w- - w-

chmod 623- r w- - w- - wx

chmod 624- rw- - w- r- -

chmod 625- rw- - w- r- x

chmod 626- r w- - w- r w-

chmod 627- r w- - w- r wx

chmod 630- rw- - wx- - -

chmod 631- rw- - wx- - x

chmod 632- r w- - wx- w-

chmod 633- r w- - wx- wx

chmod 634- r w- - wxr - -

chmod 635- r w- - wxr - x

chmod 636- r w- - wxrw-

chmod 637- r w- - wxrwx

chmod 640- r w- r - - - - -

chmod 641- r w- r - - - - x

chmod 642- rw- r- - - w-

chmod 643- rw- r- - - wx

chmod 644- r w- r - - r - -

chmod 645- r w- r - - r - x

chmod 646- rw- r- - rw-

chmod 647- rw- r- - rwx

chmod 650- rw- r - x- - -

chmod 651- rw- r - x- - x

chmod 652- r w- r - x- w-

chmod 653- r w- r - x- wx

chmod 654- rw- r - xr - -

chmod 655- rw- r - xr - x

chmod 656- r w- r - xr w-

chmod 657- r w- r - xr wx


di 37 03/03/2015 23:27


19/37

chmod 660- rw- rw- - - -

chmod 661- rw- rw- - - x

chmod 662- r w- r w- - w-

chmod 663- r w- r w- - wx

chmod 664- rw- rw- r- -

chmod 665- rw- rw- r- x

chmod 666- r w- r w- r w-

chmod 667- r w- r w- r wx

chmod 670- r w- r wx- - -

chmod 671- r w- r wx- - x

chmod 672- r w- r wx- w-

chmod 673- r w- r wx- wx

chmod 674- r w- r wxr - -

chmod 675- r w- r wxr - x

chmod 676- r w- r wxrw-

chmod 677- r w- r wxrwx

chmod 700- rwx- - - - - -

chmod 701- rwx- - - - - x

chmod 702- rwx- - - - w-

chmod 703- rwx- - - - wx

chmod 704- rwx- - - r - -

chmod 705- rwx- - - r - x

chmod 706- r wx-- - r w-

chmod 707- r wx-- - r wx

chmod 710- rwx- - x- - -

chmod 711- rwx- - x- - x

chmod 712- r wx- - x-w-

chmod 713- r wx- - x-wx

chmod 714- rwx- - xr- -

chmod 715- rwx- - xr- x

chmod 716- r wx- - xrw-

chmod 717- r wx- - xrwx

chmod 720- rwx- w- - - -

chmod 721- rwx- w- - - x

chmod 722- r wx- w- - w-

chmod 723- r wx- w- - wx


di 37 03/03/2015 23:27


20/37


21/37

chmod 770- r wxrwx-- -

chmod 771- r wxrwx-- x

chmod 772- r wxr wx- w-

chmod 773- r wxr wx- wx

chmod 774- r wxrwxr- -

chmod 775- r wxrwxr- x

chmod 776- r wxr wxr w-

chmod 777- r wxr wxr wx

Congratulations!^

Here's my custom stat function, which I am definately not finished with, so check back in a couple days and if you find any

improvements please hook me up with a comment!

f unct i on askapache_stat ( $f i l ename ) {$p=@f i l eperms( $f i l ename) ;$s=@st at ( $f i l ename) ;$str =' ' ;$t=decoct ( $s[ ' mode' ] & 0170000) ;

swi t ch ( octdec($t) ) {case 0140000: $str = ' s' ; $stat[ ' t ype' ] =' socket ' ; break;case 0120000: $str = ' l ' ; $stat[ ' t ype' ] =' l i nk' ; break;case 0100000: $str = ' - ' ; $stat[ ' type' ]=' f i l e' ; break;case 0060000: $str = ' b' ; $stat[ ' t ype' ] =' bl ock' ; br eak;case 0040000: $str = ' d' ; $stat[ ' t ype' ] =' di r' ; br eak;case 0020000: $str = ' c' ; $stat[ ' t ype' ] =' char' ; break;case 0010000: $str = ' p' ; $stat[ ' t ype' ] =' f i f o' ; break;def aul t : $str = ' u' ; $stat[ ' t ype' ] =' unknown' ; break;}

$stat[ ' t ype_octal ' ] = spri nt f ( "%07o", octdec($t ) ) ;

$str . = ( ( $p&0x0100) ?' r' : ' - ' ) . ( ( $p&0x0080) ?' w' : ' - ' ) . ( ( $p&0x0040) ?(( $p&0x0800) ?' s' : ' x' ) : ( ( $p&0x0800) ?' S' :$str . = ( ( $p&0x0020) ?' r' : ' - ' ) . ( ( $p&0x0010) ?' w' : ' - ' ) . ( ( $p&0x0008) ?(( $p&0x0400) ?' s' : ' x' ) : ( ( $p&0x0400) ?' S' :$str . = ( ( $p&0x0004) ?' r' : ' - ' ) . ( ( $p&0x0002) ?' w' : ' - ' ) . ( ( $p&0x0001) ?(( $p&0x0200) ?' t ' : ' x' ) : ( ( $p&0x0200) ?' T' :

$st at[ ' def aul t _umask' ] =spr i nt f ( "%04o", umask( ) ) ;$st at [ ' per m_human' ] =$st r ;$st at [ ' per m_oct al 1' ] = spr i nt f ( "%o", ( $s[ ' mode' ] & 00777 ) ) ;$st at[ ' per m_octal 2' ] = spr i nt f ( "0%o", 0777 & $p) ;$st at [ ' per m_dec' ] = spr i nt f ( "%04o", $p) ;$st at [ ' per m_mode' ] =$s[ ' mode' ] ; / / Fi l e mode.

$stat[ ' f i l e' ] = @real pat h($fi l ename);$st at [ ' basename' ] = basename( $f i l ename ) ;

$s tat [ ' user_ i d' ] = $s [ ' ui d' ] ;

$stat [ ' group_ i d' ] = $s[ ' gi d' ] ;

$st at [ ' devi ce' ] =$s[ ' dev' ] ; / / Devi ce$st at [ ' devi ce_number ' ] =$s[ ' r dev' ] ; / / Devi ce number , i f devi ce.$st at [ ' i node' ] =$s[ ' i no' ] ; / / Fi l e ser i al number$st at [ ' l i nk_count ' ] =$s[ ' nl i nk' ] ; / / l i nk counti f ( $stat[ ' t ype' ] ==' l i nk' ) $stat[ ' l i nk_t o' ] =@readl i nk( $f i l ename ) ;

$st at [ ' si ze' ] =$s[ ' si ze' ] ; / / Si ze of f i l e, i n byt es.$s t at [ ' bl ock_ si z e' ] =$s[ ' bl ksi ze' ] ; / / Opt i mal bl ock si z e f or I / O.$stat[ ' bl ocks' ]=$s[ ' bl ocks' ] ; / / Number 512- byt e bl ocks al l ocat ed

$s t at [ ' t i me_ access ' ] =@dat e( ' Y M D H: i : s ' , $s[ ' at i me' ] ) ; / / Ti me of l ast access.$st at [ ' t i me_modi f i ed' ] =@dat e( ' Y M D H: i : s' , $s[ ' mt i me' ] ) ; / / Ti me of l ast modi f i cat i on$st at [ ' t i me_cr eat ed' ] =@dat e( ' Y M D H: i : s ' , $s[ ' ct i me' ] ) ; / / Ti me of l ast st at us change

cl ear st at cache( ) ;r et ur n $st at ;}

header ( ' Cont ent - Type: t ext/ pl ai n' ) ;$st at=askapache_st at( __FI LE__) ;pr i nt_ r ($stat ) ;


di 37 03/03/2015 23:27


22/37

Defining Permission Bits^

!def i ned( ' S_ I FMT' ) && def i ne( ' S_ I FMT' , 0170000) ; / / mask f or al l types! def i ned( ' S_I FSOCK' ) && def i ne( ' S_I FSOCK' , 0140000) ; / / t ype: socket!def i ned( ' S_ I FLNK' ) && def i ne( ' S_ I FLNK' , 0120000) ; / / type: symbol i c l i nk!def i ned( ' S_ I FREG' ) && def i ne( ' S_ I FREG' , 0100000) ; / / type: regul ar f i l e!def i ned( ' S_ I FBLK' ) && def i ne( ' S_ I FBLK' , 0060000) ; / / type: bl ock devi ce!def i ned( ' S_ I FDI R' ) && def i ne( ' S_ I FDI R' , 0040000) ; / / t ype: di rectory!def i ned( ' S_ I FCHR' ) && def i ne( ' S_ I FCHR' , 0020000) ; / / type: charact er devi ce!def i ned( ' S_ I FI FO' ) && def i ne( ' S_ I F I FO' , 0010000) ; / / t ype: f i f o

! def i ned( ' S_I SUI D' ) && def i ne( ' S_I SUI D' , 0004000) ; / / set - ui d bi t! def i ned( ' S_I SGI D' ) && def i ne( ' S_I SGI D' , 0002000) ; / / set - gi d bi t! def i ned( ' S_I SVTX' ) && def i ne( ' S_I SVTX' , 0001000) ; / / st i cky bi t! def i ned( ' S_I RWXU' ) && def i ne( ' S_I RWXU' , 00700) ; / / mask f or owner permi ssi ons!def i ned( ' S_ I RUSR' ) && def i ne( ' S_ I RUSR' , 00400); / / owner: read permi ssi on! def i ned( ' S_I WUSR' ) && def i ne( ' S_I WUSR' , 00200) ; / / owner: wr i t e permi ssi on! def i ned( ' S_I XUSR' ) && def i ne( ' S_I XUSR' , 00100) ; / / owner: execut e permi ssi on! def i ned( ' S_I RWXG' ) && def i ne( ' S_I RWXG' , 00070) ; / / mask f or group permi ssi ons!def i ned( ' S_ I RGRP' ) && def i ne( ' S_ I RGRP' , 00040); / / group: read permi ssi on!def i ned( ' S_ I WGRP' ) && def i ne( ' S_ I WGRP' , 00020); / / group: wri te permi ssi on!def i ned( ' S_ I XGRP' ) && def i ne( ' S_ I XGRP' , 00010); / / group: execute permi ssi on! def i ned( ' S_I RWXO' ) && def i ne( ' S_I RWXO' , 00007) ; / / mask f or ot hers permi ssi ons!def i ned( ' S_ I ROTH' ) && def i ne( ' S_ I ROTH' , 00004); / / others: read permi ssi on!def i ned( ' S_ I WOTH' ) && def i ne( ' S_ I WOTH' , 00002); / / others: wri t e permi ssi on!def i ned( ' S_ I XOTH' ) && def i ne( ' S_ I XOTH' , 00001); / / others: execute permi ssi on

! def i ned( ' S_I RWXUGO' ) && def i ne( ' S_I RWXUGO' , ( S_I RWXU | S_I RWXG | S_I RWXO) ) ;! def i ned( ' S_I ALLUGO' ) && def i ne(' S_I ALLUGO' , ( S_I SUI D | S_I SGI D | S_I SVTX | S_I RWXUGO) ) ;! def i ned( ' S_I RUGO' ) && def i ne(' S_I RUGO' , ( S_I RUSR | S_I RGRP | S_I ROTH) ) ;! def i ned(' S_I WUGO' ) && def i ne( ' S_I WUGO' , ( S_I WUSR | S_I WGRP | S_I WOTH) ) ;! def i ned( ' S_I XUGO' ) && def i ne(' S_I XUGO' , ( S_I XUSR | S_I XGRP | S_I XOTH) ) ;! def i ned(' S_I RWUGO' ) && def i ne( ' S_I RWUGO' , ( S_I RUGO | S_I WUGO) ) ;

How File Permissions Work^

When PHP is installed on your server by you or whoever runs the server, it uses the file permissions that are used by the Operating

System running the server.. If you are smart or just lucky than you are running some type of BSD/Unix/Solaris/Linux/Sun based

Operating system and PHP won't have any problems. If you are running on a Locked, proprietary OS like Windows, PHP will still

work but it has to use a lot of shortcuts and hacks to basically "Pretend" to act like the OS is BSD/Unix, and some key features just

won't be available.

The OS Permission Bits^

Here's the file permissions my Linux server uses, and which PHP automatically uses. The code basically just defines the default

permissions for files, and defines the file atributes for each file that you can access by using the stat function, which I've improved

upon to make things easier.

Download: POSIX Standard: 5.6 File Characteristics sys/st at . h (http://uploads.askapache.com/2008/11/stat.h)

Protection bits for File Owner^

#def i ne S_I RWXU 00700#def i ne S_I RUSR 00400#def i ne S_I WUSR 00200#def i ne S_I XUSR 00100

Protection bits for File Group^

#def i ne S_I RWXG 00070#def i ne S_I RGRP 00040#def i ne S_I WGRP 00020#def i ne S_I XGRP 00010

Protection bits for All Others^


di 37 03/03/2015 23:27


23/37

#def i ne S_I RWXO 00007#def i ne S_I ROTH 00004#def i ne S_I WOTH 00002#def i ne S_I XOTH 00001

Some Example Permissions^

0477 // owner has read only, other and group has rwx 0677 // owner has rw only, other and group has rwx

0444 // all have read only 0666 // all have rw only

0400 // owner has read only, group and others have no permission 0600 // owner has rw only, group and others have no

permission

0470 // owner has read only, group has rwx, others have no permission 0407 // owner has read only, other has rwx, group has

no permission

0670 // owner has rw only, group has rwx, others have no permission 0607 // owner has rw only, group has no permission and

others have rwx

What's a File^

A file is not merely its contents, a name, and a file type. A file also has an owner (a user ID), a group (a group ID), permissions

(what the owner can do with the file, what people in the group can do, and what everyone else can do), various timestamps, and

other information. Collectively, we call these a file's attributes.

Structure of File Mode Bits^

The file mode bits have two parts: the file permission bits, which control ordinary access to the file, and special mode bits, which

affect only some files.

There are three kinds of permissions that a user can have for a file:

permission to read the file. For directories, this means permission to list the contents of the directory.permission to write to (change) the file. For directories, this means permission to create and remove files in the directory.permission to execute the file (run it as a program). For directories, this means permission to access files in the directory.

There are three categories of users who may have different permissions to perform any of the above operations on a file:

the file's owner.other users who are in the file's groupeveryone else.

Files are given an owner and group when they are created. Usually the owner is the current user and the group is the group of the

directory the file is in, but this varies with the operating system, the file system the file is created on, and the way the file is created.

You can change the owner and group of a file by using the chownand chgrpcommands.

In addition to the three sets of three permissions listed above, the file mode bits have three special components, which affect only

executable files (programs) and, on most systems, directories:

Set the process's effective user ID to that of the file upon execution (called the set-user-ID bit, or sometimes the setuid bit). Fordirectories on a few systems, give files created in the directory the same owner as the directory, no matter who creates them, andset the set-user-ID bit of newly-created subdirectories.Set the process's effective group ID to that of the file upon execution (called the set-group-ID bit, or sometimes the setgid bit). Fordirectories on most systems, give files created in the directory the same group as the directory, no matter what group the user whocreates them is in, and set the set-group-ID bit of newly-created subdirectories.Prevent unprivileged users from removing or renaming a file in a directory unless they own the file or the directory; this is called therestricted deletion flag for the directory, and is commonly found on world-writable directories like /tmp.

For regular files on some older systems, save the program's text image on the swap device so it will load more quickly when run;

this is called the st i cky bi t .

Setting Permissions^

The basic symbolic operations on a file's permissions are adding, removing, and setting the permission that certain users have to


di 37 03/03/2015 23:27


24/37

read, write, and execute or search the file. These operations have the following format:

users oper at i on per mi ssi ons

The spaces between the three parts above are shown for readability only; symbolic modes cannot contain spaces. The users part

tells which users' access to the file is changed. It consists of one or more of the following letters (or it can be empty). When more

than one of these letters is given, the order that they are in does not matter.

u- the user who owns the file.

g- other users who are in the file's group.o- all other users.a- all users; the same as ugo.

The operation part tells how to change the affected users' access to the file, and is one of the following symbols:

+- to add the permissions to whatever permissions the users already have for the file.-- to remove the permissions from whatever permissions the users already have for the file.=- to make the permissions the only permissions that the users have for the file.

The permissions part tells what kind of access to the file should be changed; it is normally zero or more of the following letters. As

with the users part, the order does not matter when more than one letter is given. Omitting the permissions part is useful only with

the = operation, where it gives the specified users no access at all to the file.

r- the permission the users have to read the file.w- the permission the users have to write to the file.

x- the permission the users have to execute the file, or search it if it is a directory.For example, to give everyone permission to read and write a regular file, but not to execute it, use:

a=r w

To remove write permission for all users other than the file's owner, use:

go- w

The above command does not affect the access that the owner of the file has to it, nor does it affect whether other users can read

or execute the file.

To give everyone except a file's owner no permission to do anything with that file, use the mode below. Other users could stillremove the file, if they have write permission on the directory it is in.

go=

Another way to specify the same thing is:

og- r wx

Copying Existing Permissions^

You can base a file's permissions on its existing permissions. To do this, instead of using a series of r, w, or xletters after the

operator, you use the letter u, g, or o. For example, the mode

o+g

adds the permissions for users who are in a file's group to the permissions that other users have for the file. Thus, if the file started

out as mode 664 (rw-rw-r--), the above mode would change it to mode 666 (rw-rw-rw-). If the file had started out as mode 741

(rwxr----x), the above mode would change it to mode 745 (rwxr--r-x). The - and = operations work analogously.

Umask and Protection^

If the users part of a symbolic mode is omitted, it defaults to a (affect all users), except that any permissions that are set in the

system variable umask are not affected. The value of umask can be set using the umask command. Its default value varies from

system to system.


di 37 03/03/2015 23:27


25/37

Omitting the users part of a symbolic mode is generally not useful with operations other than +. It is useful with + because it allows

you to use umask as an easily customizable protection against giving away more permission to files than you intended to. As an

example, if umask has the value 2, which removes write permission for users who are not in the file's group, then the mode:

+w

adds permission to write to the file to its owner and to other users who are in the file's group, but not to other users. In contrast, the

mode:

a+w

ignores umask, and does give write permission for the file to all users.

Directories, Set-User-ID and Set-Group-ID Bits^

On most systems, if a directory's set-group-ID bit is set, newly created subfiles inherit the same group as the directory, and newly

created subdirectories inherit the set-group-ID bit of the parent directory. On a few systems, a directory's set-user-ID bit has a

similar effect on the ownership of new subfiles and the set-user-ID bits of new subdirectories. These mechanisms let users share

files more easily, by lessening the need to use chmod or chown to share new files.

These convenience mechanisms rely on the set-user-ID and set-group-ID bits of directories. If commands like chmod and mkdir

routinely cleared these bits on directories, the mechanisms would be less convenient and it would be harder to share files.

Therefore, a command like chmod does not affect the set-user-ID or set-group-ID bits of a directory unless the user specifically

mentions them in a symbolic mode, or sets them in a numeric mode. For example, on systems that support set-group-ID

inheritance:

# These commands l eave t he set - user - I D and# set - gr oup- I D bi t s of t he subdi r ector i es al one,# so t hat t hey r et ai n t hei r def aul t val ues.mkdi r A B Cchmod 755 Achmod 0755 Bchmod u=r wx, go=r x C

mkdi r - m 755 Dmkdi r - m 0755 Emkdi r - m u=r wx, go=r x F

If you want to try to set these bits, you must mention them explicitly in the symbolic or numeric modes, e.g.:

# These commands t r y t o set t he set - user - I D# and set - gr oup- I D bi t s of t he subdi r ectori es.mkdi r G Hchmod 6755 Gchmod u=r wx, go=r x, a+s Hmkdi r - m 6755 Imkdi r - m u=r wx, go=r x, a+s J

If you want to try to clear these bits, you must mention them explicitly in a symbolic mode, e.g.:

# Thi s command t r i es t o cl ear t he set- user- I D# and set - gr oup- I D bi t s of t he di r ectory D.chmod a- s D

Numeric Modes^

The permissions granted to the user, to other users in the file's group, and to other users not in the file's group each require three

bits, which are represented as one octal digit. The three special mode bits also require one bit each, and they are as a group

represented as another octal digit. Here is how the bits are arranged, starting with the lowest valued bit:

Other users not in the file's group: ^


di 37 03/03/2015 23:27


26/37

1 Execut e/ search2 Wr i t e4 Read

Other users in the file's group:^


The file's owner:^


Special mode bi ts:^

1000 Rest r i cted del et i on f l ag or st i cky bi t2000 Set group I D on execut i on4000 Set user I D on execut i on

For example, numeric mode 4755 corresponds to symbolic mode u=r wxs, go=r x , and numeric m ode 664 corresponds to

symbolic mode ug=r w, o=r . Numeric mode 0 corresponds to symbolic mode a= .

Apache's Internal Bits (hex)^

#def i ne APR_FPROT_USETI D 0x8000 / * Set user i d */#def i ne APR_FPROT_UREAD 0x0400 / * Read by user */#def i ne APR_FPROT_UWRI TE 0x0200 / * Wr i t e by user */

#def i ne APR_FPROT_UEXECUTE 0x0100 / * Execute by user */

#def i ne APR_FPROT_GSETI D 0x4000 / * Set group i d */#def i ne APR_FPROT_GREAD 0x0040 / * Read by gr oup */#def i ne APR_FPROT_GWRI TE 0x0020 / * Wr i t e by group */#def i ne APR_FPROT_GEXECUTE 0x0010 / * Execut e by gr oup */

#def i ne APR_FPROT_WSTI CKY 0x2000 / * St i cky bi t */#def i ne APR_FPROT_WREAD 0x0004 / * Read by ot hers */#def i ne APR_FPROT_WWRI TE 0x0002 / * Wr i t e by ot hers * /#def i ne APR_FPROT_WEXECUTE 0x0001 / * Execute by ot hers */

#def i ne APR_FPROT_OS_DEFAULT 0x0FFF / * use OS' s def aul t per mi ssi ons */

/ * addi t i onal per mi ssi on f l ags f or apr _f i l e_copy and apr _f i l e_append */#def i ne APR_FPROT_FI LE_SOURCE_PERMS 0x1000 / * Copy sour ce f i l e' s permi ss i ons * /

Download: ht t pd- 2. 2. 10/ srcl i b/ apr / f i l e_ i o/ uni x/ f i l eacc. c (http://uploads.askapache.com/2008/11/fileacc.c) Here'ssome interesting bitmasking done by Apache that uses the defined bits set earlier by stat.h


di 37 03/03/2015 23:27


27/37

apr_uni x_per ms2mode(perms) { mode=0; i f ( per ms & APR_USETI D) mode | = S_I SUI D; i f ( perms & APR_UREAD) mode | = S_I RUSR; i f ( perms & APR_UWRI TE) mode | = S_I WUSR; i f ( perms & APR_UEXECUTE) mode | = S_I XUSR;

i f ( per ms & APR_GSETI D) mode | = S_I SGI D; i f ( perms & APR_GREAD) mode | = S_I RGRP; i f ( perms & APR_GWRI TE) mode | = S_I WGRP; i f ( perms & APR_GEXECUTE) mode | = S_I XGRP;

i f ( per ms & APR_WSTI CKY) mode | = S_I SVTX; i f ( perms & APR_WREAD) mode | = S_I ROTH; i f ( perms & APR_WWRI TE) mode | = S_I WOTH; i f ( perms & APR_WEXECUTE) mode | = S_I XOTH; r et urn mode;}

apr_uni x_mode2perms( mode){ per ms = 0; i f ( mode & S_I SUI D) per ms | = APR_USETI D; i f ( mode & S_I RUSR) perms | = APR_UREAD; i f ( mode & S_I WUSR) perms | = APR_UWRI TE; i f ( mode & S_I XUSR) perms | = APR_UEXECUTE;

i f ( mode & S_I SGI D) per ms | = APR_GSETI D; i f ( mode & S_I RGRP) perms | = APR_GREAD; i f ( mode & S_I WGRP) perms | = APR_GWRI TE; i f ( mode & S_I XGRP) perms | = APR_GEXECUTE;

i f ( mode & S_I SVTX) per ms | = APR_WSTI CKY; i f ( mode & S_I ROTH) perms | = APR_WREAD; i f ( mode & S_I WOTH) perms | = APR_WWRI TE; i f ( mode & S_I XOTH) perms | = APR_WEXECUTE; r eturn perms;}

umask^

umask( i nt mask) { ar g1; i nt ol dumask; i nt ar g_count = ZEND_NUM_ARGS() ; ol dumask = umask( 077) ;

i f ( BG( umask) == - 1) BG( umask) = ol dumask; i f ( arg_count == 0) umask(ol dumask);

conver t _t o_l ong_ex( arg1) ; umask( Z_LVAL_PP(ar g1) ) ; RETURN_LONG( ol dumask) ;}

File Attributes^

Each file will have attributes based on the type of OS.. Using the stat command you can view them.

Viewing stat results^


di 37 03/03/2015 23:27


28/37

* %a - Access r i ghts i n octal* %A - Access r i ght s i n human r eadabl e f orm* %b - Number of bl ocks al l ocat ed ( see %B)* %B - The si ze i n byt es of each bl ock repor t ed by %b* %d - Devi ce number i n deci mal* %D - Devi ce number i n hex* %f - Raw mode i n hex* %F - Fi l e t ype* %g - Gr oup I D of owner* %G - Gr oup name of owner* %h - Number of hard l i nks* %i - I node number

* %n - Fi l e name* %N - Quoted f i l e name wi t h deref erence i f symbol i c l i nk* %o - I / O bl ock si ze* %s - Tot al si ze, i n bytes* %t - Maj or devi ce type i n hex* %T - Mi nor devi ce t ype i n hex* %u - User I D of owner* %U - User name of owner* %x - Ti me of l ast access* %X - Ti me of l ast access as seconds si nce Epoch* %y - Ti me of l ast modi f i cat i on* %Y - Ti me of l ast modi f i cat i on as seconds si nce Epoch* %z - Ti me of l ast change* %Z - Ti me of l ast change as seconds si nce Epoch

The OS Attribute Bits^

These defined values are what allows your operating system to determine the type of file being accessed.

#def i ne S_I FMT 00170000 / * These bi t s deter mi ne f i l e t ype. */#def i ne S_I FSOCK 0140000 / * Socket f i l e */#def i ne S_I FLNK 0120000 / * Symbol i c Li nk */#def i ne S_I FREG 0100000 / * Regul ar f i l e */#def i ne S_I FDI R 0040000 / * Di r ector y */#def i ne S_I FI FO 0010000 / * FI FO f i r st- i n- f i rst - out f i l e */

/ * Such devi ces can be r ead ei t her a charact er at a t i me or a "bl ock" ( many charact ers) at a t i me,hence we say t her e ar e bl ock speci al f i l es and char acter speci al f i l es. */#def i ne S_I FBLK 0060000 / * Bl ock devi ce */#def i ne S_I FCHR 0020000 / * Char act er devi ce */

Special Permission Bit s^

#def i ne S_I SUI D 0004000 / * Set user I D on execut i on. */#def i ne S_I SGI D 0002000 / * Set gr oup I D on execut i on. */#def i ne S_I SVTX 0001000 / * Save swapped t ext af t er use ( st i cky). */

Bitmasking to determine Filetype^

#def i ne S_I SLNK( m) ( ( ( m) & S_I FMT) == S_I FLNK)#def i ne S_I SREG( m) ( ( ( m) & S_I FMT) == S_I FREG)#def i ne S_I SDI R( m) ( ( ( m) & S_I FMT) == S_I FDI R)#def i ne S_I SCHR( m) ( ( ( m) & S_I FMT) == S_I FCHR)#def i ne S_I SBLK( m) ( ( ( m) & S_I FMT) == S_I FBLK)#def i ne S_I SFI FO( m) ( ( ( m) & S_I FMT) == S_I FI FO)#def i ne S_I SSOCK(m) ( ( ( m) & S_I FMT) == S_I FSOCK)

Default Permission Masks^

#def i ne S_I RWXUGO ( S_I RWXU| S_I RWXG| S_I RWXO)#def i ne S_I ALLUGO ( S_I SUI D| S_I SGI D| S_I SVTX| S_I RWXUGO)#def i ne S_I RUGO ( S_I RUSR| S_I RGRP| S_I ROTH)#def i ne S_I WUGO ( S_I WUSR| S_I WGRP| S_I WOTH)

#def i ne S_I XUGO ( S_I XUSR| S_I XGRP| S_I XOTH)

Download: ht t pd- 2. 2. 10/ srcl i b/ apr / f i l e_ i o/ uni x/ f i l estat . c (http://uploads.askapache.com/2008/11/filestat.c) , this

file shows a simple way to determine the type of file.


di 37 03/03/2015 23:27


29/37

f i l etype_f r om_mode(mode){ t ype; swi t ch ( mode & S_I FMT) { case S_I FREG: t ype = APR_REG; break; case S_I FDI R: t ype = APR_DI R; break; case S_I FLNK: t ype = APR_LNK; break;

case S_I FCHR: t ype = APR_CHR; break; case S_I FBLK: t ype = APR_BLK; break; case S_I FFI FO: t ype = APR_PI PE; br eak; case S_I FSOCK: t ype = APR_SOCK; break; def aul t : t ype = APR_UNKFI LE;

} r et ur n type;}

Apache Stat Bi ts ^

#def i ne APR_FI NFO_LI NK 0x00000001 / * St at t he l i nk not t he f i l e i t sel f i f i t i s a l i nk */#def i ne APR_FI NFO_MTI ME 0x00000010 / * Modi f i cat i on Ti me */#def i ne APR_FI NFO_CTI ME 0x00000020 / * Cr eat i on or i node- changed t i me */#def i ne APR_FI NFO_ATI ME 0x00000040 / * Access Ti me */#def i ne APR_FI NFO_SI ZE 0x00000100 / * Si ze of t he f i l e */#def i ne APR_FI NFO_CSI ZE 0x00000200 / * Stor age si ze consumed by t he f i l e */#def i ne APR_FI NFO_DEV 0x00001000 / * Devi ce */

#def i ne APR_FI NFO_I NODE 0x00002000 / * I node */#def i ne APR_FI NFO_NLI NK 0x00004000 / * Number of l i nks */#def i ne APR_FI NFO_TYPE 0x00008000 / * Type */#def i ne APR_FI NFO_USER 0x00010000 / * User */#def i ne APR_FI NFO_GROUP 0x00020000 / * Gr oup */#def i ne APR_FI NFO_UPROT 0x00100000 / * User pr ot ect i on bi t s */#def i ne APR_FI NFO_GPROT 0x00200000 / * Gr oup prot ect i on bi t s */#def i ne APR_FI NFO_WPROT 0x00400000 / * Wor l d prot ect i on bi t s */#def i ne APR_FI NFO_I CASE 0x01000000 / * i f dev i s case i nsensi t i ve */#def i ne APR_FI NFO_NAME 0x02000000 / * name i n pr oper case */#def i ne APR_FI NFO_MI N 0x00008170 / * t ype, mt i me, ct i me, at i me, si ze */#def i ne APR_FI NFO_I DENT 0x00003000 / * dev and i node */#def i ne APR_FI NFO_OWNER 0x00030000 / * user and gr oup */#def i ne APR_FI NFO_PROT 0x00700000 / * al l prot ect i ons */#def i ne APR_FI NFO_NORM 0x0073b170 / * an at omi c uni x apr _s t at ( ) */#def i ne APR_FI NFO_DI RENT 0x02000000 / * an at omi c uni x apr _di r _r ead() */

The Apache file information structure.^

apr _ui d_t user ; / * The user i d t hat owns the f i l e */apr _gi d_t gr oup; / * The gr oup i d t hat owns the f i l e */apr_i no_t i node; / * The i node of t he f i l e. */apr _dev_t devi ce; / * The i d of t he devi ce t he f i l e i s on. */apr _i nt 32_t nl i nk; / * The number of hard l i nks to the f i l e. */apr_off _t s i ze; / * The s i ze of t he f i l e * /apr _of f _t csi ze; / * The st orage si ze consumed by the f i l e */apr _t i me_t ati me; / * The ti me the f i l e was l ast accessed */apr _t i me_t mt i me; / * The ti me the f i l e was l ast modi f i ed */apr _t i me_t ct i me; / * The ti me the f i l e was created, or t he i node was l ast changed */const char *f name; / * The pat hname of t he f i l e ( possi bl y unr oot ed) */const char *name; / * The f i l e' s name ( no path) i n f i l esyst em case */

File Time Attributes^

touch

If changing both the access and modification times to the current time, touch can change the timestamps for files that the user

running it does not own but has write permission for. Otherwise, the user must own the files.

Although touch provides options for changing two of the times the times of last access and modification of a file, there is actually a

third one as well: the inode change time. This is often referred to as a file's ctime. The inode change time represents the time when

the file's meta-information last changed. One common example of this is when the permissions of a file change. Changing the

permissions doesn't access the file, so the atime doesn't change, nor does it modify the file, so the mtime doesn't change. Yet,

something about the file itself has changed, and this must be noted somewhere. This is the job of the ctime field. This is necessary,so that, for example, a backup program can make a fresh copy of the file, including the new permissions value. Another operation

that modifies a file's ctime without affecting the others is renaming. In any case, it is not possible, in normal operations, for a user to

change the ctime field to a user-specified value.


di 37 03/03/2015 23:27


30/37

Shared hosting user security ^

Shared hosting user securityApache SecurityMultiuser security setup exampleSSH key fingerprintsExternal Links

WebHost allows you to create multiple users per account. Each user can have domain assigned to its home home directory

accessible via FTP or SSH/SCP. The problem with multiple users on the same account is that they share the same default unix

group, and default permissions allow their files to be easily modified by the members of this group. Usually this doesn't pose aproblem as each user is probably trusted by account owner to not to mess with others files, but if one of the users have their web

application hacked then all other users on the same account will be in danger.

By default all files in your account are created with 644 privileges and directories are with 775. That means any user can read your

files and any user from the same account can move and add files in your freshly made directories. Your home directory is different,

though. By default it carries 751 attribute meaning that only members of your group can see your files, but can't add any new.

These group access schemes are possible, because every user in your account has its primary/default group set to "pgxxxxxx",

which is assigned to every new file you create by default. The normal way to secure users from web-intrusion is to assign a

separate group to the web-server user, removing it from default group. This way, exploited scripts will not be able to traverse into

home directories of other users on your account. To allow account users to update centralized web-site they could be added to

web-site group explicitly. But this "normal way" doesn't work with DreamHost, because you can't delete web-user from the default

group and unless you set access for every new file explicitly, it will be possible for an intruder to read it.

To make managing privileges easier in interactive sessions "umask 007" command can be specified in your .bash_profile - this

makes all new files carry xx0 mask. You also need to control your scripts (web based or cron/shell) so that they set mask for critical

files explicitly. To secure account users from access by means of hacked user script you would also like to define another group for

every user in your account and change group ownership of the user's home directory to that group with "set gid" bit set (and

optional umask 007 in .bash_profile).

Therefore, to secure your users from web-intrusion you need to:

Add a separate user and group for every domain where apache will be runningAdd a separate group for other user accounts

Change the default group for new files created by your users by changing the group of their home directory and setting "set gid" bitfor it (it is impossible to do this with FTP accounts, therefore you will need to login in each account via SSH)Add users who need access to web-site into the web-user groupOptionally set umask 007 in .bash_profile for every user to tweak default WebHost775/664 permissions to something like 770/660for directories and files that are not meant to be read by Apache (660 could also be used for all web scripts including .php as theyare not read by dhapache CGI, but merely executed)

Apache Securi ty ^

All your web files that need to be read by Apache should be readable by everyone as Apache itself is run under dhapache user.

However, executable scripts like .php are executed under your own user and do not have to be world readable as they are not

actually read by Apache, but executed via suEXEC(http://en.wikipedia.org/wiki/suEXEC) . Quite the opposite - to prevent your code

or database settings from being messed by any third-parties you SHOULD set permissions to these files explicitly to something like640 or even 600 depending on who do you trust.

Multiuser security setup example ^

For our example, we will create a rainforce_wwwuser and a aapp_wwwgroup for serving web files with apache and setup a

rainforceuser with a 'aappgroup to manage mail and keep other fi les on DH privately. Since these records already exist,

you will need to subsitute your own names.

Login to create the users rainforce_wwwand rainforcewith shell access.Create two groups - aapp_wwwand aapp. Note that users created in previous step are still members of the same defaultpgxxxxxx group.

Add rainforce_wwwto 'the 'aapp_wwwgroup and rainforceto both the aapp_wwwand aappgroupsMove your domain to rainforce_wwwaccount (mine is rainforce.org)Now login to SSH with your rainforce_wwwuser and change the default group for your home directory with "sgid" bit set tomake all current and new files/directories created in this directory have the same aapp_wwwgroup.


di 37 03/03/2015 23:27


31/37

$ chgr p - R aapp_www . $ chmod 2751 . $ chmod 2771 r ai nf orce. org

By setting 2771 the directory will be writable by the owner, the group and will be only executable by others. The contents of an

executable only directory cannot be listed, but the files inside it can be read (if the permissions of the file allow it). It is important that

the directory can be executable in order to allow static content (e.g. .html files) inside it to be read. Remember that directories you

don't want anyone to have web access to, should be 0770 (writable by the owner and group, or 0750 writable by the owner and

readable by group). Such strict permissions should by applied to password files, php include files or databases files (such as

SQLite, BDB, etc).

Do the same for rainforceuser, but specify aappgroup instead.

$ chgr p - R aapp . $ chmod 2751 .

Optionally modify umask in .bash_profile in user's home to 007 to make all files created by this user have 660 permissions setby default. If you want that newly created files by accessible by the web, you need to manually setup it's permissions to 664.

Now I can login as the user "rainforce" and update the web-site in the ../rainforce_www/rainforce.org directory. There is one more

setup needed. Because files copied from other accounts can have 644 permissions set instead of 664, you need a script which will

update permissions to 664 or 660 to allow other group members modify such files.

SSH key fingerprin ts ^

Just gen your own I guess

External Links ^

Introduction to Unix file permissions(http://oldfield.wattle.id.au/luv/permissions.html)Understanding UNIX permission and chmod(http://www.perlfect.com/articles/chmod.shtml)

Original Article from DreamHost Wiki(http://wiki.dreamhost.com/index.php?title=Security)

Content is available under GNU Free Documentation License 1.2(http://www.gnu.org/copyleft/fdl.html) .

Example File Permission Bits^

/ usr / l i b/ w3m/ cgi - bi n/ di r l i s t . cgi ^


di 37 03/03/2015 23:27


32/37

sub ut ype { l ocal ( $_) = @_; l ocal ( %T) = ( 0010000, ' PI PE' , 0020000, ' CHR' , 0040000, ' DI R' , 0060000, ' BLK' , 0100000, ' FI LE' , 0120000, ' LI NK' , 0140000, ' SOCK' , ) ; r et ur n $T{( $_ & 0170000) } | | ' FI LE' ;

}

sub umode { l ocal ( $_) = @_; l ocal ( %T) = ( 0010000, ' p' , 0020000, ' c' , 0040000, ' d' , 0060000, ' b' , 0100000, ' - ' , 0120000, ' l ' , 0140000, ' s' , ) ;

r et ur n ( $T{( $_ & 0170000) } | | ' - ' ) . ( ( $_ & 00400) ? ' r ' : ' - ' ) . ( ( $_ & 00200) ? ' w' : ' - ' ) . ( ( $_ & 04000) ? ' s' : ( ( $_ & 00100) ? ' x' : ' - ' ) ) . ( ( $_ & 00040) ? ' r ' : ' - ' ) . ( ( $_ & 00020) ? ' w' : ' - ' ) . ( ( $_ & 02000) ? ' s' : ( ( $_ & 00010) ? ' x' : ' - ' ) ) . ( ( $_ & 00004) ? ' r ' : ' - ' ) . ( ( $_ & 00002) ? ' w' : ' - ' ) . ( ( $_ & 01000) ? ' t ' : ( ( $_ & 00001) ? ' x' : ' - ' ) ) ;}

/ us r / l i b/ per l / 5. 8. 4/ l i nux/ s tat . ph^


di 37 03/03/2015 23:27


33/37

eval ' sub S_I FMT ( ) {00170000; }' unl ess def i ned( &S_I FMT); eval ' sub S_I FSOCK ( ) {0140000; }' unl ess def i ned(&S_I FSOCK) ; eval ' sub S_I FLNK ( ) {0120000; }' unl ess def i ned( &S_I FLNK) ; eval ' sub S_I FREG ( ) {0100000; }' unl ess def i ned( &S_I FREG) ; eval ' sub S_I FBLK ( ) {0060000; }' unl ess def i ned( &S_I FBLK) ; eval ' sub S_I FDI R ( ) {0040000; }' unl ess def i ned( &S_I FDI R) ; eval ' sub S_I FCHR ( ) {0020000; }' unl ess def i ned( &S_I FCHR) ; eval ' sub S_I FI FO ( ) {0010000; }' unl ess def i ned( &S_I FI FO) ; eval ' sub S_I SUI D ( ) {0004000; }' unl ess def i ned( &S_I SUI D) ; eval ' sub S_I SGI D ( ) {0002000; }' unl ess def i ned( &S_I SGI D) ; eval ' sub S_I SVTX ( ) {0001000; }' unl ess def i ned( &S_I SVTX) ; eval ' sub S_I SLNK {

l ocal ( $m) = @_; eval q( ( ( ( $m) & &S_I FMT) == &S_I FLNK) ) ; }' unl ess def i ned( &S_I SLNK) ; eval ' sub S_I SREG { l ocal ( $m) = @_; eval q( ( ( ( $m) & &S_I FMT) == &S_I FREG) ) ; }' unl ess def i ned( &S_I SREG) ; eval ' sub S_I SDI R { l ocal ( $m) = @_; eval q(( ( ( $m) & &S_I FMT) == &S_I FDI R) ) ; }' unl ess def i ned( &S_I SDI R) ; eval ' sub S_I SCHR { l ocal ( $m) = @_; eval q( ( ( ( $m) & &S_I FMT) == &S_I FCHR) ) ; }' unl ess def i ned( &S_I SCHR) ; eval ' sub S_I SBLK { l ocal ( $m) = @_; eval q( ( ( ( $m) & &S_I FMT) == &S_I FBLK) ) ; }' unl ess def i ned( &S_I SBLK) ; eval ' sub S_I SFI FO { l ocal ( $m) = @_; eval q(( ( ( $m) & &S_I FMT) == &S_I FI FO) ) ; }' unl ess def i ned( &S_I SFI FO) ; eval ' sub S_I SSOCK { l ocal ( $m) = @_; eval q( ( ( ( $m) & &S_I FMT) == &S_I FSOCK)) ; }' unl ess def i ned( &S_I SSOCK) ; eval ' sub S_I RWXU ( ) {00700; }' unl ess def i ned(&S_I RWXU) ; eval ' sub S_I RUSR ( ) {00400; }' unl ess def i ned( &S_I RUSR) ; eval ' sub S_I WUSR ( ) {00200; }' unl ess def i ned(&S_I WUSR) ; eval ' sub S_I XUSR ( ) {00100; }' unl ess def i ned( &S_I XUSR) ; eval ' sub S_I RWXG ( ) {00070; }' unl ess def i ned(&S_I RWXG) ; eval ' sub S_I RGRP ( ) {00040; }' unl ess def i ned( &S_I RGRP) ; eval ' sub S_I WGRP ( ) {00020; }' unl ess def i ned(&S_I WGRP) ; eval ' sub S_I XGRP ( ) {00010; }' unl ess def i ned( &S_I XGRP) ;

eval ' sub S_I RWXO ( ) {00007; }' unl ess def i ned(&S_I RWXO) ; eval ' sub S_I ROTH ( ) {00004; }' unl ess def i ned(&S_I ROTH) ; eval ' sub S_I WOTH ( ) {00002; }' unl ess def i ned(&S_I WOTH) ; eval ' sub S_I XOTH ( ) {00001; }' unl ess def i ned(&S_I XOTH) ; } i f ( def i ned( &__KERNEL__) ) { eval ' sub S_I RWXUGO ( ) {( &S_I RWXU| &S_I RWXG| &S_I RWXO) ; }' unl ess def i ned( &S_I RWXUGO) ; eval ' sub S_I ALLUGO ( ) {( &S_I SUI D| &S_I SGI D| &S_I SVTX| &S_I RWXUGO) ; }' unl ess def i ned(&S_I ALLUG eval ' sub S_I RUGO ( ) {( &S_I RUSR| &S_I RGRP| &S_I ROTH) ; }' unl ess def i ned(&S_I RUGO) ; eval ' sub S_I WUGO ( ) {( &S_I WUSR| &S_I WGRP| &S_I WOTH) ; }' unl ess def i ned(&S_I WUGO) ; eval ' sub S_I XUGO ( ) {( &S_I XUSR| &S_I XGRP| &S_I XOTH) ; }' unl ess def i ned(&S_I XUGO) ; requi re ' l i nux/ t ypes. ph' ; requi re ' l i nux/ t i me. ph' ; }

Mozilla-Source 1.8a2(http://ftp.mozilla.org/pub/mozilla.org/mozilla/releases/mozilla1.8a2/src/mozilla-source-1.8a2.tar.bz2 )

/ * noti ce t hat t hese val use are octal . */const PERM_I RWXU = 00700; / * r ead, wr i t e, execut e/ search by owner * /const PERM_I RUSR = 00400; / * r ead per mi ssi on, owner * /const PERM_I WUSR = 00200; / * wr i t e per mi ssi on, owner * /const PERM_I XUSR = 00100; / * execut e/ search per mi ssi on, owner * /const PERM_I RWXG = 00070; / * r ead, wr i t e, execut e/ search by group */const PERM_I RGRP = 00040; / * read per mi ssi on, group */const PERM_I WGRP = 00020; / * wr i t e per mi ssi on, group */const PERM_I XGRP = 00010; / * execut e/ search per mi ssi on, group */const PERM_I RWXO = 00007; / * read, wr i t e, execut e/ search by ot her s */const PERM_I ROTH = 00004; / * read per mi ssi on, ot her s */const PERM_I WOTH = 00002; / * wr i t e per mi ssi on, ot her s */const PERM_I XOTH = 00001; / * execut e/ sear ch per mi ssi on, others * /

const MODE_RDONLY = 0x01;const MODE_WRONLY = 0x02;

const MODE_RDWR = 0x04;const MODE_CREATE = 0x08;const MODE_APPEND = 0x10;const MODE_TRUNCATE = 0x20;const MODE_SYNC = 0x40;const MODE_EXCL = 0x80;


di 37 03/03/2015 23:27


34/37

/ usr / i ncl ude/ l i bpng12/ png. h^

/ * Tr ansf orm masks for t he hi gh- l evel i nt er f ace */#def i ne PNG_TRANSFORM_I DENTI TY 0x0000 / * r ead and wr i t e */#def i ne PNG_TRANSFORM_STRI P_16 0x0001 / * r ead onl y */#def i ne PNG_TRANSFORM_STRI P_ALPHA 0x0002 / * r ead onl y */#def i ne PNG_TRANSFORM_PACKI NG 0x0004 / * r ead and wr i t e */#def i ne PNG_TRANSFORM_PACKSWAP 0x0008 / * r ead and wr i t e */#def i ne PNG_TRANSFORM_EXPAND 0x0010 / * r ead onl y */#def i ne PNG_TRANSFORM_I NVERT_MONO 0x0020 / * r ead and wr i t e */#def i ne PNG_TRANSFORM_SHI FT 0x0040 / * r ead and wr i t e */

#def i ne PNG_TRANSFORM_BGR 0x0080 / * r ead and wr i t e */#def i ne PNG_TRANSFORM_SWAP_ALPHA 0x0100 / * r ead and wr i t e */#def i ne PNG_TRANSFORM_SWAP_ENDI AN 0x0200 / * r ead and wr i t e */#def i ne PNG_TRANSFORM_I NVERT_ALPHA 0x0400 / * r ead and wr i t e */#def i ne PNG_TRANSFORM_STRI P_FI LLER 0x0800 / * WRI TE onl y */

/ usr/ l i b/ pyt hon2. 4/ stat . py^

# Extr act bi t s f r omt he mode

def S_I MODE( mode) : r et urn mode & 07777

def S_I FMT( mode) : r et ur n mode & 0170000

# Const ant s used as S_I FMT( ) f or var i ous f i l e types# ( not al l are i mpl ement ed on al l syst ems)

S_I FDI R = 0040000S_I FCHR = 0020000S_I FBLK = 0060000S_I FREG = 0100000S_I FI FO = 0010000S_I FLNK = 0120000S_I FSOCK = 0140000

# Functi ons to test f or each f i l e t ype

def S_I SDI R( mode) : r etur n S_I FMT(mode) == S_I FDI R

def S_I SCHR( mode): r eturn S_I FMT( mode) == S_I FCHR

def S_I SBLK(mode) : r eturn S_I FMT( mode) == S_I FBLK

def S_I SREG( mode) : r eturn S_I FMT( mode) == S_I FREG

def S_I SFI FO( mode) : r etur n S_I FMT(mode) == S_I FI FO

def S_I SLNK(mode) : r eturn S_I FMT( mode) == S_I FLNK

def S_I SSOCK(mode) : r et urn S_I FMT( mode) == S_I FSOCK

# Names f or per mi ssi on bi t s

S_I SUI D = 04000S_I SGI D = 02000S_ENFMT = S_I SGI DS_I SVTX = 01000S_I READ = 00400S_I WRI TE = 00200S_I EXEC = 00100S_I RWXU = 00700S_I RUSR = 00400S_I WUSR = 00200S_I XUSR = 00100S_I RWXG = 00070S_I RGRP = 00040S_I WGRP = 00020S_I XGRP = 00010S_I RWXO = 00007S_I ROTH = 00004S_I WOTH = 00002S_I XOTH = 00001


di 37 03/03/2015 23:27


35/37

/ usr / i ncl ude/ bi ts / stat . h^

/ * Encodi ng of t he f i l e mode. */

#def i ne __S_I FMT 0170000 / * These bi t s deter mi ne f i l e t ype. */

/ * Fi l e types. * /#def i ne __S_I FDI R 0040000 / * Di r ector y. */#def i ne __S_I FCHR 0020000 / * Char act er devi ce. */#def i ne __S_I FBLK 0060000 / * Bl ock devi ce. */#def i ne __S_I FREG 0100000 / * Regul ar f i l e. */

#def i ne __S_I FI FO 0010000 / * FI FO. */#def i ne __S_I FLNK 0120000 / * Symbol i c l i nk. */#def i ne __S_I FSOCK 0140000 / * Socket . */

/ * POSI X. 1b obj ects . Note t hat t hese macros al ways eval uat e t o zero. But t hey do i t by enf orci ng t he cor r ect use of t he macr os. */#def i ne __S_TYPEI SMQ( buf ) ( ( buf ) - >st _mode - ( buf ) - >st _mode)#def i ne __S_TYPEI SSEM( buf ) ( ( buf ) - >st _mode - ( buf ) - >st _mode)#def i ne __S_TYPEI SSHM( buf ) ( ( buf ) - >st _mode - ( buf ) - >st _mode)

/ * Protect i on bi ts . * /

#def i ne __S_I SUI D 04000 / * Set user I D on execut i on. */#def i ne __S_I SGI D 02000 / * Set group I D on execut i on. */#def i ne __S_I SVTX 01000 / * Save swapped t ext af t er use ( st i cky). */#def i ne __ S_I READ 0400 / * Read by owner . * /#def i ne __S_I WRI TE 0200 / * Wr i t e by owner . */#def i ne __ S_I EXEC 0100 / * Execut e by owner . */

/ usr / i ncl ude/ l i nux/ nf s . h^

#def i ne NFS_FI FO_DEV ( - 1)#def i ne NFSMODE_FMT 0170000#def i ne NFSMODE_DI R 0040000#def i ne NFSMODE_CHR 0020000#def i ne NFSMODE_BLK 0060000#def i ne NFSMODE_REG 0100000#def i ne NFSMODE_LNK 0120000#def i ne NFSMODE_SOCK 0140000#def i ne NFSMODE_FI FO 0010000

/ usr/ i ncl ude/ l i nux/ nf s3. h^

#def i ne NFS3_FI FO_DEV ( - 1)#def i ne NFS3MODE_FMT 0170000#def i ne NFS3MODE_DI R 0040000#def i ne NFS3MODE_CHR 0020000#def i ne NFS3MODE_BLK 0060000#def i ne NFS3MODE_REG 0100000#def i ne NFS3MODE_LNK 0120000#def i ne NFS3MODE_SOCK 0140000#def i ne NFS3MODE_FI FO 0010000

/ * Fl ags f or access() cal l * /#def i ne NFS3_ACCESS_READ 0x0001#def i ne NFS3_ACCESS_LOOKUP 0x0002#def i ne NFS3_ACCESS_MODI FY 0x0004#def i ne NFS3_ACCESS_EXTEND 0x0008#def i ne NFS3_ACCESS_DELETE 0x0010#def i ne NFS3_ACCESS_EXECUTE 0x0020#def i ne NFS3_ACCESS_FULL 0x003f

/ usr / i ncl ude/ l i nux/ stat . h^


di 37 03/03/2015 23:27


36/37

#def i ne S_I FMT 00170000#def i ne S_I FSOCK 0140000#def i ne S_I FLNK 0120000#def i ne S_I FREG 0100000#def i ne S_I FBLK 0060000#def i ne S_I FDI R 0040000#def i ne S_I FCHR 0020000#def i ne S_I FI FO 0010000#def i ne S_I SUI D 0004000#def i ne S_I SGI D 0002000#def i ne S_I SVTX 0001000

#def i ne S_I SLNK( m) ( ( ( m) & S_I FMT) == S_I FLNK)#def i ne S_I SREG( m) ( ( ( m) & S_I FMT) == S_I FREG)#def i ne S_I SDI R( m) ( ( ( m) & S_I FMT) == S_I FDI R)#def i ne S_I SCHR( m) ( ( ( m) & S_I FMT) == S_I FCHR)#def i ne S_I SBLK( m) ( ( ( m) & S_I FMT) == S_I FBLK)#def i ne S_I SFI FO( m) ( ( ( m) & S_I FMT) == S_I FI FO)#def i ne S_I SSOCK(m) ( ( ( m) & S_I FMT) == S_I FSOCK)

#def i ne S_I RWXU 00700#def i ne S_I RUSR 00400#def i ne S_I WUSR 00200#def i ne S_I XUSR 00100

#def i ne S_I RWXG 00070#def i ne S_I RGRP 00040#def i ne S_I WGRP 00020#def i ne S_I XGRP 00010

#def i ne S_I RWXO 00007#def i ne S_I ROTH 00004#def i ne S_I WOTH 00002#def i ne S_I XOTH 00001

Further File Permissions Reading^

Related PHP Functions^

fileperms(http://php.net/manual/en/function.fileperms.php)stat(http://php.net/manual/en/function.stat.php)

chmod(http://php.net/manual/en/function.chmod.php)clearstatcache(http://php.net/manual/en/function.clearstatcache.php)chown(http://php.net/manual/en/function.chown.php)chgrp(http://php.net/manual/en/function.chgrp.php)lchown(http://php.net/manual/en/function.lchown.php)lchgrp(http://php.net/manual/en/function.lchgrp.php)touch(http://php.net/manual/en/function.touch.php)lstat(http://php.net/manual/en/function.lstat.php)filestat(http://php.net/manual/en/function.fstat.php)fileatime(http://php.net/manual/en/function.fileatime.php)filectime(http://php.net/manual/en/function.filectime.php)filegroup(http://php.net/manual/en/function.filegroup.php)fileinode(http://php.net/manual/en/function.fileinode.php)filemtime(http://php.net/manual/en/function.filemtime.php)fileowner(http://php.net/manual/en/function.fileowner.php)

filesize(http://php.net/manual/en/function.filesize.php)filetype(http://php.net/manual/en/function.filetype.php)is_writable(http://php.net/manual/en/function.is-writable.php)is_readable(http://php.net/manual/en/function.is-readable.php)is_executable(http://php.net/manual/en/function.is-executable.php)is_file(http://php.net/manual/en/function.is-file.php)is_dir(http://php.net/manual/en/function.is-dir.php)is_link(http://php.net/manual/en/function.is-link.php)file_exists(http://php.net/manual/en/function.file-exists.php)disk_total_space(http://php.net/manual/en/function.disk-total-space.php)disk_free_space(http://php.net/manual/en/function.disk-free-space.php)

Special file types^


di 37 03/03/2015 23:27


37/37

link invocation(http://www.gnu.org/software/coreutils/manual/coreutils.html#link-invocation) : Make a hard link via the link syscallln invocation(http://www.gnu.org/software/coreutils/manual/coreutils.html#ln-invocation) : Make links between filesmkdir invocation(http://www.gnu.org/software/coreutils/manual/coreutils.html#mkdir-invocation) : Make directoriesmkfifo invocation(http://www.gnu.org/software/coreutils/manual/coreutils.html#mkfifo-invocation) : Make FIFOs (named pipes)mknod invocation(http://www.gnu.org/software/coreutils/manual/coreutils.html#mknod-invocation) : Make block or characterspecial filesreadlink invocation(http://www.gnu.org/software/coreutils/manual/coreutils.html#readlink-invocation) : Print the referent of asymbolic linkrmdir invocation(http://www.gnu.org/software/coreutils/manual/coreutils.html#rmdir-invocation) : Remove empty directoriesunlink invocation(http://www.gnu.org/software/coreutils/manual/coreutils.html#unlink-invocation) : Remove files via unlink syscall

Changing file attributes^

chown invocation(http://www.gnu.org/software/coreutils/manual/coreutils.html#chown-invocation) : Change file owner and groupchgrp invocation(http://www.gnu.org/software/coreutils/manual/coreutils.html#chgrp-invocation) : Change group ownershipchmod invocation(http://www.gnu.org/software/coreutils/manual/coreutils.html#chmod-invocation) : Change access permissionstouch invocation(http://www.gnu.org/software/coreutils/manual/coreutils.html#touch-invocation) : Change file timestamps

Tags ^

chmod File Permissions umask

February 17th, 2012

Easy boot.ini Hacks for Windows SysOpsMod_Rewrite Security

Comments Welcome ^

[hide]

It's very simple - you read the protocol and write the code. -Bill Joy

RSS(http://feedvalidator.org/check.cgi?url=http://www.askapache.com/feed/) | XHTML 1.1(http://validator.w3.org/check

/referer?ss=1;outline=1;sp=1;debug) | CSS 2.1(http://jigsaw.w3.org/css-validator/check/referer?warning=0)

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0

License(http://creativecommons.org/licenses/by/3.0/) , just credit with a link.

This site is not supported or endorsed by The Apache Software Foundation (ASF). All software and documentation produced by

The ASF is licensed. "Apache" is a trademark of The ASF. NCSA HTTPd(http://hoohoo.ncsa.illinois.edu/) .

UNIX is a registered Trademark of The Open Group(http://www.opengroup.org/) . POSIX is a registered Trademark of The

IEEE(http://standards.ieee.org/) .

+Askapache(https://plus.google.com/+Askapache) | askapache(http://profiles.wordpress.org/askapache)

Site Map | Contact Webmaster | License and Disclaimer | Terms of Service

Main(http://www.quantcast.com/p-5e44cjdXWaqOA) (http://www.alexa.com/data/details/main/www.askapache.com)


Chmod, Umask, Stat, Fileperms, And File Permissions

Documents

Transcript of Chmod, Umask, Stat, Fileperms, And File Permissions