File Permissions for Web Pages
Note: A separate set of rules apply to CGI scripts in your cgi-bin directory. Please read the notes on the CGI Guidelines page for more information.
Security is a big deal these days, especially as more and more people start to use the web. Your web page really isn't any good if anyone can come along and change what you've written. There are a few ways to restrict access to who can see and modify your web pages, then. (This is most pertinent for keeping people with access to WPI machines from modifying files in your "public_html" web directory.)
If you are interested in knowing how to restrict access to your web pages from across the internet (i.e. through Netscape or some other web browser), please refer to our access restriction page.
Setting up your web site permissions
Try out the new automatic website permissions tool.
If you have never setup a web site on your WPI account, you will want to read the Creating Your Homepage at WPI page which will detail the beginning steps to setting up your account and first web site. If you are trying to view your web page and are getting errors such as "403 Forbidden" then you will want to read the following section to help resolve permission issues.
In order for the web server software installed on WPI's
machine to find your web page, your home directory must have
certain permissions. You can use the following command in
SSH to set
chmod 711 ~
Once your home directory permissions are set, you will need to
set permissions on the directory that your web site is stored in.
The following command will do that for you:
chmod 711 ~/public_html
Now, you need to set the permissions of all of the files
inside of the folder. To do this, use this command:
chmod -R 644 ~/public_html/*
If you have any directories in your Public HTML folder, you must set those
to have a different permission. To do this, use this command:
chmod 755 ~/public_html/folder-name
Those commands should resolve any permission issues that you might be having with your web site. If you would like more information on the chmod command and how to use it as well as a list of other permissions you can set, please refer to the chmod page.
Permissions and .htaccess-related files
If you are using .htaccess files to restrict access to your webpage, you will want to ensure the associated security files (.htaccess, .htgroup and/or .htpasswd), are secure. To do this WPI has installed a program which will change the read permissions for a file to the owner (you), and "nobody." The result is a secure file you can modify and the webserver (thus the web browsers) can see, but others local at WPI can't modify.
To set a file's group to "nobody" run the nobody command at the UNIX prompt. The argument for this program is a directory name. It will descend a directory tree and change the files in it to the "nobody" group. After removing the access for "others" the web would be private. Examples:
chmod -R 701 ~/public_html/directory-to-protect
If you want to return the files to a different group, use the reclaim program at the UNIX prompt. It takes a filename as an argument, and is not recursive like nobody, in other words, if you want to reclaim a directory and all of the files inside, you will need to run the command on every file and every directory.Maintained by itweb.
Last modified: Mar 11, 2005, 15:47 EST