We Host Sheep

Okay, so I was asked today what the CHMOD values are and what they mean. As many of you know, there are file permissions set into linux/unix environments that allow you to set permissions on OWNER, GROUP and PUBLIC/EVERYONE.

As you become more aware of software in the system you may find that permissions are set in such a way that you are allowed to execute some files, but not read them, but you may be able to read them, but not execute them, or you may be able to read and write, but not execute.

When you view the permissions on a file, you may see:

0764 john:staff index.php

What does this mean? Well, it actually means 3 things to 3 different groups. Firstly, ignore the first number. The numbers we are interested in for this purpose, is the last three 7’s. The three different numbers can be broken up as follows:

The first number (7) is for the owner of the file (john).

The second number (6) is for the group that owns the file, (staff).

The third number (4) is for everyone else.

These numbers, are actually a calculation of 3 other numbers. These relate to, read, write, execute.

When we set permissions, we calculate with the following values:

Read: is given the value 4
Write: is given the value 2
Execute: is given the value 1

When we calculate permissions, we add the values of the functions we want to give the user, together. For example:

John, owns the file and has the value 7 in his permissions. This means:
John can (4) read the file, (2) write to the file and (1) execute the file.
4+2+1 = 7

His group (staff) have the value 6 in their permissions. This means:
staff users can (4) read the file, and (2) write to the file.
4+2 =6

Everyone else, has the value (4) applied, which means:
They can (4) read this file.
4 = 4

This will work in more complex situations as well, for example, if you want to chmod a file so that everyone can execute it, but not see it’s contents, you could set the permission as follows:

chmod 001 file.ext

If you want people to be able to write to the file only (such as a log file, or drop directory):

chmod 002 file.ext

Note: When an application asks you to chmod a file/folder to 777, this means that ALL USERS ON THE SYSTEM CAN READ AND WRITE AND EXECUTE YOUR FILES. This means, I can see your passwords in config files, move your files around or even delete them.

DO NOT DO THIS UNLESS YOU KNOW WHAT YOU ARE DOING. For those wanting to know more about file system permissions when using apache, mysql and other systems (in order to secure your paths), you might be interested in reading about the ProFTPd root jails, SSH root jails and Apache and the File Permissions

That’s right! When you are starting your development machine, which is packed full of developer goodies (gtalk, skype, apache, mysql, mssql, tomcat, eclipse, etc) you will eventually face a scenario where something conflicts. Normally this swag of developer tools works in perfect harmony with eachother, however on some occasions lines are crossed, relationships are torn apart and war breaks out over port usage.

If the Apache process fails to boot prior to the skype process at system startup time, you may very well lose your 80 and 443 ports! Skype uses them to assist in incoming communications from other Skype users (as these ports are normally free on a ‘reasonable persons’ computer - and chances are that these ports would be less war-provoking from firewall applications.

So if you have Skype and your Apache fails to start due to port conflict, here’s how you fix it:

Skype -> Tools -> Options
Click on Advanced
Uncheck “use port 80 and 443″

Okay, so if you don’t have skype (and your on a windows machine) you can use:

(cmd prompt) C:\>netstat -lo
look for the PID that is using host:http as it’s port
fire up windows task manager (alt+ctrl+del, then task manager)
View -> Select Columns
Check “PID”
Look for PID # XXXX in your list
Fix/Kill that process.