Continued from Page 4

Server Secrets

By

Old Tom

What does file read permission mean? Just what you think it should. It means that if you know where the file is, you have permission to read it.

What does directory read permission mean? Again, pretty much what you would expect. It means you're allowed to scan the directory, to find out what files it contains, and anything else known about each file - when it was created, how big it is, what its permissions are, and so on. So far, so good.

What does file write permission mean? It means you can edit the file; it means you can append to the file; it means you can truncate the file. It does not mean that you can delete the file! Can you see why? To delete the file, is to remove its directory entry. The delete operation requires directory permission, not file permission. It's the same with renaming a file... renaming or moving a file requires write permission for the directories involved. Unix doesn't care if you can even read the file, so long as you have the right directory permission.

Why do you care? When you begin working with CGI scripts, the above becomes terribly, horribly, sadistically significant. But we'll explain that in a bit.

I pretty much just explained what directory write permission means. If you do not have directory write permission, you can not create a file in that directory. Even if you can edit the file, you still can't delete it!

What does file execute permission mean? It means that - in theory - the file can be treated as a self-contained unix program. It might be a "real" program like ls or cp, or it might be a text file such as a php or perl program. Without the necessary x permission, unix will refuse to recognize it. In the case of a CGI script, you'll see a 500 error.

Directory execute permission, however, means something entirely different. You don't "execute" a directory. That is, you don't attempt to run it as a computer program. What else can you do with a directory? We already have scanning and updating the directory covered - that's directory read and write permission. What's left?

If you want to scan a directory to see what's there, that's directory read permission. But what if you already know what you need? You want main.html; you don't need to go looking for it. You just want it. If that directory has execute permission, you can have it. If it doesn't, you can't. Read permission allows you to look around and be nosy; execute permission allows you to have the file you need.

Why in the world do you care about the difference? Because of how your server admin set up your server. I'll explain, but there's one more thing we need to cover first.

Next week is Part Two: One of the Coolest Things in Unix.

Warning
Unix and arrogance go together. Larry Wall, the creater of Perl, calls it hubris, and declares it to be a mandatory trait. A generation ago, the standard answer to any unix question was, "read the man page." It may take you several days to figure out which man page to go read; that fact was both assumed and expected. No self respecting unix guru will waste his time with someone incapable of figuring out which man page to read; and all unix gurus are self respecting.

Don't be put off by the arrogance and condescension of this article. I was portraying the atmosphere endemic to all unix discussions. You do not, of course need to put up with such crap. Instead, just read the man page.

Old Tom