Subscribe to our Monthly Newsletter

A Complete Guide To chmod: recursive, force, and More

What Is chmod?

The purpose of chmod – which stands for Change Mode – is to change access permissions for files and directories. It’s also able to modify special mode flags, such as sticky bit mode, SUID, and SGID. It’s been present in Linux and other Unix-like operating systems since the 70s, in AT&T’s Unix Version One, but in the time it’s been in use, a number of access_control_lists have been added to increase the flexibility of the command.

How Is chmod Used?

(Advice in this section is courtesy of Computer Hope).

The proper syntax for chmod, depending on how you want to use it, is as follows:

chmod [OPTION]… MODE[,MODE]… FILE…
chmod [OPTION]… OCTAL-MODE FILE…
chmod [OPTION]… –reference=RFILE FILE..

Options

In all cases, you start by defining which options you want to implement. The most common options include verbose (-v or –verbose; shows the items you’re processing), recursive (-R or –recursive; includes objects stored in subdirectories) and force (which ignores errors and continues applying chmod). In the event that a symbolic link is included, chmod includes the file or files specified in the link.

Additional chmod options include…

  • -c or –changes: Describes the action for each file whose permissions change.  
  • -f, –silent, or –quiet: Instructs chmod not to print out error messages.
  • –preserve-root: An option that can only be applied with –recursive; this prevents any attempts to recursively change the root directory.
  • –no-preserve-root: Ignores any preceding –preserve-root options. Again, only relevant when using –recursive.
  • -reference=ref_file: Changes the mode of each file so that it’s the the same as the reference file specified.

Modes

(The majority of the information in this section is provided courtesy of freebsd)

Absolute Modes

There are eight different file permission modes in Linux: read, write, and execute; read and write, read and execute, read only, write and execute, write only, execute, and none. With chmod, these modes are defined in an octal format, using 0 through 7. There are four digits in the command; the first digit is optional and used to define special flags while the second to fourth are used to set permissions for the file’s owner, the user group, and other users outside that group.

These octal values represent absolute modes, which are put together from the sum of one or more of the following:

4000: (setuid): Sets executable files to run with the effective uid of the file owner. Directories with this bit will force all files/subdirectories created in them to be owned by the directory owner.

2000: (setgid): This will run executable files with the effective group id of the file owner.

1000: (sticky bit): Used to indicate special treatment for directories. Read more about it here.

0400: Allows read exclusively by the file owner.

0200: Allows write exclusively by the file owner.

0100: Allows execution exclusively by the file owner.

0040: Allows read exclusively by group members.

0020: Allows write exclusively by group members

0010: Allows execution exclusively by group members

0004: Allows other users to read

0002: Allows other users to write

0001: Allows other users to execute

Symbolic Modes

Modes can also be defined symbolically, with the following syntax:

mode ::= clause [, clause …]
clause ::= [who …] [action …] action
action ::= op [perm …]

who     ::= a | u | g | o
op ::= + | – | =
perm    ::= r | s | t | w | x | X | u | g | o

Who specifies the user, group, and other parts of Mode. Perm represents portions of mode as follows:

  • r: Read
  • s: Setuid and Setgid
  • t: Sticky
  • w: Write
  • x: Execute/search
  • X: Execute/search if the file is a directory or execute/search is set in the original mode Only used in conjunction with the op symbol +
  • u: User permission bits in the original file
  • g: Group permission bits in the original file
  • o: Other permission bits in the original file.

Further, op represents the operation performed, taking into account the following:

  • “+” Only works if ‘perm’ has been specified. If no value has been specified for who, each bit specified in perm is set. If both who and perm are specified, the mode bit represented by them is set.
  • “-“ Has the opposite effect of ‘+;’ clearing values instead of setting them.
  • “=” Clears the who value. If no who value is specified; clears owner, group, and mode. Following that, if who still is unspecified, sets perm values.

Finally, clause represents operations to be performed on the mode bits, in the order specified.

What chmod Operations Should You Generally Avoid?

There’s really only one chmod operation that you should generally avoid, as using it can cause some pretty significant security issues on your server. This is chmod 777.  There’s a very good reason you shouldn’t use this one – it gives full permissions to anyone who accesses your server.

That represents a pretty significant security risk. Instead, it may be better to simply use chmod 775, or have whatever script you’re creating run as the owner of the files with the SUID flag.

In addition, where directories are concerned; avoid using 664 for your permissions. You need to execute permissions on a directory in order to access it; removing that permission will break whatever you apply it to.

A Few Additional chmod Tips

We’ll wrap up with a bit of extra advice related to chmod:

    • Remember that you need read permissions in order to list directories and subdirectories.
    • You can set all files in a folder or directory to writeable with chmod -R 775 [directory]
    • Files and directories can have permissions applied independently through the find command. For example:
  • find . -type f -exec chmod 640 {} \; for files and find . -type d -exec chmod 750 {} \;
  • Generally, “site chmod” through ftp has only basic functionality – it’s not the full Linux command, so what you can do with it is extremely limited.
Continue Reading · Comments { 0 }

Why You Can’t Afford Not To Protect Yourself From DDoS Attacks

ddos

Image Credit: Thierry Ehrmann

On February 11, 2014; Cloudflare’s European and U.S. data centers very nearly had their networks taken offline by the largest Distributed Denial of Service attack in history. Directed at one of Cloudflare’s customers, malicious traffic at the time of the attack topped 400 Gbps, taking place over a new – and previously undefended – attack vector. Worse still, many have pointed to this attack as a sign of worse things to come.

“Someone’s got a big, new cannon,” said Cloudflare CEO Matthew Prince over Twitter, talking about the attack. “Start of ugly things to come.”

He’s not wrong. DDoS attacks are on the rise, and it’s going to get worse before it gets better. As groups like Derptrolling and Lizard Squad parade about liberally shelling websites and networks, other, more insidious criminal groups operate behind the scenes, using DDoSing as a cover for theft or fraud. Continue Reading →

Continue Reading · Comments { 0 }

Why Your Startup Can Fail After Year Five – And How To Prevent That From Happening

new york skylineThere’s a mantra that’s all too commonly repeated in the small business sector – the notion that upwards of 80% of businesses fail, usually within the first year. It’s an intimidating figure; one that drives home the difficulty of success as an entrepreneur.

It’s also woefully inaccurate.

“As far as we can tell,” writes Glenn Kessler of The Washington Post, “there is no statistical basis for the assertion that 9 out of 10 businesses fail.

It appears to be one of those nonsense facts that people repeat without thinking too clearly about it.”

The problem is that everyone seems to have a different idea of what constitutes failure.

If a business doesn’t return on the initial investment made by venture capitalists, but otherwise manages to stay afloat, has it failed? If a company ends up being acquired or absorbed by another organization, is that failure? If a startup doesn’t meet one of its projected goals, is it dead in the water?

“About three-quarters of venture-backed firms in the US don’t return investor’s capital, according to recent research by Shikhar Ghosh, a senior lecturer at Harvard Business School,” writes Deborah Gage of The Wall Street Journal. “His findings are based on data from more than 2,000 companies that received venture funding from 2004 through 2010.”

“There are also different definitions of failure,” Gage acknowledges. “If failure means liquidating all assets, with investors losing all their money, an estimated 30% to 40% of high potential U.S. startups fail, he says. If failure is defined as failing to see the projected return on investment—say, a specific revenue growth rate or date to break even on cash flow—then more than 95% of start-ups fail, based on Mr. Ghosh’s research.”

Not only that, notes Kessler, different industries have different failure rates. A startup in the home computing sector, for example is going to be dealing with different challenges than one involved with manufacturing; one is going to be either more or less likely to fail than the other. Lumping all industries together under one umbrella only skews the data further. Continue Reading →

Continue Reading · Comments { 0 }

The Anatomy Of EMC: DAE, DPE, SPE, And More

emc vnxParticularly if you’re new to the hosting space, all the jargon floating around about server architecture can be more than a little overwhelming.

At times, it can almost feel like people are speaking an entirely different language.

Today, we’re going to see if we can eliminate at least a bit of the confusion and mysticism.

We’re going to go over some of the terminology, components, and concepts commonly associated with EMC’s storage products – the VNX/VNXe series in particular.

Let’s get started.

(Definitions drawn from Justin Paul and StorageNerve) Continue Reading →

Continue Reading · Comments { 0 }

What Protocols Send & Receive Email With The Mail Server?

emailAlthough it may not seem like it today – in the era of Smartphones, Tablets, and Facebook – email’s a pretty revolutionary technology.

The development of the technology rendered a whole crop of traditional communications methods all but obsolete, and even though it’s been around for a while, it’s still every bit as relevant as it used to be.

When you think about it, that’s pretty impressive.

As such, it’s sort of a shame that there are so few people who understand how email works – and I mean really understand it; the protocols behind it and the infrastructure that makes it possible.

Let’s see if we can’t increase that number a bit. Today, we’re going to go over the four primary email protocols, explaining each one with regards to both its own purpose and the function of its peers.

Let’s get started. Continue Reading →

Continue Reading · Comments { 0 }

Using noatime, And Related Gems In Linux’s fstab

filespeedOne of the more important configuration files in Linux is the File Systems Tab: fstab.

Generally located in the /etc/ directory, it’s used to define how stuff should be mounted into Linux.

What that means is that if you have a decent idea what you’re doing, you can enjoy some pretty significant performance increases on any servers you happen to be running, whether they’re physical or virtual.

It sort of goes without saying that if you’re going to be running a server, you need to understand how it works.

That’s what we’re going to discuss today. We’ll start by explaining a bit about exactly how fstab works, before moving into a description of the different attributes you can define in order to modify how it loads your files. By the time we’re done, you should have a relatively sound concept of how to modify your Linux file system for performance – and for a whole lot of other stuff, too. Continue Reading →

Continue Reading · Comments { 0 }

Server Mania’s Complete Guide To Global Variables In PHP

dollar signHey there, folks! Today, we’re going to talk about the rather contentious subject of global variables in PHP. If you’re working with PHP, you’re probably going to run into them at one point or another – better you understand them right out the door, rather than having to learn them on the fly, right?

Shall we begin?

A Word Of Warning

Before we get started, it’s worth mentioning that global variables are something that should be used very sparingly. Not only can they be defined anywhere in the code – meaning there’s no one place to look to see what a variable’s used for – they also introduce additional parameters to your code, some of which may be impossible to document. On top of that, because of the way variables are created in PHP, there’s no way to be certain whether or not a particular variable has been created – and hence whether or not it is accessible.

Last, but certainly not least, other developers may use variables with names identical to yours – meaning that combining your code with other plugins or applications could break something fundamental.

So, I repeat, use global variables sparingly. It is also a good idea to name your variables with a prefix such as “$g_” so that you can immediately recognize them as globals when you refer to them. It’s also wise to include plenty of comments in your code regarding how the global should be used and where it is defined and modified.

However, it’s worth noting that globals in PHP are a bit different from globals in other languages, the scope being limited to a single HTTP request (which is actually smaller than session variables). Globals work a bit different in PHP and aren’t considered quite the mortal sin they would be considered in, say, C++. Globals in PHP are more like ThreadLocals in Java than true globals.

The most important thing to keep in mind is that you want dependencies to be plainly apparent and clearly spelled out (ideally in a central Registry). You should never use globals to magically teleport information. Continue Reading →

Continue Reading · Comments { 0 }

How The Software Defined Data Center Will Rock The Small Business World

clouds“Imagine,” reads a product page from IBM Systems, “an entire IT infrastructure controlled not by hands and hardware, but by software. One in which workloads like big data and analytics are serviced automatically by the most appropriate resource.”

This, explains IBM, is known as a software-defined environment – literally an environment in which hardware is functionally irrelevant; one in which everything is controlled through software switches. Continue Reading →

Continue Reading · Comments { 0 }

Five Things You Need To Know About Hosting A Game Server

eve“It’s a sad fact of life that on the Internet, each game is a self-contained dictatorship,” writes CVG’s Phil Wand.

“If you’re not contributing to its upkeep, you have no right to be there. Instead of having your butt kicked between servers by short-tempered 14-year-olds, why not set up your own server for you and your friends and make your own set of rules?”

It’s not an uncommon idea, really, nor is it an unattractive one.

The idea that you could run your own server – be your own administrator and set your own rules – is one that appeals to pretty much anyone who’s ever played an online game.

Believe it or not, setting up your own server is actually a lot less daunting than you’d think.

Of course, there are certain things you’ll need to understand if you’re to succeed – certain guidelines you’ll need to follow. That’s what we’re going to talk about today. Continue Reading →

Continue Reading · Comments { 0 }

IP Blocking and iptables in Linux

blockAs a webmaster, you’re eventually going to deal with an abusive user (or several).

It’s more or less an inevitable hurdle to doing business online.

Maybe they’re spamming your comments section, flooding your server with requests, or harassing your other readers.

Either way, you want to get them gone before they cause you any more of a headache than they already have.

Don’t worry. Provided you understand how iptables works – and for the purpose of this piece, we’re assuming you do – it’s actually fairly easy to do.

We’ll walk you through the process, as well as a few of the commands you’re going to want to use.

Once we’re done, you’ll know how to do everything from blocking a specific address straight down to preventing Denial of Service attacks.

Sweet, right?

Let’s get started. Your first step is to log in to your web server either through your control console or through a secure connection. Make sure you’ve got root access – you’re going to need it.  Continue Reading →

Continue Reading · Comments { 0 }