Some Important Notes About Permissions

TYPICAL PERMISSION SETTINGS:

Executed via the web by anyone: chmod 755 (rwxr-xr-x)

Executed only through the command line: 700 (rwx——)

Library files: 644 (r-wr-wr-w)

World writable: 777 (rwxrwxrwx). This is not necessary on our servers and will only work on files that are placed outside of the cgi-bin directory.

We run suEXEC seamlessly through the Apache webserver. This affects how file permissions are set. This automatically makes the 777 (rwxrwxrwx) permission return an error when applied to file permissions. Perl scripts will never work if the permissions on the file are 777.

Files that would otherwise require world write access (writable files) do not need this permission (777 or rwxrwxrwx). Since the Perl script which will open and write to the file is executed under the owner’s userid, and the file is also owned by the same user, then the file only needs to be writable by the owner, not the world.

Finally, there are some freeware or perhaps even commercial Perl scripts which may require you to set a directory to rwxrwxrwx (chmod 777). Again, this is not necessary. Setting the directory permissions to 755 should always be sufficient. If you do set any directories to rwxrwxrwx, then any Perl scripts located inside of this directory will not execute!

If you must change the permissions of the program’s directory to 777 (rwxrwxrwx) in order to proceed, make sure that you put the program AWAY from your other cgi programs. Make a new directory, put it outside of the CGI-BIN, whatever, but do not change the permissions of your CGI-BIN to 777. This will cause all of the other scripts in www.exmple.com/cgi-bin to FAIL. You should NEVER change the permissions on your cgi-bin directory.

If you have already changed the permissions of your CGI-BIN, you need to change it back to 775 (rwxrwxr-x) or 755 (rwxr-xr-x).

While troubleshooting your scripts, you may be tempted to change everything to 777 (rwxrwxrwx), but if you do, remember that this setting offers absolutely NO security. Once your program is complete, remember to change your permissions to whatever is the most secure setting while allowing the program to still function.

NOTE: HTML documents are not viewable from within the cgi-bin directory structure. If your program is writing to an HTML file, that file must reside within the www directory structure, but outside of the cgi-bin directory.

Was this article helpful?

Yes No

Related Articles