3.2.3. File permissions

	Important
	This process only really applies if your PHP-Nuke will be installed on a Linux/Unix server, if instead you will install it on Windows operating systems you don't have to do anything.

File permissions are usually grouped together in groups of three, like this: (rwx)(rwx)(rwx). The first group are the user permissions, the second one the group permissions and the third one the permissions for "others". A good mnemonic for this grouping is UGO (User, Group, Others). Inside each permissions group, a certain permission may or may not be present. Thus, the user (owner) of the file will usually have read and write permissions (and execute permission too, if the file is executable), but the group permissions may only allow read access and "others" may not be allowed to access the file at all, neither for reading, nor for writing or execution.

If you imagine that the existence of a permission is denoted by a 1, while its absence by a 0, then you end up with a representation like (111)(111)(111), where all permissions are present for all, or (000)(000)(000), where they are absent for all. Of course, any other combination is possible, for example (111)(110)100), which denotes read, write and execute permissions for the user (all 1s are present in the first grouping: (111)), read and write permissions for the group (only the first and second 1s are there in the second grouping (110)) and read permission for others (since only the first 1 is there, while the rest are 0s in the third grouping (100)).

Writing down a sequence of nine 0s and 1s is not very practical, so one came with the idea to interprete each one of the three groupings as a binary number. A (111) would thus mean a 7, a (110) a 6, a (100) a 4. Taken together, the sequence (111)(110)100) of the example above would be represented by the number 764. That's compact and widely used.

Unfortunately, it is also very cryptic, since most people didn't have much exposure to the binary number system at school, not to mention everyday life. How is one going to understand instructions like "set file permissions to 644" then?

Luckily, there exists an easy mnemonic for this: "4,2,1", that is the first 1 counts as a 4, the second as a 2 and the third one as 1 - a 0 is always a 0, by the way, even in the binary system.

Whenever you see a 1 in the first position of a permissions triple, you add a 4, whenever you see one in the second, you add a 2 and if you see it in the third, you add 1. You do this for UGO, that is for User, Group and Others and you end up with a three digit number that represents the permissions of the file.

Most of the time, however, you will be busy deciphering permissions, rather than formulating them yourself in this cryptic manner. So how do you go about interpreting a permissions representation like 764 that was given to you in a document like the PHP-Nuke HOWTO?

For this, you will need to develop a "feeling" of how each of the three numbers (7, 6 and 4 in this example) can be written a a unique sum of 4s, 2s and 1s. For example 7 is 4+2+1, 6 is 4+2 and 4 is just 4. A 4 in the sum represents a 1 in the leftmost position. If a 4 is not present in the sum, the leftmost position is a 0. A 2 in the sum reperesents a 1 in the middle position - if there is no 2 in the sum, you just write a 0 there. Finally, a 1 in the sum represents a 1 in the rightmost position, while if there is no 1 in the sum, you write a 0 there.

Now if you remember that the leftmost 1 or 0 in a pattern like (111) denotes a read permission or the absence or it, a 1 or a 0 in the middle position denotes a write permission or its absence and a 1 or 0 in the leftmost position denotes an execute permission or its absence, then you can take a permissions represenation like 764 above, see that 7=4+2+1 and realize that it means (111), see that 6=4+2 (or 4+2+0, if you like) and realize that it means (110), finally see that 4=4 (or 4+0+0) and realize that it stands for (100), and you can see that 764 is equivalent to (111)(110)(100), meaning read, write and execute permissions for the user (owner), read and write permissions for the group and only read permissions for others.

Easy after all, isn't it?

For more information on permissions, see:

• Setting Unix Permissions For Web Pages

• An Introduction to Unix Permissions

• Understanding UNIX permissions and chmod

• Tutorial: UNIX Permissions

Setting up permissions on files serves the purpose of having them execute only certain operations (write, execute etc.) when called. Setting them up correctly is important for PHP-Nuke to operate in its full functionality.

The right permissions for PHP-Nuke are the following (for the base permissions, see Section 23.4.4 in the context of security):

• Files: 644

• Directories: 755

Only directories that require upload access (like the forum's avatar folder, if you allow avatar upload) should be set to 777 and files that get data written to them by the program should be set to 666.

With WS_FTP you must select the files or folders on which you want to impose the permissions and, with the right mouse key, to select the option "chmod (UNIX)" (see Figure 3-4).

The window "Remote file permissions" will appear (see Figure 3-5). To change the permissions on a directory as required to 755, for example, check the boxes as shown in Figure 3-5 and press "OK".

This procedure will cost you some time, but it is very important to carry out. Moreover, you will have to do it every time you insert a new file or module to your PHP-Nuke.