NOTE: This is an archived copy of the Dragonfire Internet Services website. Dragonfire is no longer in operation; please do not attempt to contact any of the addresses listed on this site.

FTP file permission modes

A file mode on a Unix system, such as Dragonfire, consists of three or four digits. The last (or only) three describe who is allowed what kind of access to the file. Each can range from zero to seven, and is actually a sum of zero or more of the values 4, 2, and 1, which have different meanings for files and for directories:



The first of the three digits represents the permissions you (the owner of the file) have; the second represents the permissions granted to everyone besides you your user group (in the case of Dragonfire, that's anyone with a Dragonfire account); and the third represents the permissions granted to all users not in your user group (i.e. anonymous FTP users and Web-surfers).

Useful file modes:

Private file: no one besides you can read the file.
World-readable file: anyone can read the file, but only you are allowed to modify it. This is the default file mode.
World-writable file: anyone can read or write to the file.
Executable file: anyone can read or execute the file. This is the proper mode for CGI scripts.

Useful directory modes:

Private directory: only you have access to the directory contents. (Note that the permissions of files inside such a directory don't matter; they could all be world-writable, but because of the directory protection, only you would be able to read from or write to the files.)
Semi-private directory: the directory's contents can only be seen by you, but files in the directory can be accessed by anyone (assuming the files' modes permit such access). This mode can be used to implement a crude form of password protection. If you create a directory with mode 711, then create another directory inside that directory with mode 755, people who know the inner directory's name will be able to view its contents, but people who don't know the inner directory's name will have no way of finding it out.
Upload directory: people other than you will not be able to see the directory's contents, but they can create or delete files in the directory. A mode similar to this (1703; see the description of the fourth digit below) is used for incoming directories created with FTP accounts.
Note: you may not create your own anonymous-FTP upload directories in this manner. In order to add an upload directory to your account (you can only have one), you must submit an account change request as described in the FAQ. Directories with this mode can be written to only by other Dragonfire users and CGI scripts.
World-readable directory: files in the directory can be accessed by anyone, but only you can create or delete files in the directory. This is the default directory mode.
World-writable directory: as above, but anyone can create or delete files in the directory. This directory mode is primarily useful for CGI scripts that need their own data directories, since the scripts normally run with no priviliges.

What about that fourth digit?

Warning: this section is fairly technical. The file modes described below are not needed for most uses, and this section may be skipped without loss of important information.

The fourth digit, which is optional, describes special modes that have certain effects on directories or executable files. (None of these affect regular files.) It is also composed of a sum of values.

Executable files:

Set user ID. An executable file with this mode set will, when run, have the same permission to access files that you do; in other words, it will be able to write to your world-readable files, create files in your world-readable directories, and so on. Normally, a program will have the same access permission to files that its "parent" program (the program that started it) does; in the case of the web server and CGI scripts, those are the "other user" permissions, i.e. the last digit of the file mode.
Set group ID. As above, but for the user group instead of the user ID. Generally not very useful; but see the description of set-group-ID for directories, and you may come up with something.
No meaning.


No meaning.
Set group ID. For directories, this causes all files and subdirectories created in the directory to be owned by the same group as the directory itself is owned by. Additionally, any directories will inherit this mode by default, so their files and subdirectories will be owned by the same group, and so on. For example, you could use this mode to force all files in a directory to be owned by your user group. (Currently, this mode is not particularly useful, as all users on Dragonfire are in the same user group.)
"Sticky". Where the name for this mode came from seems to have been lost in the mists of time, but in a directory with the sticky mode set, files can only be deleted by their owners. (Normally, anyone with write access to the directory can delete files in it.)

The default value for the fourth digit is zero, and it can be omitted if not used.

How do I interpret the mode characters?

When in FTP, particularly with command-line clients, you'll often see a string like "-rw-r--r--" at the beginning of the line. This is a symbolic representation of the file's modes, and is interpreted as follows:

So the mode string "-rw-r--r--" corresponds to a regular file with mode 644, and "drwx----wt" corresponds to a directory with mode 1703 (the default for incoming directories on FTP accounts).
Andy Church
Last update: 17 March 1997