In order for a CGI script to work, the permissions on the script must be set to allow the script to do what it needs to do. For example, a CGI script must always be set to allow execute access (running of the script); for scripts that need to update files, permissions must be set to allow write access to those files.
It's not that complicated once you have installed a few CGI scripts; however, there are different ways to say the same thing when it comes to permissions. This page is meant to provide an overview of the various types of permissions, how they are written and how to set them.
The information provided in this document assumes that you have some experience with CGI scripts and understand basic file permissions.
When you create a file on the web server or upload a file to the server using FTP, a set of default permissions are assigned to the new file. These permissions would look something like this:
-rw-r--r-- index.html
These permissions allow:
The leading character differentiates between files and directories (with a - indicating a file and a d indicating a directory).
These default permissions can also be written using a numeric mask, where the numbers indicate the permissions settings. The numeric mask for these default settings would be "644" (sometimes also written as "0644", "chmod 0644" or "chmod 644"). The numeric mask is mentioned since it is often the notation used in CGI script help files. It's good to be able to convert that to a permission you understand and know how to set.
When you create a directory, the default permissions are something like this:
drwxr-xr-x public_html
These permissions allow:
Execute permissions are needed for directories so that you can access the directory. It does not mean that the directory will be executed (it is not a program) but rather allows the user to enter the directory and read the file listing.
The numeric mask for these default settings would be 0755.
When a file is a CGI script, execute permissions need to be set in order to allow the script to execute (run). The proper permissions are something like this:
drwxr-xr-x script.cgi
These permissions allow:
Setting Write Permissions: Files
When a CGI script needs to update a file, the permissions need to be set in order to allow the script to read and write the file. The proper permissions are something like this:
-rw-rw-rw- file.html
These permissions allow:
You should NEVER set a CGI script to 0666. This would mean that anyone could edit the script and add whatever commands they wanted to the program. That is a significant security risk.
When a CGI script needs to update a directory (ie - create a new file), the permissions need to be set to allow everyone to read, write and execute the directory. The proper permissions are something like this:
drwxrwxrwx directory
These permissions allow:
The numeric mask for these permission settings would be 0777.
Just because you can write to a directory does not mean that you can write to all files in a directory. For directories, write permissions mean that you can create new files, but they do not mean that you can update existing files. Existing files can only be updated if the permissions on those files are set to allow writing.
This table summarizes the information presented above:
5.2.x 5.3.x 5.4.x 5.5.x 5.6.x 7.0.x 7.1.x 7.2.x
5.0.xx 5.1.x 5.5.x 5.7.x 10.x.x
11.6x.x 11.70.x 11.72.x
4.7.x (older versions available)
5.2.x 5.3.x 5.4.x 5.5.x 5.6.x 7.0.x 7.1.x 7.2.x
5.0.xx 5.1.x 5.5.x 5.7.x 10.x.x
11.6x.x 11.70.x 11.72.x
4.7.x (older versions available)