Using the 'Secure File Transfer Client' to Set Permissions

Contents

Introduction

This guide will explain how to use the Secure File Transfer Client software to manage permissions of files on a remote UNIX computer.

This is necessary to allow the web server to read web pages, but prevent malicious users from reading your private files.

Pre-Requisites

The Secure File Transfer Client is available from Start > All Programs > Communications and Internet. To connect to a remote UNIX computer and upload files, use the host name provided (in the Uploading Files section) for your type of web hosting.

Other Software

Most modern FTP clients have some means of changing file permissions, although it is not always immediately obvious how to do it. I suggest reading the documentation for your favourite FTP client.

If you are wishing to publish files on the web from a machine which doesn't have the Secure File Transfer Client, there are alternative SFTP programs. Please note that these are NOT supported by ISS.

It is recommended that you work through this guide firstly on a Common Desktop computer using the Secure File Transfer Client so that you understand the principles before attempting to use another piece of software.

Alternative Software

Windows
WinSCP - http://winscp.sf.net/
Mac OS X
Fugu - http://rsug.itd.umich.edu/software/fugu/
Linux
GFTP - http://gftp.seul.org/

Setting Permissions

File and directory permissions can be set by accessing the 'Properties' option from the right-click context-menu (Image 1).

The context menu for files and directories, accessed via right-click

Image 1
click to enlarge

Directories

Directories need to have 'execute' permissions in order to be navigated into by the web server, and 'read' permissions to have their contents read. Most people will not require a directory to be read via the webserver - only the files within. All of your web pages will be served initially from the directory public_html.

Image 2 shows the necessary permissions for a directory.

The necessary permissions for a directory: 'x' access for all

Image 2
click to enlarge

Files

Files have to be read, and so need 'read' permissions, as in Image 3.

What happens if I set too few permissions?

If a file or directory does not have sufficient permissions for the web server to read them, visiting the web page will result in 403 Error: Forbidden. The precise error message depends on your web browser: Internet Explorer says You are not authorized to view this page.

The necessary permissions for a file: 'r' access for all

Image 3
click to enlarge

If a directory does not have sufficient permissions for the web server to read it, the same error message occurs. Note that this does not prevent files within that directory from being read, if their permissions are set correctly.

If a directory does not have sufficient permissions for the web server to traverse it (execute permissions), you will get the same 403 error as the above two cases. In addition, you will not be able to read any files within the directory, irrespective of their permissions.

What happens if I set too many permissions?

Giving too many permissions can also be a problem. If it is not necessary for the public to read the contents of your directories, do not give the other or group classes of users read access to them. If you use your UNIX account for purposes other than web publishing, you should avoid giving other and group users read access to your home directory.

Make sure you do not give the other or group classes of users permission to write to your files or directories, If you do, malicious users could publish inappropriate material on your site and you would be responsible. This is not an empty warning: This has happened.

Further Reading

There is a lot of information on all aspects of web authoring, including setting file permissions on the ISS pages. The Web Development Guidelines pages also house useful information.