ArghWebWorks

Oy. Permissions. Permissions in a Linux / Unix environment can be a headache; and who knows what all those little numbers and letters mean?

I do, and you will too.

Of course, every book in the world will tell you that there are three sets of permissions; user, group and world. So something that’s rw-r–r– is writable only by the user but readable by everyone. There’s read, write and executable settings for each one, and they’re marked by “bits”. You know that computers think in binary, and in binary there are only zeroes and ones. Here’s what we’re interested in for the next few minutes.

Decimal 0 = Binary 000
Decimal 1 = Binary 001
Decimal 2 = Binary 010
Decimal 4 = Binary 100

If you look those over, you’ll see there’s only one way to get each of the numbers from 0 to 7 using only one of a number ( ie, you can’t replace a 4 with 2 2s ). A seven has to be a four, a two and a one. No other options. So when you’re saying “change the ownership of somefile to 755″ what you mean is you want the ownership to be read:ON, write:ON, execute:ON for the owner, and read:ON write:OFF execute:ON for everyone else.

If you’re ssh’d into your server and you run an “ls -la somefile” you’ll see something that looks like

-rw-r--r--

which translates to

011000100

or, taking off the first one ( because it’s special and I won’t talk about it here),

110 100 100

If you treat those each as binary numbers and translate them to decimal, you’ll have 644.

What’s this mean?
Basically, 4 is read permissions only. 2 is write permissions only but you can add them together and get 6 which is read and write permissions. There’s only one way to get a six; a four and a two ( you can’t have two threes or three twos ). When you add “executable” to the mix, you’ll see that you can add executable to any of these numbers and get 5 ( read and execute, don’t write ), 3 ( write and execute, don’t read ( weird ) ), 7 ( read, write and execute ).

Note that it doesn’t really make sense to “execute” a directory. The “executable bit” for directories translates to “traversable.” Or, in english, a user can go through the directory without needing read permissions. For instance, to use a contrived example, you could have a /var/logs/user/ directory and just give the users permission to see their own directory; the logs directory could not be readable or writable but be traversable; they could go through it. But if they did a “ls -la /var/logs”, they’d get back an error.

I’ll be honest, I do a lot of command line work. Of course you know by now that Telnet, the granddaddy of connecting-to-command-line programs isn’t very secure, so reasonable people ( and even a few unreasonable ones ) have turned to an encrypted protocol called SSH for their command line needs.

I ssh to the servers my sites are on in order to look at server statistics. I can’t stand automatically generated passwords with numbers, letters, capital letters, punctuation and more than thirty-five characters. They’re irritating, though pretty secure, I’ll admit. So here’s what to do in order to connect more automatically with your server.

First, make sure you have SSH access. With Site 5, it took me an email. With Hostgator, it took an email and a scanned copy of my driver’s license. No big deal, really. Ok, now you’ve got access to the server, what next?

I like a SSH client named Putty. Don’t use this in countries that outlaw encryption, for gods’ sake! Download Putty and PuttyGen ( you’ll need this in a couple of minutes). You can save them to your desktop, or to a thumbdrive, or whatever. Save the files.

Then run PuttyGen by double clicking on the icon. You want to create a SSH RSA 2 key. Click “generate.” You’ll need to “create some randomness” by moving the cursor around the blank area. Nothing fancy, just move the mouse. Click “save public key” to save the public key. You’ll want to come up with some identifying name for it; let’s use myserver.pub. And then you’ll need to save the private key. Click “Save Private Key” and it’ll ask you for a passphrase. A passphrase is a good idea, but if your computer is in your house and nobody else uses it, et cetera, you may not need one. Use your judgement. If you’re doing this on a laptop or a thumbdrive, you’ll want to use a passphrase. It’s just like a password. Enter “myserver.ppk as the name of the key and click OK to continue.

Hopefully this is the only time you’ll need your password for your account at your host. Click on the putty.exe file and run it. Type the name of your host ( possibly www.domainname.com, however you’d normally connect ) into the host box and make sure “ssh” is selected for connection type. Connect, and type in your password. You’re logged in now! Yay! See if there’s already a .ssh directory there with the command “ls .ssh”. If it’s not there, create the .ssh directory with the command “mkdir .ssh.” Chmod it to usable only by you: “chmod 700 .ssh”.

Enter the .ssh directory ( cd .ssh ) and look for a file named “authorized_keys.” If it’s not there, don’t worry, we’ll create it. Go back to where you saved your public key ( above, with the PuttyGen software. The public key is the one named “myserver.pub.” Open it up with a text editor like notepad. It should look something like this:

ssh-rsa AAB3NzD+rXhGEB9Bt6kEotYi/+gvcGKrRpeNIIekJvnCj4jAsmu9eQHgwxJq1rsTqo0iJAw0B6w0LPn+0omkorYcqA89OK/gsI1VuFuS+WV4oFCXbRBqJJkdkxz972uOqj/rn7re/zn3oKzsPhqUKCtdjz/c7S/zAX5DLT/DDhWkzS4QzrlZYWI0H8ruKh7ZcmOd7texXFkFFRYca7djvsFIbLQ//KVMAZ2l78r53SSvnNd2GoF3n9yvQsslze0t7Dh9t1i4Hni53rc990jpw==

with a comment at the right end of it ( leave the comment there ). Copy that entire thing. Go back to the Putty window and type “cat >> authorized_keys” and hit return. The cursor will drop to the next line. Paste in your public key, hit enter, and then hit “Ctrl-D” and enter, and your authorized keys file will be complete. You’ll want to “chmod 600 authorized_keys” to make sure that only you can read it. Or write it. Make sure the file is only one line long; the ssh key shouldn’t be broken into separate lines.

Ok, exit from your putty program. Close it up and restart it. Enter your server’s host name again in the box, and ensure it’s set for SSH. On the left hand window pane, go to “connection” and then to “rlogin.” Enter your username. Then go down a little more in the left window and hit “SSH” and then “Auth.” Use the myserver.ppk private key for authentication. It’s just like every other file- browse box. Make sure you go back to the left hand pane, back up to “Session” and save it. You’ll need to enter a name in the “name” box and then press “save.”

To use it, double click on the saved name in the little window. If everything went according to plan, Putty will read the private key (you’ll need your passphrase here if you used one ), generate the public key, and then use that to authenticate with the server, and then log you in.