jtara - 4:48 pm on Mar 11, 2008 (gmt 0)

Unix permissions 101:

Permissions can be set for three contexts:

User - you, your user ID
Group - your group, any user ID in your group
Other - any other user ID not in your group

Groups are rather arbitrary and can represent anything. If you are on shared hosting, you have no control over this. The group might be "customer", different customer classes, or, more securely, they might create a group for each customer equal to your user ID.

Within each context, you can control read, write, and execute permission.

In the "old style" notation system, an octal digit represents the permission bits for each of user, group, and other. A 3-digit octal number represents all of the permission bits. The bits in each digit represent read, write, and execute in that order.

0ugo, replace each of ugo with an octal digit

Within each digit:

1 = execute
2 = write
4 = read

Thus 4 = read permission
6 = read/write permission
Etc.

umask is the 1's compliment of the bits that you do NOT want to be set when you create a file with default permissions. That is, you set a bit in the umask for each permission bit you do NOT want set.

Keep in mind that this has NOTHING (OK, little) to do with whether the outside world can see your files. The outside world can see your files if your web server has permission to read the files, and is configured to allow access to the file.

Depending on how the web server is configured, you MIGHT be able to use Unix permissions to deny access to the web server. But web servers have their own permission system additionally for granting access to the outside world that has nothing to do with this, and doesn't work the same way.

And, sorry, that does point out an error in my initial response: 600 might not be appropriate on all shared hosts - depends on what user/group the web server operates as. If the server runs as root, it has access to all of your files, no matter what you do. If it doesn't run as root, you will need to grant to appropriate permissions. This is a site configuration issue which will vary, and you will just have to follow the advice of your host.

Beware, though, with anything other than 600, you might be giving away your scripts to every other user on the host.