You seem to understand the concept of permissions, but I think you're getting caught up on user/group/other and what those mean in various contexts.
Briefly,
- A user is an individual POSIX account
- A group is a logical grouping of multiple POSIX accounts
A file on disk has two owners. The user
owner and the group
owner. For any particular file, other
is any user account that does not match the user
nor is a member of the group
. In other words, other
is any user that is not the user owner and is not a member of the group owner.
Further, each process runs under a specific User ID (or UID), and is a member of one or more Group ID's (GID). Use the command ps -ef
(on Linux and Solaris, or ps -ej
on OS X or *BSD) to see the user executing each process. You'll see that apache and ws_ftp are also being executed by users.
When a process tries to access a file on disk the following happen:
- If the
UID
of the process matches the user
owner of the file then user
permissions are enforced.
- Else, if any
GID
s of the process match the group
owner of the file then group
permissions are enforced.
- Else
other
permissions are enforced.
To answer your questions specifically:
When I log in with WS_FTP, am I Owner?
Technically yes, because there is always an owner, but it depends on your definition of "I".
If you are logging in as a real POSIX user on the system then files you create/access will be as the user you logged in as. If you logged anonymously then the files you create/access will be that of the UID of WS FTP. This will likely be either ftp
or nobody
.
Is a web browser an Other?
The web browser is not anything because it's not being executed on the server. But the browser accesses a web server. The web server is running as some specific user (just like WS_FTP is). That user is likely www-data
, apache
or nobody
.
Do the PHP scripts themselves fall into one of these classes?
PHP scripts are executed by the scripting engine module of the web server. They will be executed as the same user running the web server.
Is there a difference between read and execute on a .php file?
Yes. Read means that the user can read the contents of the file. Execute means that the contents can be run as a full fledged process.
Since PHP scripts execute inside the scripting engine of the web server (i.e., they are part of the memory space and execution thread of the server) they do not need to be set executable.
Since I have no idea who "inetuser" is, would I be correct in not giving Group any permissions? What if this was not the case (i.e., the site's username was also used for Group - which it is on my dev site on a different host)?
inetuser
is a user account on the system, just like your account. It may also be a group. Hopefully you can answer this question yourself after reading through this.
What permissions does each kind of file/dir need under these circumstances?
Generally, you want data files to be owned by user accounts that are used by actual humans (i.e., you). In other words, your web content should not be owned by the apache user.
- User permissions should almost always be rw- for data files or rwx for directories and programs.
- Group permissions should usually be r-- for data files or r-x for directories and programs. If you want members of that group to be able to write to those files then it should be rw- and rwx.
- Other permissions should almost always be r-- for data files and r-x for directories and programs or --- if you want to deny all access.
Best Answer
The file has probably been locked using file attributes.
As root, do
Attributes
a
(append mode) ori
(immutable) present would prevent yourrm
. If they're there, thenshould delete your file.