You got it pretty much mixed up.
ugo
ugo is user
, group
and other
- not owner
. Owner is the user, usually holding the most rights.
GROUP permissions would affect what a PHP or other script running on the server could do
Group permissions don't affect what can be done (read, write, execute), but who can do it. The same for the user:
USER (sometimes called PUBLIC?) permissions would affect what a UA of a web site visitor can do
The user is the owner, but o
is used for other
, which is what you call public. And again - it is who can do, not what can be done.
You can use the abbrevations ugo
when using chmod
, which is more easy than the numerical codes:
chmod ug+w sample1
chmod go-r sample2
chmod g=w sample3
- sample1: add write permissions to user and group
- sample2: remove read permissions from group and others
- sample3: set group permissions to write
Every file is owned by a user and a group. See them with ls -l
. Example:
ls -l /var
insgesamt 12
drwxr-xr-x 2 root root 592 2012-01-12 08:02 backups
drwxr-xr-x 28 root root 776 2011-08-18 05:12 cache
drwxrwxrwt 2 root root 48 2010-06-22 01:46 crash
drwxr-xr-x 2 root root 3704 2010-06-05 22:01 games
drwxr-xr-x 84 root root 2296 2011-10-16 13:25 lib
drwxrwsr-x 2 root staff 48 2007-10-08 12:47 local
drwxrwxrwt 3 root root 80 2012-01-19 08:03 lock
drwxr-xr-x 22 root root 5992 2012-01-19 08:01 log
drwxrwsrwt 2 root mail 72 2012-01-18 07:56 mail
A part of the listing of /var. Most directories (d...) belong to root.root which is as well an user, as a group. However, mail and stuff are groups, which aren't identical with the user.
update (after the update of the question):
If I want to allow my PHP script that run on the server the permission to write to a file, would that permission be specified in USER, GROUP or OTHER? If I want to deny a website visitor's browser to see the contents of a directory, would that permission be specified in the dir's USER, GROUP or OTHER?
Well - it is not the permission of a script to do this or that. It is always the permission of the user who runs the script.
To run a script, the user must be able to read it, which means, it is read from disk to put it into memory, to execute it. You can't execute it, without reading it.
To write to a file, the user has to have the permission to write to a directory - not the script or program.
If the program, writing to a directory, is a server, it is typically not started from an anonymous user in the web, but from a special user like 'www'.