Hosting & Domaining Forum

Imagine your web hosting account as a grand medieval castle. This castle contains many chambers, passages, and treasures, just as your hosting contains your website's files, scripts, and databases. But to keep the kingdom safe and functioning, not everyone can have access to every room - this is where File Permissions come into play.

(https://linuxcommand.org/images/file_permissions.png)

The Three Types of Castle Dwellers

• The Owner (user) - The king or queen of the castle, usually you, the website owner.
  
• The Group - The knights or council members who have their selective permissions.
  
• The Public (others) - The common folk, or in web hosting terms, the general public.
  

Like the castle's doors, file permissions control who can 'Open' (read), 'Change' (write), or 'Pass Through' (execute) each file or directory.

Understanding the Permission Codes

• Read (r) - Like being able to read a scroll, 'r' allows content to be viewed and read.
  
• Write (w) - Similar to being granted a quill to edit a decree, 'w' permits modifications.
  
• Execute (x) - 'x' is like allowing someone to pass through a gate or utilize a weapon.
  

To set these permissions, the castle uses an octal system (like a combination to a lock). There are three numbers, one for each type of dweller: owner, group, and public.

Numeric Permission:
Owner | Group | Public
  4    |   2   |    1
(r)    | (w)   |   (x)

Examples of Permission Combinations

• A chamber where only the king can enter and touch the contents: 700. No one but the owner has any permission.
  
• A council room where the knights can plan strategies (read/write): 770. The owner and group can read and write, but not the public.
  
• A public marketplace where all can enter, but only merchants can set up shop (read/execute): 755. Everyone can read and execute, but only the owner can write.
  

To change the permission locks, the king or queen can use the magical spell known as chmod (change mode).

chmod 755 marketplace
This spell ensures that the marketplace (or in real terms, your file or directory) has the appropriate access level.


Once upon a time, in the same vast castle of web hosting, there were special scrolls known as Scripts. These scripts were not ordinary messages; they were magical formulas that, when executed, performed wondrous tasks for the kingdom, from displaying the king's messages on the Grand Bulletin (a website) to managing the inventory of the royal treasury (a database).

However, like all powerful magic, these scripts needed a controlled environment — strict permissions — to safeguard against chaos, lest a rogue sorcerer tries to alter the spell for nefarious purposes.

The Sacred Rituals of Assigning Permissions

The castle had a set of rituals to govern who could perform which activities:

• The Read ritual allowed one to recite the spell on the scroll (view the file contents).
  
• The Write ritual allowed one to alter the words of the spell (modify the file).
  
• The Execute ritual allowed one to actually invoke the spell's magic (run the script or traverse the directory).
  

The Archmage, a role typically taken by the server administrator, had to decide the proper permissions to grant various users for each script using the almighty chmod enchantment.

chmod 755 script.sh

This incantation would make the script readable and executable by all, but only writable by the script's creator, the king of the hosting castle. Wise and prudent permissions ensure that the castle's magic operates smoothly and securely.

The Protective Enchantments of Directories
The tale also extends to the grand libraries of the castle - the Directories. Each directory was a room full of scrolls, and each scroll had its own permissions. Certain chambers were open to all, while others were restricted to select members of the counsel or the royal scribe alone.

To let the common folk traverse through the library corridors (directory), but not meddle with the scrolls (files), the Archmage set the directories with an execute enchantment:

chmod 755 /home/castle_library

This allowed the castle dwellers to pass through the libraries (cd into the directory), but only let them read the titles of the scrolls, not the secrets written within, unless granted by additional permissions on the scrolls themselves.

The Saga of Uploading Artefacts

Knights from distant lands (users uploading via FTP or a web interface) would sometimes need to bring artifacts (files) into the castle. The process was quite delicate and permissions on the gates of the castle (server upload settings) needed to ensure that no cursed items were brought in.

For such occasions, a spell called umask was used. This sorcery determined the default permissions of newly arrived artifacts, stripping them of any potentially malicious power upon arrival.

umask 022

This meant any new artifact brought into the kingdom would automatically be endowed with a permission setting of 755 — accessible and usable by all, but only alterable by the artifact's owner.

The Legacy of the Log Files

Lastly, the kingdom had chroniclers who maintained the Log Files — ancient scrolls that recorded every event, ranging from the grandest royal celebrations to the attempts of slippery shadows trying to infiltrate the castle walls.

These logs required strict permissions, readable only by the Archmage and the king or queen. Thus, they bestowed upon these scrolls the permission:

chmod 600 /var/log/royal_chronicles


As the days grew longer in the kingdom of web hosting, a new element came into play: the Symbolic Link, known to the common folk as "symlink". These were not actual scrolls or chambers, but magical portals that linked one area of the castle to another, creating a seemingly direct path, though the rooms were leagues apart.

These symlinks allowed dwellers to access distant chambers (files and directories) quickly, as if they were just a step away. But with this powerful magic came great danger—if not properly secured, an enemy could trick a symlink into leading somewhere forbidden.

The Conundrum of the Symlink Permissions
Indeed, the symlink itself was peculiar: it held no power over who could step through. Its permissions always appeared as lrwxrwxrwx, a deceptive guise that allowed everyone to pass. The true power lay in the destination's permissions—the final chamber at the journey's end.

ln -s /home/royal_archives /home/knight/common_room/archives_link

Thus, the wise Archmage crafted the symlinks and made certain that the destination had guards and locks set in place to prevent unwanted visitors.

The Mysteries of .htaccess - The Keeper of the Realm's Rules

Furthermore, in the kingdom's web hosting realm was another powerful tool: the [.htaccess] file, a magical tome that governed the laws of access within the confines of its directory domain. It had the power to override the Archmage's global enchantments and could provide both safety and peril in equal measures.

Having such a tome within a chamber meant that specific rules could apply, different from the rest of the castle. A powerful command it could issue was to deny entrance to any unwelcomed entities:

order deny,allow
deny from all
allow from 123.456.789.000

Here, none but the one with the specified carrier pigeon IP code could enter, an IP enchantment only granted to the most trusted of allies.

The Chronicles Continue with Ownership Transference

At times, there arose a need to transfer ownership of a scroll or treasure to another dweller of the castle. This was done through the sacred chown (change owner) ritual. The king or queen, or sometimes the Archmage, could invoke this to assign a new owner.

chown new_knight file_of_legacy

The ritual was used sparingly, for transferring ownership was a matter of great significance, imbued with responsibility and trust.

The Unseen Danger of Overly Permissive Scrolls

The kingdom also knew cautionary tales. Scrolls or chambers with permissions too loose—such as 777, which allowed anyone to do anything—were invitations to chaos. The sorcerers from the dark web lands could infiltrate, enchant, or destroy if such powers were left unchecked.

Therefore, the keepers of the web hosting kingdom always endeavored to use the most restrictive permissions necessary—a principle akin to the highest form of wisdom.



In the heart of the kingdom of web hosting, there existed a sacred band of sages known as the Timekeepers—the protectors of continuity. These sages were the guardians of the Backups, mystical echoes of the kingdom's data that could restore order should calamity strike.

The echoes were stored in enchanted crystals, safe within the Cavern of the Timekeepers, away from the meddling of mortals and the corrosion of time.

The Rituals of Duplication
The Timekeepers performed daily rituals at dawn with the cron spell, invoking the rsync incantation to duplicate the scrolls, artifacts, and the grand library's entire contents.

0 5 * * * /usr/bin/rsync -a /home/kingdom_data /mnt/backup_data

This spell bound by the cron command, activated when the twin moons aligned (5 AM server time), would synchronize the kingdom's riches with a duplicate set in the backup crystals.

The Threads of Restoration

But what use were duplicated scrolls if no one knew the art of reading them backward, the art of restoration? Thus, the Timekeepers were also skilled at reversing the flow of time for a scroll, a chamber, or even the entire castle, should the need arise.

/usr/bin/rsync -a --delete /mnt/backup_data /home/kingdom_data

With this variation of the rsync spell and the --delete clause, should a corruption occur, the echo in the crystal would overwrite the present, erasing any trace of decline or decay.

The Visionary Crystal, Snapshot

Among the Timekeepers' treasures was the Snapshot Crystal, a rare artifact allowing them to freeze a moment in time, creating a snapshot of the entire kingdom in its current state.

With the magic of the LVM (Logical Volume Manager), they could isolate a sliver of the aether, and without stopping the flow of time, secure a perfect reflection.

lvcreate --size 100G --snapshot --name kingdom_snapshot /dev/kingdom_vg/kingdom_lv

Should disaster befall the land, this crystal could be used to gaze upon the kingdom as it was, aiding the sages in putting the pieces back together.

The Aegis of Incremental and Differential Echoes

The wise Timekeepers also employed incremental and differential backups—lesser echoes that did not require the strength needed to duplicate the entire kingdom. Incremental echoes captured only the strands of time that changed daily, while differential ones, less frequent, noted all changes since the last full echo.

These lesser echoes served as spells to prevent the overburdening of the backup crystals and allowed for swift restoration of recent chronicles.


The Chronicles of Redundancy

Yet the Timekeepers knew that echoes within reach could fall prey to the same dire fate that might befall the kingdom. So, with spells of replication, they dispatched fragments of the backups to distant lands—other servers, cloud vaults, even into the physical realm as parchment scrolls.

This redundant safeguarding ensured that should the unspeakable happen, the kingdom could be reborn from ashes, elsewhere, untouched by the affliction that wrought it harm.

With the echoes of the past securely woven into the fabric of the future, the kingdom of web hosting stood resilient against the forces of chance and havoc. The tale of backups and the Timekeepers is but a chapter in the endless anthology of web hosting—and there are many other stories yet to be told.