Why doesn’t FTP “SITE CHMOD” let me remove write permission from my own files?

The FTP protocol includes a command called “SITE CHMOD” that allows you to change the “permissions” of your files.

In theory, it’s possible to use this command to remove all “write permissions”, including your own, using something like SITE CHMOD 444 filename. This would make it impossible even for you to modify your own files.

However, this usually causes more problems than it solves:

  • The problem is that it makes strange error messages appear when you try to change or replace a file in the future.
  • But there’s no actual security benefit to doing this, because any process you’re trying to stop from writing to the file can simply use “chmod” to add the write permission anyway (because it’s being run under your own user ID).

Because of that, the FTP server software we use doesn’t remove your own write permission from a file when you use “SITE CHMOD” from an FTP program. You can do it using chmod u-w filename from the shell if you really want to.