In its most succinct form, my question is as follows:
How do I translate chmod 755 and chmod 644 Unix/Linux permissions into their NTFS/IIS equivalent.
To elaborate further on my situation...
I have WordPress hosted on a Windows/IIS platform. I'm using WSD Security as a security audit tool on the site and would like to follow its advice with regard to best practice for tightening file and folder permissions on the web server directory structure.
WSD displays current and recommended permissions in Unix/Linux format (understandably), but I would like some assistance in how to express these permissions in terms of IIS/NTFS file permissions. (Yes, hosting my site on Unix/Linux would probably be an easier option if I were starting from scratch, but that's not going to happen in the short term and I would like to ensure my existing platform is secured correctly).
Although I'm not a skilled or experienced Unix/Linux user, as I understand it, the 'chmod' format of expressing permissions consists of three digits. Each digit is the decimal expression of a 3 digit binary bit-mask representing the read, write and execute permissions for a particular security principal.
The first decimal digit represents those combined permissions for the 'user', the second represents the permissions for the 'group', and the third represents the permissions for 'other'.
I'm sure to experienced Unix/Linux people this is all very obvious. But I would like some help understanding who 'user', 'group' and 'other' are.
I assume that 'user' represents the security principal that the web server uses to access the file system on behalf of the unauthenticated anonymous user-agent. On an IIS web server is this the IUSER_<hostname> user account?
If I were to make a semi-educated guess, I would say that 'other' should be represented by the 'everyone' security principal' on IIS. Is this correct?
The one about which I have no idea at all is 'group'. What Windows/IIS security principal is the equivalent to the Unix/Linux chmod 'group' entity?
Any assistance or advice would be much appreciated.
If it is possible for a future update of the plug-in to detect IIS installations and express recommended permissions in the relevant NTFS form, this would be very helpful too.