Preventing other users from reading your files

Unix Help

Every Unix file and directory has associated with it permissions for who can read it, write to it and execute it. The ls -l command displays the permissions. ( see Displaying Directory Contents ).

To change permissions use the chmod command. There are two different systax forms for the chmod command.

The first syntax is: chmod xxx filename The xxx is a three digit number where the first digit sets the permissions of the file owner the second sets the permissions of the file group and the last sets the permissions of all other users. Each digit is made up of the sum of the following:

 read     4
 write    2
 execute  1

For example suppose we execute the following Unix command:

 ls -l somefile

The results of the command look like this:

 -rwxr--r-- 4 someowner somegroup 512 Aug 9 15:34 somefile

This is a file on which the owner someowner has read write and execute permission and members of the group somegroup and other users have read permissions, so anyone one can read it but only the owner can write to it or execute it. To set this file so that only the owner can read it, and members of the group somegroup and other users have no permissions we use the following Unix command:

 chmod 700 somefile

The first digit (for the owner is: 4 (read) + 2 (write) + 1 (execute) = 7; The next digit (for the group is: 0 (read) + 0 (execute) = 0; The final digit (for all other users) is also 0

If we repeat the ls -l somefile command after the chmod 700 somefile com mand is executed, we get the following result:

 -rwx------ 4 someowner somegroup 512 Aug 9 15:34 somefile

The second syntax is: chmod mode file1 file2 ...

chmod -R mode dir
Changes permisions on all files in dir

In this systax mode can be any of the following settings:

 u  user (owner)
 g  group
 o  other
  
 +  add permission
 -  remove permission

 r  read
 w  write
 x  execute

Example: chmod go-rwx public.html
removes read, write, and execute permissions for group and other for the file public.html.

See the man pages for more information about the chmod command.