This page is based on the text of an e-mail regarding file permissions that was sent out to C.S. computer account holders during May 2017.
Some of our computer system users may not be aware of the level of accessibility to others of their files and data in our Unix / Linux filesystems. This includes project and administrative areas as well as home directories.
Below are a few brief notes on how to tighten or loosen access to your files. Here, we're using your home directory for the example, but this can be extended to other areas where you maintain files on our departmental file servers. We've also prepared a webpage that goes into a little more detail, see below.
Common unix permissions allow anyone to look around in most of your directories, and read many of your files, with the exception of 'mail' and a few others. If you are fine with or desire these permissions, then from a terminal window, you could set this with this command:
chmod u=rwx,go=rx ~
or equivalently:
chmod 755 ~
'chmod' (change mode) is the command for changing file permissions. So, the above gives the owner (User) all permissions, and gives Group and Others read and execute (directory access) permissions, where '~' is shorthand for your home directory. Every file has a user (owner) and a group, and a separate set of permissions correspond to each of User, Group, and Others (anyone else).
If you want to completely block access to your home directory (except for yourself, of course), you could use:
chmod u=rwx,go= ~
or equivalently:
chmod 700 ~
But, those permissions will also block any webserver access to your personal webpages in ~/public_html/.
If you want to restrict most access, but still allow enough pass-through so that, for instance, the webserver can still reach your personal webpages,
chmod go=x ~
or equivalently:
chmod 711 ~
Similarly, you would want to make sure your web directory was accessible, for example:
chmod go=x ~/public_html
or perhaps
chmod go=rx ~/public_html
For typical, recommended permissions on your e-mail directory (usually ~/mail), you would type:
chmod go= ~/mail
or equivalently:
chmod 700 ~/mail
which, again, gives you (the User/owner) full access to your mail directory and its contents, but completely blocks Group and Other.
If you would like for all files and directories you create to have more restrictive permissions by default, please talk to the Lab Staff about changing your 'umask' (file mode creation mask).
For more information on 'chmod' and other commands, please view the online reference manual pages. From your Unix / Linux terminal window, use the 'man' (manual) command. For example, type:
man chmod
For more details and additional links, visit File Permissions. Please contact the CS Lab Staff with any questions or if you would like some help.