Introduction to File Ownership and Security
Tutorial on File and Directory Permissions
Who Will Own a New File?
Setting an Exact umask
Group Permissions in a Directory with the setgid Bit
Protecting Files with the Sticky Bit
Using chmod to Change File Permission
The Handy chmod = Operator
Protect Important Files: Make Them Unwritable
cx, cw, c-w: Quick File Permission Changes
A Loophole: Modifying Files Without Write Access
A Directory that People Can Access but Can't List
Groups and Group Ownership
Add Users to a Group to Deny Permission
Copying Permissions with cpmod
Ways of Improving the Security of crypt
Clear Your Terminal for Security, to Stop Burn-in
Shell Scripts Must be Readable and (Usually) Executable
Why Can't You Change File Ownership Under BSD UNIX?
How to Change File Ownership Without chown
The su Command Isn't Just for the Superuser
Because UNIX is a multiuser system, you need some way of protecting users from one another: you don't want other users to look at the wrong files and find out compromising information about you, or raise their salaries, or something equivalently antisocial. Even if you're on a single-user system, file ownership still has value: it can often protect you from making mistakes, like deleting important executables.
In this chapter, we'll describe how file ownership works: who owns files, how to change ownership, how to specify which kinds of file access are allowed, and so on. We'll also discuss some other ways to prevent people from "prying," like encryption and clearing your screen.
In my opinion, most security breaches arise from mistakes that could easily have been avoided: someone discovers that anyone can read the boss's email, including the messages to his bookie. Once you've read this chapter, you'll understand how to avoid the common mistakes and protect yourself from most intruders.