On Wed, Jan 6, 2010 at 2:40 PM, green <greenfreedo...@gmail.com> wrote: > But he probably doesn't want all his files marked as executable.
"chmod 700 $HOME" will change only the home directory permissions, which excludes all files that are currently present. it...@testbox:~> ls -ld $HOME drwx------ 19 itsme users 4096 2009-10-13 21:38 /home/itsme it...@testbox:~> ls -l $HOME total 4512 drwx------ 2 itsme users 4096 2009-03-25 18:56 Desktop -rwxr-xr-x 1 itsme users 541 2009-10-13 20:58 freespace.pl -rw-r--r-- 1 itsme users 9214 2009-07-20 19:05 stat.txt drwxr-xr-x 3 itsme users 45 2009-11-18 14:55 tmp -rw-r--r-- 1 itsme users 210964 2009-02-18 21:26 VRTSralusPatch.tar.gz -rw-r--r-- 1 itsme users 19539 2009-07-16 18:10 xmacro-pre0.3-20000911.tar.gz -rw-r--r-- 1 itsme users 4362344 2009-07-16 18:10 xnee-3.03.tar.gz it...@testbox:~> su - Password: testbox:~ # su - otheruser testbox /home/otheruser> grep users /etc/group users:x:100:otheruser testbox /home/otheruser> less /home/itsme/freespace.pl /home/itsme/freespace.pl: Permission denied > $ umask 0077 > $ touch abc > $ ls -lh abc > -rw------- 1 user user 0 2010-01-06 16:36 abc umask 0077 will do exactly as you've shown. It will ensure all future files will be mode 600. If a file needs the execute bit, it should be set manually. Files that are included in an archive with the execute bit set will retain it upon expanding the archive. testbox /home/otheruser> exit logout testbox:~ # exit logout it...@testbox:~> umask 0077 it...@testbox:~> touch myscript.pl it...@testbox:~> ls -l myscript.pl -rw------- 1 itsme users 0 2010-01-06 18:41 myscript.pl it...@testbox:~> chmod 700 myscript.pl it...@testbox:~> ls -l myscript.pl -rwx------ 1 itsme users 0 2010-01-06 18:41 myscript.pl it...@testbox:~> tar cvjf myscript.pl.tar.bz2 myscript.pl myscript.pl it...@testbox:~> ls -l mys* -rwx------ 1 itsme users 0 2010-01-06 18:41 myscript.pl -rw------- 1 itsme users 128 2010-01-06 18:42 myscript.pl.tar.bz2 it...@testbox:~> rm myscript.pl it...@testbox:~> tar xvjf myscript.pl.tar.bz2 myscript.pl it...@testbox:~> ls -l myscript.pl -rwx------ 1 itsme users 0 2010-01-06 18:41 myscript.pl If you really want to be paranoid, you could set umask to 0277 so that all files are mode 400. > So I change my suggestion to > u=rwX,g=,o= This is an answer more suited to meet the needs of Mr. Cohen, but X is normally intended to be used with -R (recursive) so that all files that currently contain an execute bit retain that bit, and those that don't are not set to contain the execute bit. I'd simply use "chmod 700 $HOME" and call it a day. > Is that possible with numeric form (the execute bit)? Not from my research. If anyone knows, please share. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org