On Wed, 16 Dec 2009, John Jason Jordan wrote: > So I am planning to do: > > # cd /home/jjj/ > # chmod 644 * > > I think that will make every file and folder in /home/jjj/ -rw-rw----.
Close, but no nicotine gum. Continued below ... > First, will that command accomplish what I want? No. > Second, there are a handful of files that are executable; will that > command make those files no longer executable? Yes. > Third, does what I intend to do make sense for a standalone desktop > computer in a house occupied by only one person? (Other than connecting > occasionally at places like PSU or Free Geek, the only outside connection > is through a router to Comcast cable.) Anything makes sense if it does what you want. Quick review. There are three categories of users: the file's owner, the file's group, and everyone else. From left-to-right in the view when you do a long file listing of a directory are three characters for the file's owner, three characters for the file's group, and three characters for 'other'; that is, neither owning the file or belonging to the group that does. You can have accounts as jjj and jxj, and have both belong to a base group called 'users' (or whatever your distribution uses). No other user on your system (at the keyboard or logging in remotely) will have access to any files unless you explicitly provide that permission. For each class (owner (u), group (g), other (o)) there are three permissions: read (r), write (w), and execute (x). Each class represents 1 byte (7 bits). So, read permission is worth 4 bits (50 cents), write permission is worth 2 bits (yes, a quarter), and execute permission is worth 1 bit. These values are additive. You can express permissions in two ways: by character or by digit. If you want to give the user and group both read and write permissions, and everyone else read-only permission you add the appropriate bits. For the user 4+2, for the group 4+2, for the world (other) 4. This means you describe the permissions in chmod as 664. What you have above, 644, means the file's owner has read/write priviledges, everyone else has read-only priviledges. To add execute permissions, add 1 to each value. For a shell script (or other executable binary) you probably want default permissions of 755. That is, the user can read/write/execute, group members can read/execute, and so can other users. You're better off setting your security with firewall rules and restrictions on ssh logins; permissions have a lot more protective value if your laptop acted as a server and had a bunch of different users in /etc/passwd and /etc/shadow who could log into it. As a rule of thumb, make default permissions 664 for regular files and 755 for executables. HTH, Rich _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
