With the discussion of DOT files should come a few notes about
ls -l command is given, (the long listing) the security
settings, so to speak, are visible for each file.
For example, giving the
ls -l command in a user's home
directory might give output similar to the following:
% ls -l total 347 -rwxr--r-- 1 author users 2540 Jan 5 20:30 appenda1.tex.gz -rwxr--r-- 1 author users 67043 Jan 2 20:53 bourne.tex -rwxr--r-- 1 author users 86011 Feb 23 19:33 cshell.tex -rwxr--r-- 1 author users 82476 Feb 23 18:46 cshell.tex~ -rwxr--r-- 1 author users 11142 Jan 3 12:58 introduction.tex drwx------ 2 author users 1024 Jan 12 21:31 mail drwxr-xr-x 2 author users 1024 Feb 12 21:04 scripts drwxr-xr-x 2 author users 1024 Jan 14 18:50 bin
The string on the left side of each listing gives the security attributes as well as the file type attribute. The above example shows that there are three directories (denoted by the d in the first place of the attribute string) and five regular files (denoted by dash's -'s). The remaining nine characters in the string represent the security attributes (or more correctly, permissions) for each file and directory. The directory settings will be left for discussion in a more appropriate text, as they are not as straight forward as the regular file permission settings. Each permission string contains nine characters which are actually three sets of three related settings which are broken down as follows:
USER GROUP OTHER - - - - - - - - - r w x r w x r w x
The three sets are the USER set, which corresponds to the user who
owns the file, the GROUP set, which corresponds to group ownership of
the file, and the OTHER set which corresponds to any other user on the
Displaying the files in a directory with the long listing command
ls -l (
ls -lg on SunOS) the user and group owners will
In the above example, the user author owns all of the files and the
files are all owned by the users group.
Each of the three groups has a read (
r), write (
If a dash (
-) is resent in the string it means that permissions
for that action are not given.
In the example all of the files are readable by everyone, but only the
owner, author, can write or execute (which means nothing in this case)
To learn about changing the owner or group ownership of a file (or
directory) the Unix commands
chgrp can be
More importantly, to change the permissions, the
can be used.
This command takes the form:
% chmod [options] filename
For the particular option the
man pages can be examined.
For example adding write permission to all users in the group users
for the TeX files would look like this:
% chmod g+w *.tex
This would not necessarily be a good idea as now any user in the users
group could alter or even delete the TeX files.
The point of this book is clearly not Unix security, but the point of
these permissions becomes of great importance with DOT files used by
If the permissions were set such that any user could write to the
.cshrc file, they could alter it in any way
If this user wanted to cause damage (say delete all of the files in
this user's directory), all they would have to do is add the line
rm -rf *
While most users are clearly not that mallicious, some are. Another point to keep in mind is that if group ownership is given to a file, group members can also be given write access to a DOT file. There is no situation where another person needs to have write access to another user's DOT files and thus dot files should have permission settings similar to the following:
-rwxr--r-- 1 jblow users 86011 Feb 23 19:33 .cshrc -rwxr--r-- 1 jblow users 86011 Feb 23 19:33 .login -rwxr--r-- 1 jblow users 86011 Feb 23 19:33 .logout
This will prevent anything bad from happening (at least due to unsafe permission settings).