You may not want to give all users permission to read a file. If you only want to give permission to other people in the file’s group, you can use the g+r syntax instead:
juicy.gossip
The only files that I’ve paid attention to the security on were personnel files when I was a manager. I don’t restrict file permissions much. However, I have been known to label a sensitive memo with a misleading or obscure name. No sense in leaving a file around labelled juicy.gossip. | ||
| --Linda Lamb | ||
% chmod g+r filename
Instead of giving permission to all users (a), you are giving permission to just the group (g). Similarly, you can give write permission to others in the group with g+w:
% chmod g+w filename
and both read and write permission with g+rw:
% chmod g+rw filename
For example, suppose my coworker Mike wants to edit a file of mine called updates. I can let him do this by giving read and write permission to the world with chmod a+r, but it’s safer to give permission only to members of the file’s group, if you can.
If I run ls -lg on updates, I’ll see that it belongs to the group prod, but is read/write only to the owner, lmui (me).
% ls -lg updates
-rw------ 1 lmui prod 249 Oct 25 09:24 updatesI can check that Mike belongs to the prod group by using the groups command:
% groups mike mike : ora prod
So I don’t have to give read and write permission to the entire world, just to the group:
% chmod g+rw updates
Now Mike and other users in the group prod can read and write the file.
Get WYNTK: UNIX System Admininistrator now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
