This document describes how to prevent other users from reading, writing and, in general, messing with your files.
cd ~ chmod go-rwx ../your_user_nameEdit ~/.bash_profile and add the line:
umask go-rwxto remove read/write/execute permissions for all users, but the file owner, for all newly created files.
2) mailer could not forward your mail specified in .forward file. Common practices: create a sub-directory, e.g. mkdir private chmod go-rwx private and put all your files there.
In Linux (and Unix in general) a file has three main groups of users associated with it: the user(u) who owns it, the group(g), and others(o). Each of these have a number of different permissions: read(r), write(w), execute(x) (or access for directories), etc. All put together allow the OS (operating system) to decide who has what type of access to a file.
Every user belongs to one or more groups and any group can have several users. All the users in a group have the same type of access to the files owned by the group.To check file permissions you can use the command:
ls -lAnd the output looks something like:
drwxrwxr-x 4 rsousa red 2048 Jan 21 14:12 tmp -rw------- 1 rsousa red 884584 Dec 27 06:47 p947_1.pdf
In the left column the first letter indicates if the file is a directory
or not. The next three letters are the permissions for the user who owns the file,
the other three for the group and the last three for others.
The third and fourth columns indicate, respectively, the file owner and group.
So p947_1.pdf can be read/written only by the user rsousa and the directory tmp can be read/written/accessed by the user rsousa and also the group red. In addition any other user can read/access the directory.
chmod ug+rw filenameThis sets(+) read(r) and write(w) permissions for the owner(u) and group(g) of filename. To remove permissions you would use a - sign instead of the +.
Basically to prevent other users from accessing your home directory (and so every file/directory beneath it) you should do:
cd ~ chmod go-rwx ../your_user_nameBeware that this might break some applications. Namely, if you have a web page set up in your home directory you have to allow everybody to read/access your home directory and all the files in the www directory. The solution in this case is to set only more restrictive permissions on a per file/directory basis:
chmod go-rwx top_secret_fileAs always if something breaks you get to keep the pieces.
It is also possible to change the default permissions for newly created files so that you don't have to change them every time. You just have to add a line to ~/.bash_profile similar to:
umask go-rwxthe default should be something you are less likely to have to change.