Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Using Your HP Workstation > Chapter 18 Making Your System Secure

Protecting Your Files and Directories
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Three classes of users can access files and directories: owner, group, and other. For each of these classes of users, there are three types of access permissions: read, write, and execute.

Who Has Access?  The three classes of users are:

  • Owner — Usually the person who created the file.

  • Group — Several users that have been grouped together by the system administrator. For example, the members of a department might belong to the same group.

  • Other — All other users on the system.

What Kind of Access?  The access permissions on a file or directory specify how it can be accessed by the owner, group, and other user classes.

Table 18-1 A Comparison of Permissions for Directories and Files

Permission Means This For a Directory Means This For a File

read (r)

Users can view names of files and directories in that directory. Users can view the contents of the file.

write (w)

Users can create, rename, or remove files or directories contained in that directory. Users can change the contents of the file.

execute (x)

Users can view the contents of files within the directory, and run commands, scripts, and programs within that directory. Users can execute (run) the file (if it is an executable file or script) by typing the filename at the command line prompt.

 

You should always be aware of the permissions assigned to your files and directories. Check your files and directories periodically to make sure appropriate permissions are assigned. If you find any unfamiliar files in your directories, report them to the system administrator or security officer.

Always carefully consider the permissions you allow on your files and directories. Give others access to them only when you have good reason to do so (if you are working on a group project, for example, your group may need access to certain files or directories).

Using the ll Command to Display Access Permissions

The ll (long listing) command displays the following information:

  • Whether the item is a file or directory.

  • The access permissions for each of the three classes of users (owner, group, and other).

  • Number of links.

  • Name of the owner.

  • Name of the group.

  • Size in bytes.

  • Date and time of last modification. If the time of last modification was more than six months ago, the year is substituted for the hour and minute of the modification time.

Displaying File Permissions

To see the permissions, owner name, and group name on myfile, for example, type the following: 

   ll myfile

When you press Enter, you should see something like this: 

   -rw-r--r--   1  leslie  users  154   Nov 4 10:18  myfile

       |             |       |     |     |             |

   permissions     owner   group  size  date       file name

The first dash on the left indicates that myfile is a file (if myfile were a directory, you would see a d in place of the dash).

Here is a closer view with all permissions indicated (note that the permissions are in sets of three): 

    rwx   rwx   rwx

     |     |     |

   owner group other

If a permission is not allowed, a dash appears in place of the letter. In the example above (-rw-r--r--), owner (leslie) has read and write permission (rw-); group (users) and other have only read permission (r--).

Displaying Directory Permissions

To display permissions showing owner, group, and other for a specific directory, use the ll command with the -d option.

For example, to see the permissions on the projects directory below the current directory, type the following:

   ll -d projects

   Follow thell command with a -d and the directory name.

When you press Enter, you should see something like this:

   drwxr-x---  1  leslie  users      1032 Nov  28 12:38 projects

The first character (d) in the long listing above indicates that projects is a directory. The next nine positions (three sets of three) indicate the read (r), write (w), and search (x) permissions for owner, group, and other.

If a permission is not allowed, a dash appears in place of the letter. Here is a closer view with all positions indicated:

         d        rwx     rwx     rwx

         |         |       |       |

     directory   owner   group   other

Then, in the original example above (drwxr-x---):

The owner (leslie) has read, write, and search permission (rwx); group (users) has read and search permission (r-x); other has no access (---) to the projects directory.

Guidelines for Access to Sensitive Files

Make sure that permissions assigned to sensitive files and directories are appropriate. Here are some general suggestions:

  • Only you should be able to write to your home directory.

  • Only you should be able to write to the files used to customize your home environment, for example, .login and .profile (.profile is discussed in Chapter 16 “Using Your Shell”, in this manual, and in the Shells: User's Guide).

  • Only you (and the pseudo-group "mail", assigned to the mailer) should be able to write to your mailfile /var/mail/username.

For More Information ...

To learn more about the ll command, see the ll(1) reference in the HP-UX Reference.

For information on access control lists (ACLs), which allow finer control of access to files, see acl(5) in the HP-UX Reference and the System Administration Tasks.



Choosing a Secure Password
  		 


Changing File or Directory Ownership  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© © 1983-1995 Hewlett-Packard Development Company, L.P.