We have made numerous mentions of file permissions, showing how they control read, write, and execute access to files and directories. By careful choice of file permissions, you can, and should, control who can access your files.
The most important tool for access control is the umask command, since
it limits the permissions assigned to all files that you subsequently
create. Normally, you pick a default value and set it in the file that
your shell reads on startup:
$HOME/.profile for sh-like shells (see Section 14.7). System managers
usually pick a umask setting in a
corresponding system-wide startup file, when the shell supports one. In
a collaborative research environment, you might choose a mask value of
022, removing write access for group and other. In a student
environment, a mask of 077 might be more appropriate, eliminating all
access except for the file owner (and
When nondefault permissions are likely to be required, shell scripts should issue an explicit umask command near the beginning, and before any files are created. However, such a setting does not affect files that are redirected on the command line, since they are already open when the script starts.
The second most important tool is the chmod command: learn it well. Even in a permissive environment where read access is granted to everyone, there are still files and directories that must be more restricted. These include mail files, web browser history and cache, ...