Protecting and Sharing Files
Mac OS X makes it easy for users on the same system to share files and directories. For instance, everyone in a group can read documents stored in one of their manager’s directories without needing to make their own copies, if the manager has allowed access. There might be no need to fill peoples’ email inboxes with file attachments if everyone can access those files directly through the Unix filesystem.
Here’s a brief introduction to file security and sharing. If you have critical security needs, or you just want more information, talk to your system staff or see an up-to-date book on Unix security such as Practical Unix and Internet Security (O’Reilly).
Note that any Admin user can use the sudo command (see Section 2.3, later in this chapter) to do anything to any file at any time, no matter what its permissions are. So, access permissions won’t keep your private information safe from everyone — although let’s hope that you can trust the other folks who share your Macintosh!
Directory Access Permissions
A directory’s access permissions help to control access to the files and subdirectories in that directory:
If a directory has read permission, a user can run
lsto see what’s in the directory and use wildcards to match files in it.
A directory that has write permission allows users to add, rename, and delete files in the directory.
To access a directory (that is, to read or write the files in the directory or to run the files if they’re programs) ...