Because Unix is a multiuser system, you need some way of protecting users from one another: you don’t want other users to look at the wrong files and find out compromising information about you, or raise their salaries, or something equivalently antisocial. Even if you’re on a single-user system, file ownership still has value: it can often protect you from making mistakes, like deleting important executables.
In this chapter, we’ll describe how file ownership works: who owns files, how to change ownership, how to specify which kinds of file access are allowed, and so on. We’ll also discuss some other ways to prevent people from “prying,” like clearing your screen.
In my opinion, most security breaches arise from mistakes that could easily have been avoided: someone discovers that anyone can read the boss’s email, including the messages to his bookie. Once you’ve read this chapter, you’ll understand how to avoid the common mistakes and protect yourself from most intruders.
Regardless of how much you think you know about file permissions, there’s always something new to learn.
There are three basic attributes for plain file permissions: read, write, and execute. Read and write permission obviously let you read the data from a file or write new data to the file. When you have execute permission, you can use the file as a program or shell script. ...