ch22_01.htm

the unix power tools

<HTML
><!--Distributed by F --><HEAD
><TITLE
>[Chapter 22] File Security, Ownership, and Sharing</TITLE
><META
NAME="DC.title"
CONTENT="UNIX Power Tools"><META
NAME="DC.creator"
CONTENT="Jerry Peek, Tim O'Reilly &amp; Mike Loukides"><META
NAME="DC.publisher"
CONTENT="O'Reilly &amp; Associates, Inc."><META
NAME="DC.date"
CONTENT="1998-08-04T21:40:20Z"><META
NAME="DC.type"
CONTENT="Text.Monograph"><META
NAME="DC.format"
CONTENT="text/html"
SCHEME="MIME"><META
NAME="DC.source"
CONTENT="1-56592-260-3"
SCHEME="ISBN"><META
NAME="DC.language"
CONTENT="en-US"><META
NAME="generator"
CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"><LINK
REV="made"
HREF="mailto:online-books@oreilly.com"
TITLE="Online Books Comments"><LINK
REL="up"
HREF="part03.htm"
TITLE="III. Working with the Filesystem "><LINK
REL="prev"
HREF="ch21_14.htm"
TITLE="21.14 Automatically Appending the Date to a Filename "><LINK
REL="next"
HREF="ch22_02.htm"
TITLE="22.2 Tutorial on File and Directory Permissions "></HEAD
><BODY
BGCOLOR="#FFFFFF"
TEXT="#000000"
><DIV
CLASS="htmlnav"
><H1
><IMG
SRC="gifs/smbanner.gif"
ALT="UNIX Power Tools"
USEMAP="#srchmap"
BORDER="0"></H1
><MAP
NAME="srchmap"
><AREA
SHAPE="RECT"
COORDS="0,0,466,58"
HREF="index.htm"
ALT="UNIX Power Tools"><AREA
SHAPE="RECT"
COORDS="467,0,514,18"
HREF="jobjects/fsearch.htm"
ALT="Search this book"></MAP
><TABLE
WIDTH="515"
BORDER="0"
CELLSPACING="0"
CELLPADDING="0"
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="172"
><A
CLASS="SECT1"
HREF="ch21_14.htm"
TITLE="21.14 Automatically Appending the Date to a Filename "
><IMG
SRC="gifs/txtpreva.gif"
SRC="gifs/txtpreva.gif"
ALT="Previous: 21.14 Automatically Appending the Date to a Filename "
BORDER="0"></A
></TD
><TD
ALIGN="CENTER"
VALIGN="TOP"
WIDTH="171"
><B
><FONT
FACE="ARIEL,HELVETICA,HELV,SANSERIF"
SIZE="-1"
>Chapter 22</FONT
></B
></TD
><TD
ALIGN="RIGHT"
VALIGN="TOP"
WIDTH="172"
><A
CLASS="SECT1"
HREF="ch22_02.htm"
TITLE="22.2 Tutorial on File and Directory Permissions "
><IMG
SRC="gifs/txtnexta.gif"
SRC="gifs/txtnexta.gif"
ALT="Next: 22.2 Tutorial on File and Directory Permissions "
BORDER="0"></A
></TD
></TR
></TABLE
>&nbsp;<HR
ALIGN="LEFT"
WIDTH="515"
TITLE="footer"></DIV
><DIV
CLASS="CHAPTER"
><H1
CLASS="chapter"
><A
CLASS="title"
NAME="UPT-CHP-22"
>22. File Security, Ownership, and Sharing</A
></H1
><DIV
CLASS="htmltoc"
><P
><B
>Contents:</B
><BR><A
CLASS="sect1"
HREF="#UPT-ART-5010"
TITLE="22.1 Introduction to File Ownership and Security "
>Introduction to File Ownership and Security </A
><BR><A
CLASS="sect1"
HREF="ch22_02.htm"
TITLE="22.2 Tutorial on File and Directory Permissions "
>Tutorial on File and Directory Permissions </A
><BR><A
CLASS="sect1"
HREF="ch22_03.htm"
TITLE="22.3 Who Will Own a New File? "
>Who Will Own a New File? </A
><BR><A
CLASS="sect1"
HREF="ch22_04.htm"
TITLE="22.4 Setting an Exact umask "
>Setting an Exact umask </A
><BR><A
CLASS="sect1"
HREF="ch22_05.htm"
TITLE="22.5 Group Permissions in a Directory with the setgid Bit "
>Group Permissions in a Directory with the setgid Bit </A
><BR><A
CLASS="sect1"
HREF="ch22_06.htm"
TITLE="22.6 Protecting Files with the Sticky Bit "
>Protecting Files with the Sticky Bit </A
><BR><A
CLASS="sect1"
HREF="ch22_07.htm"
TITLE="22.7 Using chmod to Change File Permission "
>Using chmod to Change File Permission </A
><BR><A
CLASS="sect1"
HREF="ch22_08.htm"
TITLE="22.8 The Handy chmod = Operator "
>The Handy chmod = Operator </A
><BR><A
CLASS="sect1"
HREF="ch22_09.htm"
TITLE="22.9 Protect Important Files: Make Them Unwritable "
>Protect Important Files: Make Them Unwritable </A
><BR><A
CLASS="sect1"
HREF="ch22_10.htm"
TITLE="22.10 cx, cw, c-w: Quick File Permission Changes "
>cx, cw, c-w: Quick File Permission Changes </A
><BR><A
CLASS="sect1"
HREF="ch22_11.htm"
TITLE="22.11 A Loophole: Modifying Files Without Write Access"
>A Loophole: Modifying Files Without Write Access</A
><BR><A
CLASS="sect1"
HREF="ch22_12.htm"
TITLE="22.12 A Directory that People Can Access but Can't List "
>A Directory that People Can Access but Can't List </A
><BR><A
CLASS="sect1"
HREF="ch22_13.htm"
TITLE="22.13 Groups and Group Ownership "
>Groups and Group Ownership </A
><BR><A
CLASS="sect1"
HREF="ch22_14.htm"
TITLE="22.14 Add Users to a Group to Deny Permission "
>Add Users to a Group to Deny Permission </A
><BR><A
CLASS="sect1"
HREF="ch22_15.htm"
TITLE="22.15 Juggling Permissions "
>Juggling Permissions </A
><BR><A
CLASS="sect1"
HREF="ch22_16.htm"
TITLE="22.16 Copying Permissions with cpmod "
>Copying Permissions with cpmod </A
><BR><A
CLASS="sect1"
HREF="ch22_17.htm"
TITLE="22.17 Ways of Improving the Security of crypt "
>Ways of Improving the Security of crypt </A
><BR><A
CLASS="sect1"
HREF="ch22_18.htm"
TITLE="22.18 Clear Your Terminal for Security, to Stop Burn-in "
>Clear Your Terminal for Security, to Stop Burn-in </A
><BR><A
CLASS="sect1"
HREF="ch22_19.htm"
TITLE="22.19 Shell Scripts Must be Readable and (Usually) Executable"
>Shell Scripts Must be Readable and (Usually) Executable</A
><BR><A
CLASS="sect1"
HREF="ch22_20.htm"
TITLE="22.20 Why Can't You Change File Ownership Under BSD UNIX?"
>Why Can't You Change File Ownership Under BSD UNIX?</A
><BR><A
CLASS="sect1"
HREF="ch22_21.htm"
TITLE="22.21 How to Change File Ownership Without chown"
>How to Change File Ownership Without chown</A
><BR><A
CLASS="sect1"
HREF="ch22_22.htm"
TITLE="22.22 The su Command Isn't Just for the Superuser "
>The su Command Isn't Just for the Superuser </A
></P
><P
></P
></DIV
><DIV
CLASS="sect1"
><H2
CLASS="sect1"
><A
CLASS="title"
NAME="UPT-ART-5010"
>22.1 Introduction to File Ownership and Security </A
></H2
><P
CLASS="para"
>Because UNIX is a multiuser system, you need some way of protecting
users from one another: you don't want other users to look at the wrong
files and find out compromising information about you, or raise
their salaries, or something equivalently antisocial.
Even if
you're on a single-user system, file ownership still has value: it
can often protect you from making mistakes, like deleting important
executables.</P
><P
CLASS="para"
>In this chapter, we'll describe how file ownership works: who owns
files, how to change ownership, how to specify which kinds of file
access are allowed, and so on.
We'll also discuss some other
ways to prevent people from &quot;prying,&quot; like encryption and clearing
your screen.</P
><P
CLASS="para"
>In my opinion, most security breaches arise from
mistakes that could easily have been avoided: someone discovers that
<EM
CLASS="emphasis"
>anyone</EM
> can read the boss's email, including the messages to his
bookie.
Once you've read this chapter, you'll understand how to avoid
the common mistakes and protect yourself from most intruders.</P
><DIV
CLASS="sect1info"
><P
CLASS="SECT1INFO"
>- <SPAN
CLASS="authorinitials"
>ML</SPAN
></P
></DIV
></DIV
></DIV
><DIV
CLASS="htmlnav"
><P
></P
><HR
ALIGN="LEFT"
WIDTH="515"
TITLE="footer"><TABLE
WIDTH="515"
BORDER="0"
CELLSPACING="0"
CELLPADDING="0"
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="172"
><A
CLASS="SECT1"
HREF="ch21_14.htm"
TITLE="21.14 Automatically Appending the Date to a Filename "
><IMG
SRC="gifs/txtpreva.gif"
SRC="gifs/txtpreva.gif"
ALT="Previous: 21.14 Automatically Appending the Date to a Filename "
BORDER="0"></A
></TD
><TD
ALIGN="CENTER"
VALIGN="TOP"
WIDTH="171"
><A
CLASS="book"
HREF="index.htm"
TITLE="UNIX Power Tools"
><IMG
SRC="gifs/txthome.gif"
SRC="gifs/txthome.gif"
ALT="UNIX Power Tools"
BORDER="0"></A
></TD
><TD
ALIGN="RIGHT"
VALIGN="TOP"
WIDTH="172"
><A
CLASS="SECT1"
HREF="ch22_02.htm"
TITLE="22.2 Tutorial on File and Directory Permissions "
><IMG
SRC="gifs/txtnexta.gif"
SRC="gifs/txtnexta.gif"
ALT="Next: 22.2 Tutorial on File and Directory Permissions "
BORDER="0"></A
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="172"
>21.14 Automatically Appending the Date to a Filename </TD
><TD
ALIGN="CENTER"
VALIGN="TOP"
WIDTH="171"
><A
CLASS="index"
HREF="index/idx_0.htm"
TITLE="Book Index"
><IMG
SRC="gifs/index.gif"
SRC="gifs/index.gif"
ALT="Book Index"
BORDER="0"></A
></TD
><TD
ALIGN="RIGHT"
VALIGN="TOP"
WIDTH="172"
>22.2 Tutorial on File and Directory Permissions </TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="515"
TITLE="footer"><IMG
SRC="gifs/smnavbar.gif"
SRC="gifs/smnavbar.gif"
USEMAP="#map"
BORDER="0"
ALT="The UNIX CD Bookshelf Navigation"><MAP
NAME="map"
><AREA
SHAPE="RECT"
COORDS="0,0,73,21"
HREF="../index.htm"
ALT="The UNIX CD Bookshelf"><AREA
SHAPE="RECT"
COORDS="74,0,163,21"
HREF="index.htm"
ALT="UNIX Power Tools"><AREA
SHAPE="RECT"
COORDS="164,0,257,21"
HREF="../unixnut/index.htm"
ALT="UNIX in a Nutshell"><AREA
SHAPE="RECT"
COORDS="258,0,321,21"
HREF="../vi/index.htm"
ALT="Learning the vi Editor"><AREA
SHAPE="RECT"
COORDS="322,0,378,21"
HREF="../sedawk/index.htm"
ALT="sed &amp; awk"><AREA
SHAPE="RECT"
COORDS="379,0,438,21"
HREF="../ksh/index.htm"
ALT="Learning the Korn Shell"><AREA
SHAPE="RECT"
COORDS="439,0,514,21"
HREF="../lrnunix/index.htm"
ALT="Learning the UNIX Operating System"></MAP
></DIV
></BODY
></HTML
>