"World Readable" Files

By default your home directory is set up so that most of the files and directories in it are created with what we call world readable permissions. This means that anyone else with a damtp account could read your files if they wanted too. The exception to this is your email files which should be readable by you alone.

All accounts created since April 2004 have:

  • A folder called public_html for putting webpages in
  • A folder called public for putting world-readably material in
  • A folder called private only accessible to the account owner
  • A folder called NOBACKUP only accessible to the account owner.
  • A mail folder readable only by the account owner
  • A folder called shared accessible to the owner and readable by anyone in the owner's group

Any files created in your homedirectory not put into one of these folders will be readable by anyone on the system.

If you don't have these folders and would like them created for you email the departmental computing helpdesk.

If you don't want to use the folders/directories provided for you, then you must take responsibility for setting the correct permissions yourself.

To turn off this default behaviour and have each file and directory you create only viewable to you, use the umask command. Type

  umask 077

To avoid having to type this command every time you log in, you can put the command into your .bashrc file (place it towards the end of the file).

While the umask command will cope with any new files and directories you create it cannot magically change the permissions on the files and directories you currently have. To do this you use gnome's permission GUI changer or the chmod command.

using gnomes GUI permissionsUsing Gnome's GUI to change permissions on files. Select the little house on your desktop labelled "username's Home" -> navigate to the file whose permission's you'd like to change or view. Right click on this file -> Select the "Permissions Tab" and then tick or untick the appropiate boxes until you have the file's permissions set the way you want.

In the diagram to the right, the file is set so that the owner can read and write to it, the owner's group can read the file and no one else on the system can see it.

Using the traditional chmod tool.

To restrict access to your homedirectory so that only you can see any files inside it (not a good idea if you have a webpage) run

  chmod go-rwx ~

A disadvantage of the above is that if you have a webpage you have now blocked anyone from viewing it. To get around this, keep your home directory world readable, but change the individual files inside it.

Change all the files inside your home directory to be readable only by you.

  chmod -R go-rwx *
  chmod -R go-rwx .*

The second line works on the hidden (dot) files.

Next make your webpages readable - persume they are in a directory called www. Then

  chmod -R a+rX public_html

will give everyone read permission to them and execute permission where nescessary, ie for the directories.

Don't forget to set permissions on any directories you have in Data or Scratch spaces. e.g. restrict access to them to just you with

  chmod -R go-rwx name-of-directory

Homedirectories are set up in this default way to facilitate sharing with the owner's permission and have been for many years.

Remember part of the university's rules for use of computers includes

 "It is particularly important to note that the fact that
  information may be readable (or even alterable) does not
  in itself imply permission for it to be read..... ,but
  browsing through file spaces is not generally permitted."

under confidentiality.

You agreed to this rule among others when you signed your "Application for DAMTP Computer Resources" form.

Please direct any further questions to the departmental computing helpdesk.

Useful Links