[X-Unix] Stupid Mac OS X question (?)
Albert Lunde
atlunde at panix.com
Tue Feb 10 22:12:35 PST 2004
At 10:32 PM -0500 2/10/04, Stephen Jonke wrote:
>Or maybe just a stupid idea. Is there anything wrong with doing this:
>
> sudo chmod -R go-rwx ~/*
>
>I.e. I want to block out access of others to everything in my home
>folder, but will doing this break anything in the system? Are there
>files that must be readable by group and/or other?
I wouldn't do it if I were you. I can't cite a specific example other
than public_html (as someone else noted) that needs access, but it's
irrevesible unless you've kept careful track of permissions, and it's
over-kill.
You can get the same protective effect, with less risk, by typing:
ls -ld $HOME
chmod 700 $HOME
This changes just the home directory, not its children, but it still
denies group and other access, and is easier to reverse, if you note
the output of the ls command.
You don't need to use sudo, you own your home directory.
(Using a wildcard ("*") together with -R would also be somewhat redundant.)
If you were running Apache httpd with public_html user directories,
and wanted similar protection, I'd use mode 711 on the home
directory, mode 700 on its other immediate children (not recursive),
and mode 755 on public_html. Mode 711 is also what I'd try next if
something breaks.
(The implications of mode 711 is that other userids can open files if
they use the exact path, but they can't list files. This is
consistent with more or less permissive permissions on specific
subdirectories,)
Don't do anything like this on a special account whose $HOME is "/".
--
Albert Lunde Albert-Lunde at northwestern.edu
atlunde at panix.com (new address for personal mail)
Albert-Lunde at nwu.edu (old address)
More information about the X-Unix
mailing list