# Who can read your files (file permissions)

## Default Settings

• New accounts are set up so that all files you create on the Maths system are private and unreadable by anyone else.
• Old accounts may be set up differently and may even have a subdirectory called "private" which is not actually private.
• Remember that the University's guidelines on Use and Misuse of Computing Facilities state under Confidentiality that:
It is particularly important to note that the fact that information
may be readable (or even alterable) does not in itself imply
permission for it to be read.... browsing through file spaces is not
generally permitted.


This page summarises the commands to type for the most common privacy requirements. We have a separate page which goes into more detail about what the commands mean and discusses the options to use when a group of people are working on the same file. However one thing is useful to know to put the following commands in context.

There are three sets of people: you, your "Unix group", and everyone else on the system (User, Group and Other for short). Setting a file's permissions means specifying what each of these groups of people may do with the file: they may or may not be allowed to read it, write it or execute it.

## Making files public

Type umask. The output "22" or "022" means that any new files you create will be world-readable, the output "77" or "077" means that they will be private. (This is a three-digit octal number indicating what each of the above mentioned groups of people may not do with the file.)

If your current settings are not what you want, add the line umask 022 to the end of your .bashrc file (or .cshrc for csh/tcsh users) to make all your new files public.

To make a directory and everything in it readable by all other Maths users, type

chmod -R go+rX my_directory


CAUTION: Don't do this for your home directory if you store any email in there.

## Making files private

As above, add a umask command to your .bashrc or .cshrc to make all your new files private. The command for this is umask 077.

To ensure that your private directory exists and is actually private, do this. (For the chmod command the three-digit octal number indicates what the User, Group and Other may do with the file. Here the user can do everything and everyone else can do nothing.)

cd
mkdir -p private
chmod 700 private


For maximum privacy while still making your web pages accessible:

chmod -R go-rwx ~/*
mkdir -p ~/public_html
chmod 711 ~ ~/public_html
chmod -R a+rX ~/public_html/*