Peter Evans wrote:
[Look, I'm a newbie, OK?]
We all were once.
My computer -- SuSE 8.2 (and no other OS), for exclusive use by me -- is totally unsecured. It's lucky that I don't keep my credit card numbers on it. But I do keep other numbers on it, so. . . .
Today I finally ran out of excuses for not using chmod (or similar). Rather than attempting to make some sweeping change, and therefore perhaps messing up in grand style, I wandered down close to a few minor twigs of a directory tree of stuff (XyWrite and text files, mostly) imported from my old 'Doze system, and typed
chmod -v -R 600 *
I quickly discovered the mistake there: a subdirectory has to be executable. Thus I had to follow up with
chmod 700 subdirectoryname
The Linux guides I've looked at -- quite a pile of them! -- are keen to explain how to use chmod for this or that file, but don't talk explicitly about trees that may include thousands of files. None of the stuff in this tree is for the eyes of anyone other than me and my good friend Mr Root. I can't see anything wrong with going to the top and typing
chmod -R 700 *
but I find something aesthetically (?) displeasing about "executable" text files.
Well, I've started by going to /home and, since I'm "peter", typing
chmod 700 peter
Is that enough? (I doubt it.) If not, what's the recommended procedure?
Well what I would do, if you want to remove all permissions for group and others, is to use the ability of the chmod(1) command to add/remove permissions. In your particular example I would do something like: $ cd $ chmod -R go-rwx . What that means is do a recursive chmod from the current directory (.) downwards, applying the rule 'go-rwx'. This rule tells chmod to remove r, w and x permissions for group and others, but leaving those of the user untouched. This also means that executables do not end up non-executable, or ordinary text files ending up as executable. Here's two files: -rw-r--r-- 1 bruce users 0 Jul 15 11:05 jink -rwxrwxr-x 1 bruce users 0 Jul 15 11:05 jonk Now run the command: $ chmod go-rwx jink jonk The files are now: -rw------- 1 bruce users 0 Jul 15 11:05 jink -rwx------ 1 bruce users 0 Jul 15 11:05 jonk Think this is what you need. Cheers, -Bruce