AG wrote: > I have created another account for someone who will need to use my > computer for a while. However, when checking this, I found that my own > files are viewable from this second account.
By default files in the home are readable but not writable. > How do I set the permissions so that the contents of my own /home/ag > account are not viewable from the new user account? $ chmod o-rwx ~/ That is 'o' for 'other' minus read-write-execute permissions. You can run that recursively if you like with 'chmod -R'. > For obvious reasons, I want to be careful about the permissions I > set so I don't lock myself out. I think that it is chown 700 > /home/ag -R but can someone please confirm that this will do what I > want before I screw things up. I commend you for asking. Using 'chown 700 /home/ag -R' would probably fail but does something completely different on two counts. One is that you want chmod not chown. 'chown 700' would try to change the ownership to user number 700, but would probably fail since only root can give away file ownership[1]. But then if you had actually used 'chmod 700' it would be bad because that hard sets the execute bit on every file! You don't want that either. Also you really have no reason to lock out your own group, it is your own group after all, so leave off the group restriction. Read up on UPG (user private groups) for more information. Using the symbolic modes is the modern way (modern as in as of around twenty years ago modern) and avoids the trap of hard setting all of the bits. I think they are easier for people to understand too. If you want to do it the old way with hard numbers then using 'find' is the way to go. And if you have messed things up then some creative find commands can repair things. Bob [1] http://www.gnu.org/software/coreutils/faq/#Why-can-only-root-chown-files_003f
signature.asc
Description: Digital signature
