We use cookies to ensure that we give you the best experience on our website. You can change your cookie settings at any time. Otherwise, we'll assume you're OK to continue.

Computing and Information Services

Sharing and protecting files

Files on Unix systems | WWW pages | Sharing files on PCs | FTP | Passwords

Security of the Unix file system

On Unix, you can control who is able to read (and write to) your files, who can execute programs stored in your filespace, and who can search your directories for files. You should always check that the access permissions (known as file modes) which are set on your files and directories are as you wish them to be. For example, do not give write permission unless absolutely necessary. For privacy, you should not give read permission to your files, or read and search permission to your directories. If there is a file called .netrc in your home directory, its file mode should be set so that members of your group and all other users are allowed no access (not even read access).

For details of how to ascertain the file mode of a file or a directory, or how to change it please see Permitting Files on Unix or type help permitting.files when logged on to Unix.

WWW pages

Certain files have to be made accessible to everyone. For example, WWW pages (and their associated graphics, video and audio files) will only display if you make them readable to everyone. In addition, the directories in which these pages are stored (from your home directory down) must be searchable. If you create your files on a PC and transfer them to Unix using the ftp program, the correct permissions will be set automatically. However, you will still need to logon to Unix to change the access permissions on your home directory and on your public_html directory. See the CIS pages on WWW publishing in Durham for further information.

Strictly speaking your WWW pages will be accessible as long as the directories that hold them are searchable (i.e. the directories themselves do not have to be readable). Many people prefer therefore to give only search access to the directories. However, if the directories are also readable, then the contents of the directory can be viewed by the web browser, and if a page fails to load because of a typing error in the filename part of the URL it is relatively easy to select the correct page from the list of available files.

Sharing files on PC systems

The Windows 95 and Windows 98 operating systems give you the ability to share files and printers. If your office PC is connected to the network, you can potentially share files with all other PCs which are visible to you on the network (normally those machines in the same department or building who are on the same segment of the University's network).

By default the general mechanism to share files and printers is disabled and therefore if you wish to share resources, you will have to enable the facility. Once enabled you can then allow access to specific file folders. Access can be read only or read/write, and both types of access may be set to be password dependent; this password is specific to each folder and each mode of access and does not (and should not) have any relation to any general password for the PC. To repeat, once enabled, that file folder can be accessed by any PC in the 'network neighbourhood'. Except in very exceptional circumstances you should never give read/write access to your files without at least requiring a password; read-access without a password should only be given to files that you deliberately wish to make available to anybody.

Sharing of files is only available for those files on your local disk. Files which are on the general Networked PC service file-servers cannot be shared and can only be accessed by the owner. This may be the case with files on other Departmental file-servers.

Files transferred by FTP

If you have used the ftp program to transfer files from your PC to your Unix filespace, these files will have read access permission set for 'the world'. If you wish to restrict access to these files, you should log on to Unix and use the chmod program to change the file mode of the files. (See Permitting files on Unix for further information.)