There are some considerations about unix that many new users are
not aware of.  Coupled with the obscure nature of unix commands, this
can cause troubles.
     Unix allows three levels of access to your files on your account,
this applies to others on the same machine.  Others on other machines
in general don't have any access at all.
     There three levels of access are,
     1) User   (that's you).
     2) Group  (that's you and a group that you can assign)
     3) Others (that's everyone else on the machine)
     There are three KINDS of access that a file may have,
     1.) Read          (r - means person can read it.)
     2.) Write         (w-  means person can write to it, or erase it)
     3.) Execute/Enter (x - means person can run or enter it.)
     Thus users, groups and others can be assigned various
combinations of read, write and execute access to your files.
     Some systems only allow read write access to the owner, but they
allow read access to everyone.

     The default permissions depend on the system you are using and
what your system administrator has set for system wide defaults.
     Some files, like mail files, by default are more protected, but
in general anyone wandering around in your directories may be able to
find unprotected files, such as .letter or .article that are created
with the default protections which are used to send private mail and
post news.
     Further files that you simply create yourself with your editor,
are created with the default protections.  Particularly files you down
load or upload or ftp to your account.
     First thing you should do is check the protections that currently
exist on your files.  This is done using the following command.
     ls -al   (list all files in long format, like DOS DIR command)
     This will produce an output similar to the following.
drwx--x--x 20 homer        1536 Sep 30 01:53 .
drwx--x--x190 root         3584 Jul 20 11:04 ..
-rw-------  1 homer        6665 Sep 26 23:16 .addressbook
-rw-------  1 homer        1526 Sep 26 03:02 .alias
-rw-r-----  1 homer         449 Sep 28 12:32 .article
-rw-------  1 homer          77 Sep 30 01:50 .cshrc
-rw-------  1 homer        3882 Oct 13  1993 .emacs
-rw-------  1 homer         956 Sep 26 09:02 .login
-rw-------  1 homer        9637 May 29 00:30 .mailrc
-rw-------  1 homer      121278 Sep 30 01:42 .newsrc
-rw-------  1 homer      121230 Sep 30 01:41 .oldnewsrc
-rw----r--  1 homer         406 Sep  2 02:05 .plan
drwxr-x---  3 homer         512 Sep 29 09:47 News
-rw-r--r--  1 homer           0 Sep 30 01:53 junk.script
drwxr-x---  2 homer        1024 Sep 30 01:52 mail
-rw-------  1 homer        1612 Sep 30 01:52
     The left hand column are your protections, and we will go into
them in detail in a minute.  The right hand column are the file or
directory names.
drwx--x--x  20 homer        1536 Sep 30 01:53 .
drwx--x--x 190 root         3584 Jul 20 11:04 ..
     Notice that the first line has a file name of '.', that refers to
the present directory whatever it is, and '..' which refers to the next
directory out.  Very similar to dos.
     Now the first thing you need to do is take a look at the first
two lines of output.
drwx--x--x  20 homer        1536 Sep 30 01:53 .
drwx--x--x 190 root         3584 Jul 20 11:04 ..
     This says that the present directory '.' is owned by homer, and the
next directory out is owned by root, which is the system.  This happens
to be a listing of my main directory so of course the next directory out
is the system's, but if I had done this listing from inside my mail
directory, then the next directory out would be THIS directory and so of
course would also be owned by homer.
     Now the protections.
drwx--x--x  20 homer        1536 Sep 30 01:53 .
    The protections are split into 4 fields.
     d  rwx  --x  --x
         u    g    o
     It's important to be able to visually parse them, or they won't
make any sense to you.  The first 'd' means this is a directory rather
than a file or a link to a directory or a file.  If it had been a link
it would have been a 'l', and for a file its just a dash '-'.
     The next three characters (rwx) are the user protections.  This
means that the user, you, can read (list out the contents of) the
directory, write to the directory (create new files in the directory)
and enter the directory with the cd command (x means enter for
directories, rather than execute.)
INDIVIDUAL PROTECTIONS.  It does mean however that someone with read
access to your directory can LIST the directory using the ls -al command
or others and find out what your files are named, even if they can't
read the files themselves.

     Remember that a directory is essentially a file itself, a special
file that lists all the normal files in that directory.  The directory
permissions then apply to that special directory file only and not to
any of the files listed in the directory.
     Thus having read permission on a directory means you can read the
special directory file, namely see the directory listing.  It does NOT
mean you can read any file listed in the directory.

     Having write permission on a directory means you can change the
special directory file, mainly by adding new files to it.  It does not
mean you can write to any file already in the directory.
     Showing it again...
     drwx--x--x  20 homer        1536 Sep 30 01:53 .
     d  rwx  --x  --x
         u    g    o
     The next three characters (--x) are the group protections.  You can
assign others on your machine to be part of your 'work group'.  This
allows many people in a group to access directories and files, but not
necessarily write them or erase them.  The --x means in this case that
my group can enter the directory.  If I had wanted them to be
able to list the directory too, I would have used r-x.
     Notice if you can enter but not a list a directory, you
won't be able to know what is in the directory, unless you already
do, in which case you can read, write, or execute those files according
to THEIR permissions.

     d  rwx  --x  --x
         u    g    o
     Clearly the next three character (--x) are the protections for
everyone else on the system (others) and are the same for the group.
This might seem a problem that just anyone can enter my directories, and
perhaps it is, but it is actually necessary for various unix functions
of socialability to work properly such as the .plan file discussed
     In general your home directory should have permissions as set out
here, and will by default in most cases.
     Your home directory should look like this:
drwx--x--x  20 homer        1536 Sep 30 01:53 .

     This gives entrance permissions to everyone, but they can't list
your directory contents nor add files to it.
     Now let's take a look at two different files in my directory.
-rw-r-----  1 homer         449 Sep 28 12:32 .article
-rw-r--r--  1 homer           0 Sep 30 01:53 junk.script
     These parse to
     -  rw-  r-- ---    .article
     -  rw-  r-- r--    junk.script
         u    g   o
     The first dash in the line means simply that both are files and not
directories nor links to files or directories.
     The rw- means I have read and write access to both files.  Niether
are executable so there is no need for the 'x' permission.
     The second group of r-- means that my group has read only
permission, but not write or execute permission.  So they can read
them but not change, erase or run them.
     -  rw-  r-- ---    .article
     -  rw-  r-- r--    junk.script
     The third group however is very interesting.  The first one for
.article (---) means others have no permission at all on that file.
This is secure.
     However on junk.script the r-- means others have READ permission!
Now I created junk.script just for this posting, to prove that indeed
the default protections are as I say they are, and there is the proof.
     This is system dependent.  You can check your system out by
using the following:

     echo "hello there" > junk.script
     ls -al junk.script

     Those of you who are new to unix, if you do an ls -al | more on
your home directory, you will notice a number of files that allow read
access to others in this way, and this is the security breach that we
want to fix in this posting.
     There are two steps to fixing this security breach.
     1.) Change the defaults so that all new files created don't grant
nothing to no one outside yourself.
     2.) Fix the files that have already been created with the wrong
security protections.
     The first change is simple.  Most of you are using csh as your main
shell.  You need to edit your .cshrc file (notice the period) and add
one line to the top of the file.
     You do this by typing,
     pico .cshrc (spell it right!)
     Then add
     umask 066
     as the first line of the file, maybe after all the #'s comments.

     Then sign off and on again, and check your results by using
the 'umask' command.  It should say 66.
     The umask command is too complex to explain, I don't think even
the people who wrote it understand it, but it does set your default
file creation protections to rw- --- ---.  You get read/write,
and everyone else gets squat.  The reason you don't want your group
to get read permissions, is because EVERYONE BELONGS TO THE SAME
GROUP at first!  This group is usually named 'users' or 'other'.

     You can find out what default groups you belong to using the
'groups' command, and you can find out what group all your files are
grouped under with the "ls -alg" command.  It will usually be 'users' or
'other'.  (Don't confuse this 'other' with the 'others' permissions we
have been talking about which are permission restraints on everyone else
in the world.

     If your group name is OTHER, then the group permissions
pertain to everyone else in the world, but only if they are in the
OTHER group also.

     The OTHER permissions apply to everyone else in the world that is
NOT in any same group as you.

     Few if any unix systems create an other group any more, its too
confusing so you probably don't have to worry about this, unless YOU
create an OTHER group and explicitly put users in it!  So don't.

     Once you learn enough to create a special closed group for a
limited number of people, then you can set your file's ownership to you
and that group only, and enable read or write permissions on those files
for that group.  Until then leave your file group permissions closed
(---) and your directory group permissions to entrance only (--x), and
leave yourself in the group called USERS.
     When you get more advanced you can create the group with the
same name as your username and put yourself in it, then the group
permisssons don't matter because they only apply to you anyhow.

     Now fixing the other files that have already been miscreated is
more difficult, even dangerous.  I remember locking my self out of my
own home directory the first time I played around with this.
     The safest way is to do each one individually by hand.  I would
simply erase .article and .letter and dead.* and then the next time they
are created they will have the proper protections because of the new
umask 066.  But any other files will have to be changed by hand if they
are important to you, like your .addressbook etc.
     One can change an individual file with,
     chmod o-rwx
     This means change mode of for others (o) to minus rwx,
that means take away all read, write and execute permissions.
     Remember your directories should look like,
     d rwx --x --x
     but files should look like
     - rw- --- ---
     Those of you who are adventurous and have LOTS of files with the
wrong protections can do a global change, but I can't guarantee that
there won't be strange aftermaths because this effects directories
inside your main directory too.  It shouldn't matter, except if your
system needs some kind of special 'others' protection for your inner
     chmod o-rwx *            Remember this is for mad men
     chmod o-rwx .*           only.!
     chmod o+rx  .
     The first command takes away rwx on all files AND DIRECTORIES
except files and directories starting with a period like .article.
     The second command does the same for .* files, but ALSO does it
to '.' which is your present directory.
     The third command gives rx back to your home directory or what
ever directory you are in.
     OK coming up is your .plan file.