Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

101

102

103

104

105

106

107

108

109

110

Concerns for the User

Security Management Guide—522283-008

5-21

Altering File and Directory Permissions

If the file has an associated ACL, the above display would contain an additional “+”

sign to indicate the same:

$ ls -l myfile2

-rwxr-xr-x+ 1 PROG.WILSON PROG 102 Jul 5 10:14 myfile2

The first string of characters in the display shows the permissions assigned to the file.

The file permissions indicate that the owner, PROG.WILSON, can read, write, and

execute the file, and members of the file group and all others can read and execute the

file.

You can view the permissions assigned to your directories in a similar manner with the

ls -ld command.

You can view the access control entries assigned to a file or directory with the getacl

command.

Altering File and Directory Permissions

To limit or increase other user’s access to a file or directory, use the chmod command

to change the permission code. For example, assume that your file myfile2 contains

sensitive information that should not be available to other users. To restrict access in

this manner, use the following command to change the permissions for myfile2:

$ chmod go=--- myfile2

The chmod command specifies that the file group (g) and all others (o) are denied all

permissions.

Group Permissions

When you create a file, the file group permissions in the permission code apply to other

users who are members of your primary group. You can change the file group so that it

applies to members of another group. However, you must be a member of the group to

which you are changing the group permissions. Use the chgrp command to change

the file group.

This ability to change file groups allows you to share files selectively with other users

based on group membership. For example, suppose only you, PROG.WILSON, and

two other users are members of the group PROJMGR. By setting the file group to

apply to the PROJMGR group, you can share a file with only those users. Also

suppose each of you needs to be able to read, write, and execute the file, but all other

users must be denied all access to the file. The following sequence of commands

illustrates how you can specify this for the file myfile2:

$ ls -l myfile2

-rwx------ 1 PROG.WILSON PROG 102 Jul 6 10:18 myfile2