• Calendar
• A-Z Index

• Yale home
• About Yale
• Academic programs
• Admissions
• Health & medicine
• Working at Yale
• Yale & New Haven
• Yale & the World
• Yale Tomorrow
• News

• Prospective students
• Students
• Parents
• Faculty
• Staff
• Alumni
• Foundations & corporations
• Patients
• Visitors

Find it

• About ITS
• Policies
• Feedback
• Search ITS
• ITS A-Z Index
• System Status

Setting File Permissions on Pantheon Web Sites

Since Unix is a multi-user operating system, it is possible to make your files accessible or inaccessible to others through file permissions.

File permissions are specific properties of each file in your Pantheon directory that allow or disallow users access to your files. There are three types of access that can be given:

r: Read access

Files: Ability to see the contents of the file
Directories: Ability to see the contents of the directory

w: Write access

Files: Ability to make changes to a file (including deleting it)
Directories: Ability to make changes to the contents of the directory

x: Execute access

Files: Ability to run a file (if it is a program or script)
Directories: Ability to enter the directory

These accesses can further be given to three sets of users: owner, group, and others (the world).

It is probably easiest to deal with file permissions in an FTP program such as SSH File Transfer Client or Fugu, but you can also accomplish this in the terminal. Instructions for both are given below.

Set up Permissions from a File Transfer Program

Windows: SSH Secure File Transfer Client

To see and change file permissions, right-click the file(s) in question and choose Properties. A window with the properties of the file will pop up.

To change the permissions, you can check or uncheck the appropriate boxes. For example, if you do not want Group and Other to be able to execute the file, you can uncheck those boxes. Alternately, if you know the specific number of the Permission Mask, you can type it into the Permission Mask box.

Mac OSX: Fugu

To see and change file permissions, highlight the file(s) in question. Then click the File menu and choose Get Info (or press Command-I). A window with the properties of the file will pop up.

To change the permissions, check or uncheck the appropriate boxes in the same way as in the Windows instructions, above. (Note that the Permission Mask box is named the "Octal Mode Representation" instead, but the numbers still indicate the same permissions.)

Setting Permissions from the Terminal

Unix provides a mechanism to allow or disallow other users from accessing your files and directories. This mechanism is through the command chmod.

To check the permissions on your files, run ls with the -l flag:

minerva% ls -l
drwx------  3 tang          512 Aug 17 00:29 Mail/
drwxr-xr-x  6 tang          512 Aug 12 12:04 News/
-rw-r--r--  1 tang         1032 Aug 09 11:59 dead.article
-rw-r--r--  2 tang         2113 Nov 26  1992 to-john

The first column (i.e. drwx------) is the one of interest. The first letter is a d for directories or a - for files. The next nine characters can break down into three groups of three. r, w, or x denote read, write, or execute access, as described above. They are grouped into three sets of permissions, for owner, group, and others.

For each group, any of the above types of access can be on (indicated by r, w, or x in ls -l) or off (indicated by the dash). So, "drwx------" indicates a directory that is read, write, and executable by the owner, but gives no access to group or others.

To change a file or directory's permissions, use the chmod command. The syntax is:
chmod permissions-to-change file(s)
where permissions-to-change is of the following format:

• whose permissions to change (u, g, and/or o)
• a + (add permissions) or - (take away permissions)
• what permissions to give or take away (r, w, and/or x)

Example:

minerva% chmod go-w to-john

means take away write access from group and others for the file to-john,

minerva% chmod o+rx News Mail

means give read and execute access to others for the directories News and Mail.

Making Sure Nobody Can Read Your Files

By default, other users cannot access your files on the Pantheon. However, you can make sure that this is true by doing what follows.

Close off your home directory to everyone but yourself. See the information on file permissions for more information. The following will take away all access for everyone but yourself:

minerva% chmod go-rwx ~NetID

Replace ~NetID with your own NetID . Assuming that you have no files outside your home directory, nobody but you will be able to access them. Note that if you have a web page, project file, or plan file nobody will be able to read them since your directory is not executable.

If you want to be more selective, read more in the Unix Advanced Topics.

Also note that the super user or root user always has access to all files. It is local policy not to use this ability unless warranted by an extreme situation, but on Unix systems there is always at least one user with this privilege. Nothing on the Pantheon is completely private.