File security

Follow the guidelines below when you are creating, copying, and moving files. The list also includes security tips related to your startup scripts.

• When you create a file or directory, your umask determines the permissions given to the file or directory. For information about umask(C) see ``Setting the default permissions for a new file''. Newly created files and directories should only be accessible by you (the owner) or the group. If you wish to share files with other users, change the permissions on those files individually.
  

• When you use cp(C) to copy an SUID file owned by someone else, the SUID bit is reset. (This is a security precaution.) Note that when you execute a SUID file, it has access to all your files and directories.

• When you use cp to copy a file so as to create a new file, the new file takes the permissions of the original file. Remember to check the permissions of the new file and, if necessary, change them using the chmod(C) command.

• Remember that temporary directories are world-readable.

• Use ls(C) to check the permissions on your shell, mailer, startup files, and home directory. If the files can be read and modified by other users, change the permissions using chmod so that only you have access to them. If the directory can be executed by other users, those users can cd to it; if the directory can be written to by other users, they can remove files within it. Change the permissions on your home directory so that only you have write or execute permissions on it.

• Make certain that sensitive files are not publicly readable.