it has come to my attention that there may be some confusion about the security of our file system, and I'd like to try to clear it up.
file (and directory) security under UNIX has three components: user, group and world. the user permissions are the ones extended to the owner of a file; group permissions to those who are in the same group as the file; and world permissions are for everyone else. the permissions are read (r), write (w) and execute (x). so this file
-rw-rw-r-- 1 ndd wheel 2700 Mar 1 09:59 martial-arts-list
is owned by me, and is in the group 'wheel'. I have permission to read and write the file, as does anyone in the wheel group; everyone else only has read permissions. the other thing that affects the ability to read/write a file are the permissions on the directory in which it is located. if a file would normally grant me permission to write it, but the directory doesn't give me that permission, then I won't be able to write it.
the current setup for the EEL is that everyone is in the group exp, and the default mode for files and directories allows group write permission. this means that anyone can change another user's files. this is a deliberate policy choice to allow maximum flexibility for people who are working together. obviously, it makes each of us vulnerable to mistakes and the ill will of others.
so, basically, our file security rests on 3 things: good use of RCS to save important file versions, backups (which do the same thing), and *caution* on the part of our fellow users.
we have always suggested that you NOT change the permissions on files, with the exception of private things like correspondence, because changing permissions can impend our progress in the lab. if, however, you very strongly feel that certain files or directories need protection from your fellow users, you can change the permissions on them with the chmod command. however, it will make it more difficult to get assistance with problems in those areas.
obviously, it is critically important that you exercise good judgement *whenever* you are in someone else's directory. you have the ability to cause a lot of damage with a careless or thoughtless action. if you don't know what you are doing, don't do it. if you need help, please see Ned, or Pat; don't just bull ahead. also, with all due respect, it probably isn't wise to take the advice of lab personnel whose jobs aren't in the computer field, as they may not have the whole picture. in a related matter, I would like to point out that it is lab policy that your account is to be used ONLY by you. under NO circumstances should you EVER give another person your password. if someone has a need to get on our system, they should get permission and be given their own account. it is very important that we know who is doing what on our machines.
there may be circumstances when you might let someone use your account for a brief period of time, but I would strongly suggest that you only do that when you are there directly supervising them.