The commands mentioned in this module work together to control who can access which file and how. Assuming delenn is the user owner of triluminary, the following allows delenn every permission, but makes sure no one else has any access:
Normally, the group owner and user owner of a file are the same. However, it is also possible for the two to differ. For instance, if we decide that every member in greycouncil should have read access to triluminary, then we need to first change the group ownership as follows:
This alone does not permit members of greycouncil to do anything, as the permissions assigned to the group owner is “nothing” at this point. In order to permit the group owner greycouncil to read this file, the following command is also necessary:
At this point, the “others” have no access to triluminary: no read, no write and no execute permissions. However, depending on the permission of the directory containing triluminary, other users may know about the existence of triluminary. To make sure that other people do not even know about the existence of triluminary, the following command is necessary:
The command assumes that we are in the same folder that contains triluminary. Let’s assume the file is in ~delenn (the home directory of the user ~delenn).
If “other” has read access to the directory, then ls ~delenn will reveal the existence of triluminary. If “other” has execute (traverse) access to the directory, then ls ~delenn/triluminary will still confirm the existence of the file. That’s why both read and execute (traverse) permissions must be removed from the containing directory.