• Departments
  • UNH IT Org Chart
  • Academic Technology
  • Client Services
  • Enterprise Computing
  • Finance & Planning
  • Information Technology Security & Preparedness
  • Project Management Office
  • Strategic Technology
• Signals
• UNH IT Guide
• Blackboard
  • Blackboard Help and Information
  • Blackboard System Data Policies
  • Blackboard Upgrade
  • Courses/Training
  • Documentation
  • Go To Blackboard
  • Logging In / Password Reset
  • Module Request
  • Organization Requests
  • Plagiarism
  • Reporting a Problem
• Email
  • Directed Communication
  • Directories
  • Getting An Account
  • Mailing Lists
  • Microsoft Lync
  • Outlook Exchange
  • Outlook Web Access
  • WildcatsMail (student email)
• Equipment
  • Classrooms
  • Computer Service Center
  • Equipment Reservations Request
  • Phones
  • Public Computing Clusters
  • Safe Electronic Equipment Disposal Program
  • UNH Computer Store
  • Video Conferencing
• Network
  • Custom Secure Networks
  • Internet
  • On Campus
  • Security
  • Videoconferencing
  • Wide Area (NH)
  • WiFi Wireless
• Software
  • Download Software
  • Help
  • Training
  • UNH Computer Store
  • Virus Protection
  • VPN
• Support
  • Accounts
  • Audiovisual
  • Banner
  • Blackboard
  • Business Service Center
  • Change Password
  • Computer Service Center
  • Document Imaging
  • Information regarding Java Vulnerabilities at UNH
  • IT Service Desk
  • IT Support Center
  • Mobile Devices and Applications
  • Questions for UNH IT
  • SharePoint
  • Training
  • Software & Hardware Guide
  • UNH IT Guide
  • Web Pages
  • WEBI
• Telephones
  • Authorization Codes
  • Directories
  • Making Calls at UNH
  • Repair
  • Services & Rates
  • Telecom Account Access
  • Telecom Account Manager
  • Voicemail

Sharing Information With Others

Introduction

This document describes how to share information with other people on the CIS Unix systems or elsewhere in the world. In this document, we'll assume such information is in one or more Unix files; these files can be mail folders, program source code, arbitrary data files, or just stuff you've typed into an editor or transferred from a PC.

You might want to share executable programs as well. (For example, you might have written a program that you want others to run.) This is relatively rare, but it's not hard. Most of this document assumes that's not what you want; check the last section on program-sharing for what you need to do differently.

Please note: this is risky business. The default setup for new Unix accounts (if you don't do anything) disallows ``sharing'' altogether. Modifying this setup, if done incorrectly, can result in other people having access to information you don't want them to have, including the ability to read, change, or delete it. And therefore it's important to point out that you bear the responsibility for such changes, not the University of New Hampshire, nor the Information Technology department, nor (most importantly) the author of this document.

Disclaimer: There are a number of ways to do this stuff, and a number of different things you can do, and we will only describe relatively few of them. If you would like to propose something be added or changed to this document, hey, I'm not married to it: send me (pas@unh.edu) e-mail with your brutal honesty.

Prerequisites

There are a few things you need to know in order to set up access to your files. Obviously, you need to know (rather precisely) which files you want to share and where they'll reside in your home directory structure.

But in addition, you need to have answers to the following questions:

• Do you want others to be able to
  • just read your files, or
  • be able to write those files as well?
• Are the people you want to access the files:
  • all local users (i.e., with UNH Unix accounts), or
  • people at other Internet sites as well?
• Furthermore, do you want to:
  • restrict access to a known group of people, or
  • or allow general access to just about anyone?

Our nomenclature in the rest of this document, will use the following shorthand for your answers:

• read-only versus read-write access;
• local versus Internet access;
• group versus general access.

Restrictions and Recommendations

Now that you know what kind of access you want, let's start with the easy cases. Namely, what you can't or shouldn't do:

• We don't allow Internet users to have read-write access to any part of your your home directory tree at all.
• Generally, Internet users may have read access to your files only via the World Wide Web (http) protocol.
• We don't allow Internet users to run your programs on our machines.
• We don't allow other users to have read-write access to your top-level home directory, even if they're restricted to a small group. If you must allow read-write access to others, confine it to a subdirectory in your home directory tree.
• Also, we (generally) insist that the files in your home directory tree be owned by you. Typically, we're notified automatically when a file owned by another user appears in your directory, and we (again, typically) change its ownership to yours. This shouldn't be a major problem, but contact a system administrator if you think it might be one.
• Finally, it's probably not useful to give general write permission to any file or directory under your control; this allows any of our thousands of users to change or delete information therein. We won't describe how to do this here, but if you're smart enough to figure out how to do it, you should also be able to figure out that this is a bad idea.

Document Conventions

In the following discussion, we'll assume the following in giving Unix command examples:

• The user setting up the file-sharing has the Unix login name joe.
• The file to be shared is named file.dat.
• For local access, the directory named share, in joe's home directory is where the shared file will reside.

You'll want to substitute the appropriate names for your own situation, of course.

Local Access

This section assumes you want to share your files with local users, people with accounts on the CIS Unix systems. As described above, there are two cases: (1) granting general access to everyone and (2) restricting access to only a specified group of users.

Local General Access

To allow all other Unix users to read a file you've prepared, take the following steps:

1. Create a directory in which the shared file will reside:

   % mkdir $HOME/share
   

2. Make both this directory and your home directory world-readable:

   % chmod 755 $HOME $HOME/share
   

3. Move the file to be shared into this directory:

   % mv file.dat $HOME/share
   

4. Finally, make the file world-readable in its new location:

   % chmod 644 $HOME/share/file.dat
   

People logged into the Unix systems will now be able to access your file via the name ~joe/share/file.dat. For example, they could display it on their terminal screen with the command:

% more ~joe/share/file.dat

(Remember, of course, that this path uses our example names: in your case, you must substitute your own login ID, directory name, and filename, as appropriate).

Note that giving your home directory world-readable permissions makes the names of the files in your home directory readable by others. The files themselves won't be readable unless you specifically grant read-permission. But if you have some files with embarassing names, you might want to (a) rename them, (b) delete them, or (c) create a subdirectory without world-read permission and move the files in there.

Now: suppose you want other people to be able to ``drop'' files in your share directory. This is unusual, and risky, but conceivably useful. You can give all local users read-write access to the share directory with the commands:

% chmod 755 $HOME
% chmod 1777 $HOME/share

This allows other users to create and delete their own files in your share directory, but not to delete files owned by others. You can delete any file in your own directory.

Other users can then ``drop'' files on you with a command like:

% cp file.dat ~joe/share
% chmod 644 ~joe/share/file.dat

The second command is necessary to allow you, and others, to read the file. Note that if it remains in your directory, the file will almost certainly wind up being owned by you within a day or so.

Local Group Access

If you want to restrict access to a (relatively) small number of local users, the system administrators will set up a Unix group for you. Send e-mail to sysman@cisunix.unh.edu containing the following information:

• the purpose of the group;
• a proposed name of the group (a short, single word not in current use);
• the login names of the people you want in the group (including yourself);
• an expiration date for the group (optional).

You'll be notified when the group is in operation. In what follows we'll assume we've named this group ourgroup; you'll want to make the appropriate substitution when you do this yourself.

To allow other members of the group to read a file you've prepared, take the following steps:

1. Create a directory in which the shared file will reside:

   % mkdir $HOME/share
   

2. Make this directory owned by the group and give it group-readable permissions:

   % chgrp ourgroup $HOME/share
   

3. If you want the group to have read-only access to the files in this directory, use:

   % chmod 750 $HOME/share
   

   But if you want the other group members to have read-write access, use this instead:

   % chmod 1770 $HOME/share
   

   This will allow them to create files in this directory, but not to delete others' files. (However, they will be able to, if given permission, modify others' files.)

4. You also have to give at least group ownership and group-readable permissions to your home directory:

   % chgrp ourgroup $HOME
   % chmod 750 $HOME
   

   However, if you've previously made your home directory world readable for some other reason (for example, to set up a web page), this step isn't necessary, and probably undesirable.
5. Move the file to be shared into the shared subdirectory:

   % mv file.dat $HOME/share
   

6. Finally, for read-only access make the file group-readable in its new location:

   % chgrp ourgroup $HOME/share/file.dat
   % chmod 640 $HOME/share/file.dat
   

   To give group members read-write access to this file, use 660 instead of 640:

   % chmod 660 $HOME/share/file.dat
   

Your fellow group members logged into the Unix systems will now be able to access your file via the name ~joe/share/file.dat. For example, they could display it on their terminal screen with the command:

% more ~joe/share/file.dat

If you've given them read-write access, they'll be able to (for example) edit the file. Note carefully: You'll have to devise your own safeguards against two or more people modifying the file at the same time; the results can be unexpected at best, disastrous at worst.

Internet Access

As mentioned above, if you want to share information with users elsewhere on the Internet (or, more exactly, users without accounts on the UNH Unix systems), you need to make the files available to our Web server. There are two cases: general access, and group access.

General Internet Access via the World Wide Web

This case is covered in detail in the web page http://pubpages.unh.edu/notes/pubpages_basics.html. It describes how you can set up your own ``home page'' and has pointers to documents describing the HTML language, etc. You can share any file with other people on the Web using this scheme; having your own home page is only a special case.

For the simplest case, however: if our user joe wants (only) to make file.dat available to the Whole Wide World, the steps are much simpler and don't require knowing HTML; in fact, except for the fact that the ``sharing'' directory must be named public_html, they are pretty much identical to those used to grant general read-only access to local users.

1. Create the public_html subdirectory directory within the top-level home directory if it doesn't already exist:

   % mkdir $HOME/public_html
   

2. Make both the public_html directory and the home directory world-readable:

   % chmod 755 $HOME $HOME/public_html
   

3. Move the file to be shared into the public_html directory:

   % mv file.dat $HOME/public_html
   

4. Finally, make the file world-readable in its new location:

   % chmod 644 $HOME/public_html/file.dat
   

People elsewhere (and also at UNH) can now access the file via the URL http://pubpages.unh.edu/~joe/file.dat (remember, of course, that this URL uses our example names: in your case, you must substitute your own login ID and filename, as appropriate).

Group Internet Access via the World Wide Web

The pubpages web server software (NSCA httpd) allows you (among other things) to password-protect a section of your Web page so that only those on the Internet who know the password will be able to ``see'' that section. For complete documentation on the server's security features, you'll want to check the URL http://hoohoo.ncsa.uiuc.edu/docs/tutorials/user.html. We won't attempt to duplicate that information here.

You should note, however, that your web documents need to be world-readable (to all local users) in order for them to be served up to the outside world at all. Therefore, relying on password-protection to prevent people from reading your documents is problematic at best.

Program Sharing

For programs you want others to be able to run locally, the main difference is that you add either group or group/world execute bits to the file's mode. To be specific, assume you want to share the program myprog with the group ourgroup. Commands are:

% chgrp ourgroup myprog
% chmod 750 myprog

For general access:

% chmod 755 myprog

You also need to grant less-restrictive permissions to the directory where the program file resides (and all your directories ``up'' from there, up to and including your home directory, if any). The commands for that are the same as in the previous sections.

---

Page Maintenance:

Paul A. Sand <pas@unh.edu>

Last modified: 2012-05-08 7:35 AM EDT
[W3C Validator]