I will attempt to answer question 4. Someone more knowledgeable can always correct me if I am mistaken. rwx only for the owner and nobody else should be the general guideline. However, 1. If you want people to be able to go to your public_html directory and load up your index.html file to start their browsing, then your home directory and your public_html must have x permission for all. Same idea for the sub-directories. As well, files which you want others to be able to read should have r permission for all. There is no need to give r permissions to directories, unless you absolutely need to display a listing of all your files in a certain directory. Of course, you could also create such a listing yourself in an html file. Purists seem to think that giving r permissions to a directory in a http situation is a security risk. In fact, there are web servers that won't allow directory listing at all. One can always experiment to see what works and what doesn't. 2. It was thought by some that in order for .forward to work properly one would need it be world readable, i.e r permission for all. However, my .forward was only readable by owner only and it still worked. I just checked my .forward and I see that it has r permission for all, so I guess Barkley must have ran a script to add r permissions to everybody's .forward, just in case there is a problem. Making .forward readable by all is not such a big deal unless mail is being forwarded to some exotic places. The other mail files do not need to be rwx by g (group) or o (others). Only rwx by owner. Barkley might have already ran a script to make sure your mail files/directory are only rwx by owner only. One can use chmod go-rwx to remove permissions and chmod go+rwx to add. Details can be found using man chmod. There are various combinations one can use. 3. hidden files like .cshrc do not need to be readable by anyone else beside owner. As you can see from parts 1 and 2, nothing in your home directory need to be r or w or x by anyone else other than owner. The only exception are files in your public_html directory and your home directory should be executible i.e. x permission, by all as was explained in part 1. You can use umask 077 in your .cshrc file to make sure the proper permission, i.e. rwx by owner only, is set whenever you create files. Just make sure you are indeed running tcsh or csh. Some people have a .profile which may change their default shell to something else.