\documentclass{ictlab} \RCS $Revision: 1.3 $ \usepackage{alltt,key} %\usepackage[hang,bf,nooneline]{caption2} \usepackage[flushleft]{caption2} \ifx\pdftexversion\undefined \else \usepackage[pdfpagemode=None,pdfauthor={Nick Urbanik}]{hyperref} \fi \newcommand*{\screenwidth}{0.4\textwidth} \newcommand*{\labTitle}{Tutorial: File Permissions} \renewcommand*{\subject}{Operating Systems and Systems Integration} \providecommand*{\DHCP}{\acro{DHCP}\xspace} \newlength{\chainsawwidth} \setlength{\chainsawwidth}{3cm} \includeversion{questionsonly} \begin{solution} \excludeversion{questionsonly} \end{solution} \begin{document} \section{Background} \label{sec:background} For the background information you need to answer these questions, please refer to Module~5, \emph{Basic Filesystems}, in the \emph{Linux Training} workshop notes. \section{Questions} \label{sec:questions} \begin{enumerate} \item \label{que:perms}A system administrator lists information about files in the current directory: \begin{alltt} $ \textbf{ls -l} -rw-rw-rw- 1 jimmy students 5185 Feb 17 08:18 file1.txt -rw-rw-r-- 1 jenny staff 5191 Oct 7 17:21 file2.txt -rw-r--r-- 1 jasmine jasmine 2785 Oct 15 11:58 file3.txt -rw-r----- 1 jacob students 25920 Oct 15 11:58 file4.txt -rw------- 1 julian staff 13465 Oct 15 11:58 file5.txt -r-------- 1 jacky students 736 Oct 15 11:58 file6.txt ---------- 1 jill students 179665 Oct 15 11:58 file7.txt ----r----- 1 juliet students 13840 Feb 17 08:18 file8.txt -------r-- 1 jeremy students 8418 Oct 12 2001 file9.txt \end{alltt}%$ For each file, say which user(s) has(have): \begin{enumerate} \item read access? \item write access? \item no access? \end{enumerate} \begin{solution} \begin{tabularx}{\linewidth}{@{}>{\ttfamily}lYYY@{}} \toprule% &\textbf{read} & \textbf{write} & \textbf{no access}\\ \midrule% file1.txt & all & all & none \\ file2.txt & all & \texttt{jenny}, members of group \texttt{staff} & none \\ file3.txt & all & \texttt{jasmine} & none \\ file4.txt & \texttt{jacob} and members of group \texttt{students} & \texttt{jacob} & users who are not \texttt{jacob} and who are not members of the group students \\ file5.txt & \texttt{julian} & \texttt{julian} & all users except \texttt{julian} \\ file6.txt & \texttt{jacky} & none & all users except \texttt{jacky} \\ file7.txt & none & none & all \\ file8.txt & members of \texttt{students} who are not \texttt{juliet} & none & \texttt{juliet} and users who are not members of the group \texttt{students} \\ file9.txt & users who are not \texttt{jeremy} and who are not members of the group \texttt{students} & none & \texttt{jeremy} and users who are members of the group \texttt{students}\\ \bottomrule \end{tabularx} \end{solution} \item For each of the permissions (i.e., the first column only) in question~\ref{que:perms}, write a umask value that will result in all files created by the user having the default permission shown. \begin{solution} It may seem that \texttt{umask 111} would be suitable for setting permissions as for \texttt{file1.txt}, but it would have the horrible side effect that anyone with this umask will create directories that no one can change into, and will compile programs that are not executable. So a better answer will be \texttt{umask~0}. \par\smallskip\par% \begin{tabular}[t]{@{}>{\ttfamily}l>{\ttfamily}lll>{\ttfamily}l>{\ttfamily}ll@{}} \toprule% \textbf{\textnormal{file}} & \textbf{\textnormal{permission}} & \textbf{umask} && \textbf{\textnormal{file}} & \textbf{\textnormal{permission}} & \textbf{umask} \\ \midrule% file1.txt & -rw-rw-rw- & 0 && file6.txt & -r-------- & 277 \\ file2.txt & -rw-rw-r-- & 002 && file7.txt & ---------- & 777 \\ file3.txt & -rw-r--r-- & 022 && file8.txt & ----r----- & 727 \\ file4.txt & -rw-r----- & 027 && file9.txt & -------r-- & 772 \\ file5.txt & -rw------- & 077 && & & \\ \bottomrule \end{tabular} \par\medskip\par \end{solution} \item For each of the permissions in question~\ref{que:perms}, write a \texttt{chmod} command to change the permission using~a: \begin{enumerate} \item numeric mode, \item symbolic mode. \end{enumerate} Your answer should work regardless of the permissions that existed previously. \begin{solution} \par\bigskip\par% \begin{tabularx}{\linewidth}% {@{}>{\ttfamily}l>{\ttfamily}l>{\ttfamily}Y>{\ttfamily}Y@{}} \toprule% \textnormal{\textbf{file}} & \textnormal{\textbf{permission}} & \textnormal{\textbf{numeric}} & \textnormal{\textbf{symbolic}} \\ \midrule% file1.txt & -rw-rw-rw- & chmod 666 & chmod a=rw \\ file2.txt & -rw-rw-r-- & chmod 664 & chmod a=rw,o-w \\ file3.txt & -rw-r--r-- & chmod 644 & chmod a=r,u+w \\ file4.txt & -rw-r----- & chmod 640 & chmod u=rw,g=r,o= \\ file5.txt & -rw------- & chmod 600 & chmod a=,u=rw \\ file6.txt & -r-------- & chmod 400 & chmod a=,u+r \\ file7.txt & ---------- & chmod 0 & chmod a= \\ file8.txt & ----r----- & chmod 040 & chmod a=,g+r \\ file9.txt & -------r-- & chmod 004 & chmod a=,o+r \\ \bottomrule \end{tabularx} \end{solution} \begin{questionsonly} \begin{flushright} \textbf{Questions are continued on the next page\,\ldots} \end{flushright} \clearpage \end{questionsonly} \item \label{que:directory}A directory has the following permissions: \begin{alltt} $ \textbf{ls -ld directory} drwxrwxr-x 1 jimmy students 376 Feb 17 08:18 file1.txt \end{alltt}%$ The following users are members of the following groups: \par\smallskip\par \begin{tabular}[t]{@{}lll@{}} \toprule% \textbf{user} & \textbf{primary group} & \textbf{secondary groups}\\ \midrule% jimmy & jimmy & project year2 csa \\ nicku & nicku & staff laboratory \\ andy & andy & students year2 csa \\ jenny & jenny & students year3 csa \\ \bottomrule \end{tabular} \par\medskip\par For each of the four users, \begin{enumerate} \item Can he/she create a file in the directory? \item If the user can create a file, \begin{enumerate} \item who is the owner of the file? \item which group owns the file? \item If the \texttt{umask} is 002, what are the file permissions on a file created in that directory? \item Which of the other users above can: \begin{enumerate} \item read the file? \item write to the file? \item delete the file? \end{enumerate} \end{enumerate} \end{enumerate} \begin{solution} \begin{tabularx}{\linewidth}{@{}lYYYY@{}} \toprule% &\textbf{jimmy} & \textbf{nicku} & \textbf{andy} & \textbf{jenny} \\ \midrule% can create file: & yes & no & yes & yes \\ owner of file: & jimmy & & andy & jenny \\ group: & jimmy & & andy & jenny \\ permissions: & \texttt{-rw-rx-r--} & & \texttt{-rw-rx-r--} & \texttt{-rw-rx-r--}\\ users can read: & all & & all & all \\ users can write: & none & & none & none \\ users can delete: & andy, jenny & & jimmy, jenny & jimmy, andy \\ \bottomrule% \end{tabularx} \end{solution} \item Now the \SGID (set group \ID) permission is added to the directory shown in question~\vref{que:directory}. \begin{enumerate} \item Write a command to add this permission, leaving other permissions unchanged. \begin{solution} \begin{alltt} $ \textbf{chmod g+s directory} \end{alltt}%$ \end{solution} \item Write the permissions on the directory as they would be shown as the first field of the output of \texttt{ls -ld directory} \begin{solution} \begin{alltt} $ \textbf{ls -ld directory} drwxrwsr-x 1 jimmy students 376 Feb 17 08:18 file1.txt \end{alltt}%$ \end{solution} \item Answer the questions from question~\vref{que:directory} for each user again, but write ``unchanged'' where the result is the same, but where the result is different, explain how. \end{enumerate} \begin{solution} \begin{tabularx}{\linewidth}{@{}lYYYY@{}} \toprule% &\textbf{jimmy} & \textbf{nicku} & \textbf{andy} & \textbf{jenny} \\ \midrule% can create file: & yes & no & yes & yes \\ owner of file: & jimmy & & andy & jenny \\ group: & students & & students & students \\ permissions: & \texttt{-rw-rx-r--} & & \texttt{-rw-rx-r--} & \texttt{-rw-rx-r--}\\ users can read: & all & & all & all \\ users can write: & andy, jenny & & jenny & andy \\ users can delete: & andy, jenny & & jimmy, jenny & jimmy, andy \\ \bottomrule% \end{tabularx} \end{solution} \item Now the \emph{restricted deletion flag} (or ``sticky bit'') permission is added to the directory shown in question~\vref{que:directory}, \emph{as well as} the \SGID permission. \begin{enumerate} \item Write a command to add this permission, leaving other permissions unchanged. \begin{solution} \begin{alltt} $ \textbf{chmod o+t directory} \end{alltt}%$ \end{solution} \item Write the permissions on the directory as they would be shown as the first field of the output of \texttt{ls -ld directory} \begin{solution} \begin{alltt} $ \textbf{ls -ld directory} drwxrwsr-t 1 jimmy students 376 Feb 17 08:18 file1.txt \end{alltt}%$ \end{solution} \item Answer the questions from question~\vref{que:directory} for each user again, but write ``unchanged'' where the result is the same, but where the result is different, explain how. \end{enumerate} \end{enumerate} \begin{solution} \begin{tabularx}{\linewidth}{@{}lYYYY@{}} \toprule% &\textbf{jimmy} & \textbf{nicku} & \textbf{andy} & \textbf{jenny} \\ \midrule% can create file: & yes & no & yes & yes \\ owner of file: & jimmy & & andy & jenny \\ group: & students & & students & students \\ permissions: & \texttt{-rw-rx-r--} & & \texttt{-rw-rx-r--} & \texttt{-rw-rx-r--}\\ users can read: & all & & all & all \\ users can write: & andy, jenny & & jenny & andy \\ users can delete: & only jimmy & & andy and jimmy & jenny and jimmy \\ \bottomrule% \end{tabularx} \end{solution} \end{document}