Below are questions. Please submit answers to them onto the remote Unix machine using these preparation and submittal instructions. Please name your file "permissions".
File permissions govern interaction between files on the one hand, and users on the other. They can control which files are (or aren't) available to which users for which purposes. A brief permissions overview is provided.
For tutorial purposes, certain user accounts and files are set up on the remote Unix machine. You will use them to explore the permissions mechanism.
The tutorial users
On the server (specified by the instructor) real user accounts have been created for the following 10 imaginary users with the imaginary gender/age characteristics shown.
MEN:
tom
dick
harry
WOMEN:
mary
jane
sally
BOYS:
hansel
pinochio
GIRLS:
gretel
heidi
The password is "password" for all 10 user accounts. You can therefore log in freely as any of these users.
You can log in as these users successively, one-at-a-time. Or concurrently, opening multiple telnet sessions; there is no problem with having two or more telnet sessions to the server at the same time, from the same client machine. If for example you want to log in as pinochio, issue "telnet <server>" as usual and answer the "login:" prompt with pinochio. The system will ask you for pinochio's password. Supply it (it's "password") and you will then become pinochio for further operations. Without logging out, you may wish to login as mary. Again, issue "telnet <server>" as usual and answer the "login:" prompt with mary. The system will ask you for mary's password. Supply it (it too is "password") and you will then become mary for further operations. You will have 2 telnet windows open on your desktop, one as pinochio and the other as mary. If you forget "who you are," you can find out by issuing the command "whoami" and the system will print your user identity on the screen. The command prompt also contains the name of the current user so alternatively, just glance at the prompt. Or, use the id command.
[david@emach4 ~]$ whoami
david
[david@emach4 ~]$ id
uid=500(david) gid=500(david) groups=500(david)
[david@emach4 ~]$ id tom
uid=501(tom) gid=502(tom) groups=502(tom),512(men),515(males)
[david@emach4 ~]$ id mary
uid=504(mary) gid=505(mary) groups=505(mary),513(women),516(females)
[david@emach4 ~]$ id heidi
uid=510(heidi) gid=511(heidi) groups=511(heidi),514(children),516(females)
[david@emach4 ~]$
The tutorial groups
For this exercise, five "official" Unix groups have been established on the machine and populated with the above users. The groups, and the users who belong to them, are:
men - tom, dick, harry
women - mary, jane, sally
children - hansel, pinochio, gretel, heidi
males - tom, dick, harry, hansel, pinochio
females - mary, jane, sally, gretel, heidi
Groups are established in Unix by editing a file named /etc/group. (You must be the root user to do this.) Here are lines excerpted from /etc/group on the remote Unix machine. They establish the above groups.
men:x:512:tom,dick,harry
women:x:513:mary,jane,sally
children:x:514:hansel,gretel,heidi,pinochio
males:x:515:tom,dick,harry,hansel,pinochio
females:x:516:mary,jane,sally,gretel,heidi
The tutorial files and directory structure
As a test environment where you can experiment, below is a directory structure that exists on the Unix remote server. For the various files and directories, note their user affiliations ("owners"), their group affiliations, and their permission settings. For example for the directory /permissions/playroom below, the affiliated user is root, the affiliated group is children, and the permissions are rwxr-x--- . The permissions tell us that "rwx" controls the access by user root, "r-x" controls access by other users who are members of the "children" group, and "---" controls access by other users who are not members of the "children" group. You can log in as any of the 4 children to experience the effect of permissions "r-x" and you can log in as any other (non-"children") user to see the effect of permissions "---".
[root@emach4 ~]# /bin/ls -lR /permissions
/permissions:
total 20
drwxrwx--- 2 root females 4096 Oct 24 2000 ladies-room
drwxrwx--- 2 root males 4096 Oct 24 2000 mens-room
drwxrwx--- 2 root children 4096 Oct 24 2000 playroom
drwxrwxrwx 9 root root 4096 Oct 24 2000 testdirs
drwxrwxrwx 2 root root 4096 Oct 24 2000 testfiles
/permissions/ladies-room:
total 0
/permissions/mens-room:
total 0
/permissions/playroom:
total 0
/permissions/testdirs:
total 28
d--------x 2 root root 4096 Oct 24 2000 testdir1
d-------w- 2 root root 4096 Oct 24 2000 testdir2
d-------wx 2 root root 4096 Oct 24 2000 testdir3
d------r-- 2 root root 4096 Oct 24 2000 testdir4
d------r-x 2 root root 4096 Oct 24 2000 testdir5
d------rw- 2 root root 4096 Oct 24 2000 testdir6
d------rwx 2 root root 4096 Oct 24 2000 testdir7
/permissions/testdirs/testdir1:
total 4
-rwxrwxrwx 1 root root 6 Oct 24 2000 a_file
/permissions/testdirs/testdir2:
total 4
-rwxrwxrwx 1 root root 6 Oct 24 2000 a_file
/permissions/testdirs/testdir3:
total 4
-rwxrwxrwx 1 root root 6 Oct 24 2000 a_file
/permissions/testdirs/testdir4:
total 4
-rwxrwxrwx 1 root root 6 Oct 24 2000 a_file
/permissions/testdirs/testdir5:
total 4
-rwxrwxrwx 1 root root 6 Oct 24 2000 a_file
/permissions/testdirs/testdir6:
total 4
-rwxrwxrwx 1 root root 6 Oct 24 2000 a_file
/permissions/testdirs/testdir7:
total 4
-rwxrwxrwx 1 root root 6 Oct 24 2000 a_file
/permissions/testfiles:
total 32
---------- 1 root root 3 Oct 24 2000 testfile0
---------x 1 root root 3 Oct 24 2000 testfile1
--------w- 1 root root 3 Oct 24 2000 testfile2
--------wx 1 root root 3 Oct 24 2000 testfile3
-------r-- 1 root root 3 Oct 24 2000 testfile4
-------r-x 1 root root 3 Oct 24 2000 testfile5
-------rw- 1 root root 3 Oct 24 2000 testfile6
-------rwx 1 root root 3 Oct 24 2000 testfile7
(The directory itself containing all this, /permissions, has its own
permissions fully "turned on" so that those permissions won't trickle
down and restrict anything you do below the directory.
[root@emach4 ~]# ls -ld /permissions
drwxrwxrwx 7 root root 4096 Feb 10 12:37 /permissions
[root@emach4 ~]#
Note the "d" option for ls in the above command which tells ls, when you give it the name of a directory, to return information about the directory itself instead of the directory's contents.)
Become in succession the 4 users tom, then mary, then hansel, then gretel. While operating under each user identity, execute in succession the 3 commands "cd /permissions/ladies-room" then the command "cd /permissions/mens-room" then "cd /permissions/playroom". Answer the following questions:
1. As tom when you execute the command "cd /permissions/mens-room"
the permissions that govern you are:
a. rwx
b. r-x
c. ---
2. As tom, can you enter the directory
/permissions/mens-room?
a. yes
b. no
3. As tom when you execute the command "cd
/permissions/ladies-room" the permissions that govern you are:
a. rwx
b. r-x
c. ---
4. As tom, can you enter the directory
/permissions/ladies-room?
a. yes
b. no
5. As tom when you execute the command "cd /permissions/playroom"
the permissions that govern you are:
a. rwx
b. r-x
c. ---
6. As tom, can you enter the directory
/permissions/playroom?
a. yes
b. no
7. As mary when you execute the command "cd /permissions/mens-room"
the permissions that govern you are:
a. rwx
b. r-x
c. ---
8. As mary, can you enter the directory
/permissions/mens-room?
a. yes
b. no
9. As mary when you execute the command "cd
/permissions/ladies-room" the permissions that govern you are:
a. rwx
b. r-x
c. ---
10. As mary, can you enter the directory
/permissions/ladies-room?
a. yes
b. no
11. As mary when you execute the command "cd /permissions/playroom"
the permissions that govern you are:
a. rwx
b. r-x
c. ---
12. As mary, can you enter the directory
/permissions/playroom?
a. yes
b. no
13. As hansel when you execute the command "cd /permissions/mens-room"
the permissions that govern you are:
a. rwx
b. r-x
c. ---
14. As hansel, can you enter the directory
/permissions/mens-room?
a. yes
b. no
15. As hansel when you execute the command "cd
/permissions/ladies-room" the permissions that govern you are:
a. rwx
b. r-x
c. ---
16. As hansel, can you enter the directory
/permissions/ladies-room?
a. yes
b. no
17. As hansel when you execute the command "cd
/permissions/playroom" the permissions that govern you are:
a. rwx
b. r-x
c. ---
18. As hansel, can you enter the directory
/permissions/playroom?
a. yes
b. no
19. As gretel when you execute the command "cd /permissions/mens-room"
the permissions that govern you are:
a. rwx
b. r-x
c. ---
20. As gretel, can you enter the directory
/permissions/mens-room?
a. yes
b. no
21. As gretel when you execute the command "cd
/permissions/ladies-room" the permissions that govern you are:
a. rwx
b. r-x
c. ---
22. As gretel, can you enter the directory
/permissions/ladies-room?
a. yes
b. no
23. As gretel when you execute the command "cd
/permissions/playroom" the permissions that govern you are:
a. rwx
b. r-x
c. ---
24. As gretel, can you enter the directory
/permissions/playroom?
a. yes
b. no
The next questions deal with the following set of directories
[david@emach4 ~]$ /bin/ls -l /permissions/testdirs/
total 28
d--------x 2 root root 4096 Oct 24 2000 testdir1
d-------w- 2 root root 4096 Oct 24 2000 testdir2
d-------wx 2 root root 4096 Oct 24 2000 testdir3
d------r-- 2 root root 4096 Oct 24 2000 testdir4
d------r-x 2 root root 4096 Oct 24 2000 testdir5
d------rw- 2 root root 4096 Oct 24 2000 testdir6
d------rwx 2 root root 4096 Oct 24 2000 testdir7
You will be governed in all cases by the last permissions triple (because all these files' affiliated owner is "root" and you are not user root, and all their affiliated group is group "root" and you are not a member of that group either).
The next questions test your ability to enter a directory. That is, to cd into it with for example the command
cd /permissions/testdirs/testdir1
Logged in as any user,
25. Can you enter the directory /permissions/testdirs/testdir1?
a. yes
b. no
26. Can you enter the directory /permissions/testdirs/testdir2?
a. yes
b. no
27. Can you enter the directory /permissions/testdirs/testdir3?
a. yes
b. no
28. Can you enter the directory /permissions/testdirs/testdir4?
a. yes
b. no
29. Can you enter the directory /permissions/testdirs/testdir5?
a. yes
b. no
30. Can you enter the directory /permissions/testdirs/testdir6?
a. yes
b. no
31. Can you enter the directory /permissions/testdirs/testdir7?
a. yes
b. no
Look at which of the directories allowed you to enter, then look at all their permissions settings. You should be able to conclude which particular setting controls your ability to enter a directory.
The next questions test your ability to list a directory. That is, to ls it with for example the command
ls /permissions/testdirs/testdir1
32. Can you list the contents of the directory /permissions/testdirs/testdir1?
a. yes
b. no
33. Can you list the contents of the directory /permissions/testdirs/testdir2?
a. yes
b. no
34. Can you list the contents of the directory /permissions/testdirs/testdir3?
a. yes
b. no
35. Can you list the contents of the directory /permissions/testdirs/testdir4?
a. yes
b. no
36. Can you list the contents of the directory /permissions/testdirs/testdir5?
a. yes
b. no
37. Can you list the contents of the directory /permissions/testdirs/testdir6?
a. yes
b. no
38. Can you list the contents of the directory /permissions/testdirs/testdir7?
a. yes
b. no
Look at which of the directories allowed you to list, then look at all their permissions settings. You should be able to conclude which particular setting controls your ability to list a directory.
The next questions test your ability to create a file in a directory. Using for example the command
touch /permissions/testdirs/testdir1/test
In these examples use an unusual filename sure to be unique. A filename like "test" is a bad choice since if the file you are trying to create was already created by a previous student it will interfere with the assignment. Choose names nobody else would possibly choose.
39. Can you create a file in the directory /permissions/testdirs/testdir1?
a. yes
b. no
40. Can you create a file in the directory /permissions/testdirs/testdir2?
a. yes
b. no
41. Can you create a file in the directory /permissions/testdirs/testdir3?
a. yes
b. no
42. Can you create a file in the directory /permissions/testdirs/testdir4?
a. yes
b. no
43. Can you create a file in the directory /permissions/testdirs/testdir5?
a. yes
b. no
44. Can you create a file in the directory /permissions/testdirs/testdir6?
a. yes
b. no
45. Can you create a file in the directory /permissions/testdirs/testdir7?
a. yes
b. no
You cannot create a file in most of the above cases, but not always for the same reason. Look at which of the directories allowed you to create a file, then look at all their permissions settings. You should be able to conclude which settings influenced your ability to list a directory and why.
The next questions deal with the following set of files
[david@EMACH1 david]$ ls -l /permissions/testfiles/
total 36
-rwxr-xr-x 1 root root 3 Jun 30 15:41 test
---------- 1 root root 3 Jun 30 15:41 testfile0
---------x 1 root root 3 Jun 30 15:41 testfile1
---------- 1 root root 3 Jun 30 15:41 testfile2
---------x 1 root root 3 Jun 30 15:41 testfile3
-------r-- 1 root root 3 Jun 30 15:41 testfile4
-------r-x 1 root root 3 Jun 30 15:41 testfile5
-------r-- 1 root root 3 Jun 30 15:41 testfile6
-------r-x 1 root root 3 Jun 30 15:41 testfile7
You will be governed in all cases by the last permissions triple. The content of all of these files is "ls". That is, they contain a legal command. So given appropriate permissions they are all intrinsically executable (as opposed to a file that contained gibberish, English, or other non-commands for example). This is because unix allows "scripts." That is, files that contain one or more regular unix commands. If you give the name of the file on the command line, as if it were a command, unix opens the file and executes the real commands found inside. So if a file named "foo" contains the word "date" then executing "foo" on the command line is equivalent to, and results in, executing "date." Try to execute these test files, for example with the command
/permissions/testfiles/testfile1
46. Can you execute the file /permissions/testfiles/testfile1?
a. yes
b. no
47. Can you execute the file /permissions/testfiles/testfile2?
a. yes
b. no
48. Can you execute the file /permissions/testfiles/testfile3?
a. yes
b. no
49. Can you execute the file /permissions/testfiles/testfile4?
a. yes
b. no
50. Can you execute the file /permissions/testfiles/testfile5?
a. yes
b. no
51. Can you execute the file /permissions/testfiles/testfile6?
a. yes
b. no
52. Can you execute the file /permissions/testfiles/testfile7?
a. yes
b. no
You cannot execute most of the above files, but not always for the same reason. Look at which of the files could be successfully executed (i.e., you got valid ls command output), then look at all their permissions settings. You should be able to conclude which settings influenced your ability to execute a file and why.