|The Tao of Computing:|
|A Down-to-Earth Approach to Computer Fluency|
|by Henry M. Walker||Jones and Bartlett Publishers|
This laboratory exercise explores some capabilities of files and permissions on a Linux-based system.
In the Linux world, accounts are organized at three levels:
Within this structure, files and directories have three types of permissions, and each type of permission has an associated number:
|4||ability to view the file (read permission)|
|2||ability to change the file (write permission)|
|1||ability to execute the file as a program (execute permission)|
Permissions can be combined by adding the corresponding numbers. For example, permission 6 allows a user to read and write (but not execute) a file.
Work in this lab is based on a file my-account-script in the instructor's course account for CSC 105. When this file is run, it prints some basic information about a user's account and the workstation being used.
Run the program my-account-script to determine what it does.
If you are interested in reviewing how this script works, you can look at it with the statement
You may want to ask your instructor to interpret various details.
Copy file /home/walker/105/my-account-script to your public_html directory, as follows.
cd public_htmlto move to this directory that you created in previous labs.
cp /home/walker/105/my-account-script .(where the final period indicates the file is to be copied to your current directory).
provides a long form of listing for files in a directory. The command
ls -l -a
includes information on the current directory (listed as .) and its parent directory (listed as ..).
In deciphering a line of the listings, the first part of each line gives permission information: For example, in the sequence:
the initial dash indicates this is a regular file; a line starting with d indicates a directory.
The next 9 characters indicate permissions:
In the example, rwx------ means the user had full capabilities for the file, while others have no capabilities to work with the file.
Use the ls command to determine the protection code of the newly-copied file my-account-script and describe what you encounter.
in your terminal window.
Change the permission code for this file so you have execute permission:
chmod 700 my-account-script
and check the permissions with the ls -l command.
Now try running the file script again.
Use your experience in the previous three steps to explain what is meant by "execute" permission for a regular file
Change the permission code so you can read, but not write or execute, the file. Then try to edit the file with the command
emacs my-account-script &
For example, you might try to add a line
echo "I added this line"
Set the permission code, so that others can read and execute (but not write) your home directory and your public_html directory. Allow only those in your group to read and execute your file my-account-script. This can be done with the following commands:
cd chmod 755 . cd public_html chmod 755 . chmod 750 my-account-script
Your lab partner now should be able to read your file using the name /home/your-account/public_html/my-account-script
With the file permissions set this way, ask your lab partner to try the following actions:
In each case, describe what happens.
Change the protection code of your file my-account-script to allow group editing (but still no access by others outside your group). What happens now if your lab partner tries to edit the file?
Try accessing the file in your browser, using the URL
Describe what happens.
Change the permission code, so all others can read the file (but not execute or change it).
Now try accessing the file again in your browser, and describe what you see. (Is the file listed; is the file run?)
Change the permission code, so all others can execute the file (but not read or change it). Again, describe what happens when you try accessing this file in your browser.
Summarize your conclusions regarding the nature of permissions for accessing a file with your browser.
Reset the permissions of your file, so that it can be read over the World Wide Web.
Now set the permissions of your public_html directory, so that it can be read, but not executed.
Now set the permissions of your public_html directory, so that it can be executed, but not read. Again, determine what happens in each case listed in the previous step.
Summarize your conclusions regarding the nature of permissions for accessing a directory with your browser.
created March 9, 2004
last revised February 16, 2005
|For more information, please contact Henry M. Walker at email@example.com.|