Assignment: file permissions

Below are 52 questions. You are asked to submit answers to them at the end of this page.

File permissions govern interaction between files on the one hand, and users on the other. They can control which files are (or aren't) available to which users for which purposes. A brief permissions overview is provided.

For tutorial purposes, certain user accounts and files are set up on the remote Unix machine. You will use them to explore the permissions mechanism.

The tutorial users

On the remote server real user accounts have been created for the following 10 imaginary users with the imaginary gender/age characteristics shown. Perform this exercise there.

MEN:
tom
dick
harry

WOMEN:
mary
jane
sally

BOYS:
hansel
pinochio

GIRLS:
gretel
heidi

The password is identical  for all 10 user accounts, with a value per your instructor. You can therefore log in freely as any of these users. Use the client tool for logging in specified by your instructor (probably ssh or telnet, it may matter which so follow his direction).

You can log in as these users successively, one-at-a-time. Or concurrently, opening multiple remote login sessions; there is no problem with having two or more login sessions on the server at the same time, from the same client machine. If for example you want to log in as pinochio, use your login client as usual supplying "pinochio" and his password. You will then become pinochio for further operations. Without logging out, you may wish to login as mary. Again, run your login client as usual but supply "mary" and her password. You will then become mary for further operations. You will have 2 shell windows open on your desktop, one as pinochio and the other as mary. If you forget "who you are," you can find out by issuing the command "whoami" and the system will print your user identity on the screen. The command prompt also contains the name of the current user so alternatively, just glance at the prompt. Or, use the id command.

[david@emach4 ~]$ whoami
david
[david@emach4 ~]$ id
uid=500(david) gid=500(david) groups=500(david)
[david@emach4 ~]$ id tom
uid=501(tom) gid=502(tom) groups=502(tom),512(men),515(males)
[david@emach4 ~]$ id mary
uid=504(mary) gid=505(mary) groups=505(mary),513(women),516(females)
[david@emach4 ~]$ id heidi
uid=510(heidi) gid=511(heidi) groups=511(heidi),514(children),516(females)
[david@emach4 ~]$

The tutorial groups

For this exercise, five "official" Unix groups have been established on the machine and populated with the above users. The groups, and the users who belong to them, are:

men - tom, dick, harry    
women - mary, jane, sally
children - hansel, pinochio, gretel, heidi
males - tom, dick, harry, hansel, pinochio
females - mary, jane, sally, gretel, heidi

Groups are established in Unix by editing a file named /etc/group. (You must be the root user to do this.) Here are lines excerpted from /etc/group on the remote Unix machine. They establish the above groups.

men:x:512:tom,dick,harry
women:x:513:mary,jane,sally
children:x:514:hansel,gretel,heidi,pinochio
males:x:515:tom,dick,harry,hansel,pinochio
females:x:516:mary,jane,sally,gretel,heidi

The tutorial files and directory structure

As a test environment where you can experiment, below is a directory structure that exists on the Unix remote server. For the various files and directories, note their user affiliations ("owners"), their group affiliations, and their permission settings. For example for the directory /permissions/playroom below, the affiliated user is root, the affiliated group is children, and the permissions are rwxr-x--- . The permissions tell us that "rwx" controls the access by user root, "r-x" controls access by other users who are members of the "children" group, and "---" controls access by other users who are not members of the "children" group. You can log in as any of the 4 children to experience the effect of permissions "r-x" and you can log in as any other (non-"children") user to see the effect of permissions "---". 

[root@emach4 /]# ls -lR /permissions
/permissions:
total 20
drwxr-x--- 2 root females 4096 2010-10-10 00:00 ladies-room
drwxr-x--- 2 root males 4096 2010-10-10 00:00 mens-room
drwxr-x--- 2 root children 4096 2010-10-10 00:00 playroom
drwxrwxrwx 9 root root 4096 2010-10-10 00:00 testdirs
drwxrwxrwx 2 root root 4096 2010-10-10 00:00 testfiles

/permissions/ladies-room:
total 0

/permissions/mens-room:
total 0

/permissions/playroom:
total 0

/permissions/testdirs:
total 28
d--------x 2 root root 4096 2010-10-10 00:00 testdir1
d-------w- 2 root root 4096 2010-10-10 00:00 testdir2
d-------wx 2 root root 4096 2010-10-10 00:00 testdir3
d------r-- 2 root root 4096 2010-10-10 00:00 testdir4
d------r-x 2 root root 4096 2010-10-10 00:00 testdir5
d------rw- 2 root root 4096 2010-10-10 00:00 testdir6
d------rwx 2 root root 4096 2010-10-10 00:00 testdir7

/permissions/testdirs/testdir1:
total 4
-rwxrwxrwx 1 root root 6 2010-10-10 00:00 a_file

/permissions/testdirs/testdir2:
total 4
-rwxrwxrwx 1 root root 6 2010-10-10 00:00 a_file

/permissions/testdirs/testdir3:
total 4
-rwxrwxrwx 1 root root 6 2010-10-10 00:00 a_file

/permissions/testdirs/testdir4:
total 4
-rwxrwxrwx 1 root root 6 2010-10-10 00:00 a_file

/permissions/testdirs/testdir5:
total 4
-rwxrwxrwx 1 root root 6 2010-10-10 00:00 a_file

/permissions/testdirs/testdir6:
total 4
-rwxrwxrwx 1 root root 6 2010-10-10 00:00 a_file

/permissions/testdirs/testdir7:
total 4
-rwxrwxrwx 1 root root 6 2010-10-10 00:00 a_file

/permissions/testfiles:
total 32
---------- 1 root root 3 2010-10-10 00:00 testfile0
---------x 1 root root 3 2010-10-10 00:00 testfile1
--------w- 1 root root 3 2010-10-10 00:00 testfile2
--------wx 1 root root 3 2010-10-10 00:00 testfile3
-------r-- 1 root root 3 2010-10-10 00:00 testfile4
-------r-x 1 root root 3 2010-10-10 00:00 testfile5
-------rw- 1 root root 3 2010-10-10 00:00 testfile6
-------rwx 1 root root 3 2010-10-10 00:00 testfile7
[root@emach4 /]# 


(The directory itself containing all this, /permissions, has its own permissions fully "turned on" so that those permissions won't trickle down and restrict anything you do below the directory.

[root@emach4 ~]# ls -ld /permissions
drwxrwxrwx 7 root root 4096 Feb 10 12:37 /permissions
[root@emach4 ~]#

Note the "d" option for ls in the above command which tells ls, when you give it the name of a directory, to return information about the directory itself instead of the directory's contents.)

Become in succession the 4 users tom, then mary, then hansel, then gretel. While operating under each user identity, execute in succession the 3 commands "cd /permissions/ladies-room" then the command "cd /permissions/mens-room" then "cd /permissions/playroom". Answer the following questions:

1. As tom when you execute the command "cd /permissions/mens-room" the permissions that govern you are:
 a. rwx
 b. r-x
 c. --- 

2. As tom, can you enter the directory /permissions/mens-room?
 a. yes
 b. no

3. As tom when you execute the command "cd /permissions/ladies-room" the permissions that govern you are:
 a. rwx
 b. r-x
 c. --- 

4. As tom, can you enter the directory /permissions/ladies-room?
 a. yes
 b. no

5. As tom when you execute the command "cd /permissions/playroom" the permissions that govern you are:
 a. rwx
 b. r-x
 c. --- 

6. As tom, can you enter the directory /permissions/playroom?
 a. yes
 b. no

7. As mary when you execute the command "cd /permissions/mens-room" the permissions that govern you are:
 a. rwx
 b. r-x
 c. --- 

8. As mary, can you enter the directory /permissions/mens-room?
 a. yes
 b. no

9. As mary when you execute the command "cd /permissions/ladies-room" the permissions that govern you are:
 a. rwx
 b. r-x
 c. --- 

10. As mary, can you enter the directory /permissions/ladies-room?
 a. yes
 b. no

11. As mary when you execute the command "cd /permissions/playroom" the permissions that govern you are:
 a. rwx
 b. r-x
 c. --- 

12. As mary, can you enter the directory /permissions/playroom?
 a. yes
 b. no

13. As hansel when you execute the command "cd /permissions/mens-room" the permissions that govern you are:
 a. rwx
 b. r-x
 c. --- 

14. As hansel, can you enter the directory /permissions/mens-room?
 a. yes
 b. no

15. As hansel when you execute the command "cd /permissions/ladies-room" the permissions that govern you are:
 a. rwx
 b. r-x
 c. --- 

16. As hansel, can you enter the directory /permissions/ladies-room?
 a. yes
 b. no

17. As hansel when you execute the command "cd /permissions/playroom" the permissions that govern you are:
 a. rwx
 b. r-x
 c. --- 

18. As hansel, can you enter the directory /permissions/playroom?
 a. yes
 b. no

19. As gretel when you execute the command "cd /permissions/mens-room" the permissions that govern you are:
 a. rwx
 b. r-x
 c. --- 

20. As gretel, can you enter the directory /permissions/mens-room?
 a. yes
 b. no

21. As gretel when you execute the command "cd /permissions/ladies-room" the permissions that govern you are:
 a. rwx
 b. r-x
 c. --- 

22. As gretel, can you enter the directory /permissions/ladies-room?
 a. yes
 b. no

23. As gretel when you execute the command "cd /permissions/playroom" the permissions that govern you are:
 a. rwx
 b. r-x
 c. --- 

24. As gretel, can you enter the directory /permissions/playroom?
 a. yes
 b. no

The next questions deal with the following set of directories 

[david@emach4 ~]$ /bin/ls -l /permissions/testdirs/
total 28
d--------x 2 root root 4096 Oct 24 2000 testdir1
d-------w- 2 root root 4096 Oct 24 2000 testdir2
d-------wx 2 root root 4096 Oct 24 2000 testdir3
d------r-- 2 root root 4096 Oct 24 2000 testdir4
d------r-x 2 root root 4096 Oct 24 2000 testdir5
d------rw- 2 root root 4096 Oct 24 2000 testdir6
d------rwx 2 root root 4096 Oct 24 2000 testdir7

You will be governed in all cases by the last permissions triple (because all these files' affiliated owner is "root" and you are not user root, and all their affiliated group is group "root" and you are not a member of that group either). 

The next questions test your ability to enter a directory. That is, to cd into it with for example the command

cd /permissions/testdirs/testdir1

Logged in as any user,

25. Can you enter the directory /permissions/testdirs/testdir1?
 a. yes
 b. no

26. Can you enter the directory /permissions/testdirs/testdir2?
 a. yes
 b. no

27. Can you enter the directory /permissions/testdirs/testdir3?
 a. yes
 b. no

28. Can you enter the directory /permissions/testdirs/testdir4?
 a. yes
 b. no

29. Can you enter the directory /permissions/testdirs/testdir5?
 a. yes
 b. no

30. Can you enter the directory /permissions/testdirs/testdir6?
 a. yes
 b. no

31. Can you enter the directory /permissions/testdirs/testdir7?
 a. yes
 b. no

Look at which of the directories allowed you to enter, then look at all their permissions settings. You should be able to conclude which particular setting controls your ability to enter a directory.

The next questions test your ability to list a directory. That is, to ls it with for example the command

ls /permissions/testdirs/testdir1

32. Can you list the contents of the directory /permissions/testdirs/testdir1?
 a. yes
 b. no 

33. Can you list the contents of the directory /permissions/testdirs/testdir2?
 a. yes
 b. no 

34. Can you list the contents of the directory /permissions/testdirs/testdir3?
 a. yes
 b. no 

35. Can you list the contents of the directory /permissions/testdirs/testdir4?
 a. yes
 b. no 

36. Can you list the contents of the directory /permissions/testdirs/testdir5?
 a. yes
 b. no 

37. Can you list the contents of the directory /permissions/testdirs/testdir6?
 a. yes
 b. no 

38. Can you list the contents of the directory /permissions/testdirs/testdir7?
 a. yes
 b. no

Look at which of the directories allowed you to list, then look at all their permissions settings. You should be able to conclude which particular setting controls your ability to list a directory.

The next questions test your ability to create a file in a directory. Using for example the command

touch /permissions/testdirs/testdir1/test

In these examples use an unusual filename sure to be unique. A filename like "test" is a bad choice since if the file you are trying to create was already created by a previous student it will interfere with the assignment. Choose names nobody else would possibly choose.

39. Can you create a file in the directory /permissions/testdirs/testdir1?
 a. yes
 b. no

40. Can you create a file in the directory /permissions/testdirs/testdir2?
 a. yes
 b. no

41. Can you create a file in the directory /permissions/testdirs/testdir3?
 a. yes
 b. no

42. Can you create a file in the directory /permissions/testdirs/testdir4?
 a. yes
 b. no

43. Can you create a file in the directory /permissions/testdirs/testdir5?
 a. yes
 b. no

44. Can you create a file in the directory /permissions/testdirs/testdir6?
 a. yes
 b. no

45. Can you create a file in the directory /permissions/testdirs/testdir7?
 a. yes
 b. no

You cannot create a file in most of the above cases, but not always for the same reason. Look at which of the directories allowed you to create a file, then look at all their permissions settings. You should be able to conclude which settings influenced your ability to list a directory and why.

The next questions deal with the following set of files

[david@EMACH1 david]$ ls -l /permissions/testfiles/
total 36
-rwxr-xr-x 1 root root 3 Jun 30 15:41 test
---------- 1 root root 3 Jun 30 15:41 testfile0
---------x 1 root root 3 Jun 30 15:41 testfile1
---------- 1 root root 3 Jun 30 15:41 testfile2
---------x 1 root root 3 Jun 30 15:41 testfile3
-------r-- 1 root root 3 Jun 30 15:41 testfile4
-------r-x 1 root root 3 Jun 30 15:41 testfile5
-------r-- 1 root root 3 Jun 30 15:41 testfile6
-------r-x 1 root root 3 Jun 30 15:41 testfile7

You will be governed in all cases by the last permissions triple. The content of all of these files is "ls". That is, they contain a legal command. So given appropriate permissions they are all intrinsically executable (as opposed to a file that contained gibberish, English, or other non-commands for example). This is because unix allows "scripts." That is, files that contain one or more regular unix commands. If you give the name of the file on the command line, as if it were a command, unix opens the file and executes the real commands found inside. So if a file named "foo" contains the word "date" then executing "foo" on the command line is equivalent to, and results in, executing "date." Try to execute these test files, for example with the command

/permissions/testfiles/testfile1

46. Can you execute the file /permissions/testfiles/testfile1?
 a. yes
 b. no

47. Can you execute the file /permissions/testfiles/testfile2?
 a. yes
 b. no

48. Can you execute the file /permissions/testfiles/testfile3?
 a. yes
 b. no

49. Can you execute the file /permissions/testfiles/testfile4?
 a. yes
 b. no

50. Can you execute the file /permissions/testfiles/testfile5?
 a. yes
 b. no

51. Can you execute the file /permissions/testfiles/testfile6?
 a. yes
 b. no

52. Can you execute the file /permissions/testfiles/testfile7?
 a. yes
 b. no

You cannot execute most of the above files, but not always for the same reason. Look at which of the files could be successfully executed (i.e., you got valid ls command output), then look at all their permissions settings. You should be able to conclude which settings influenced your ability to execute a file and why.

 

What to turn in

Please submit answers to the above set of questions onto the remote server machine using these preparation and submittal instructions. Please name your file "permissions".