Laboratory Exercise on File Sharing
This laboratory exercise explores some capabilities of files and
permissions on a Linux-based system.
Some Background
In the Linux world, accounts are organized at three levels:
-
Personal account: Each user has her or his own account
-
Group: Each user is part of a group of users
-
Others: Users not in one's group are considered "others"
Within this structure, files and directories have three types of
permissions, and each type of permission has an associated number:
| Number | Description
|
| 4 | ability to view the file (read permission)
|
| 2 | ability to change the file (write
permission) |
| 1 | ability to execute the file as a program
(execute permission)
|
Permissions can be combined by adding the corresponding numbers. For
example, permission 6 allows a user to read and write (but not execute) a
file.
Getting Started
Work in this lab is based on a file my-account-script in the
instructor's course account for CSC 105. When this file is run, it
prints some basic information about a user's account and the workstation
being used.
-
Run the program my-account-script to determine what
it does.
-
Log in to your account, and open a terminal window.
-
Within the terminal window, run the program using the command
/home/walker/105/my-account-script
-
If you are interested in reviewing how this script works, you
can look at it with the statement
cat /home/walker/105/my-account-script
You may want to ask your instructor to interpret various details.
-
Copy file /home/walker/105/my-account-script to your
public_html directory, as follows.
-
Within the terminal window, type
cd public_html
to move to this directory that you created in previous labs.
-
Type
cp /home/walker/105/my-account-script .
(where the final period indicates the file is to be copied to your current
directory).
The ls Command in Linux
The command
ls -l
provides a long form of listing for files in a directory.
The command
ls -l -a
includes information on the current directory (listed as .) and its
parent directory (listed as ..).
In deciphering a line of the listings, the first part of each line gives
permission information: For example, in the sequence:
-rwx------
the initial dash indicates this is a regular file; a line starting with d
indicates a directory.
The next 9 characters indicate permissions:
-
read, write, execute information for the user
-
read, write, execute information for the user's group
-
read, write, execute information for the rest of the world
In the example, rwx------ means the user had full capabilities for
the file, while others have no capabilities to work with the file.
Experiments
-
Use the ls command to determine the protection code of the
newly-copied file
my-account-script
and describe what you encounter.
-
Try to run this file by typing
my-account-script
in your terminal window.
-
Change the permission code for this file so you have execute permission:
chmod 700 my-account-script
and check the permissions with the ls -l command.
-
Now try running the file script again.
-
Use your experience in the previous three steps to explain what is meant by
"execute" permission for a regular file
-
Change the permission code so you can read, but not write or execute, the
file. Then try to edit the file with the command
emacs my-account-script &
For example, you might try to add a line
echo "I added this line"
-
Can you view the file?
-
What happens if you try to change it?
-
Set the permission code, so that others can
read and execute (but not write) your home directory and
your public_html directory. Allow only those in your group
to read and execute your file
my-account-script. This can be done with the following commands:
cd
chmod 755 .
cd public_html
chmod 755 .
chmod 750 my-account-script
Your lab partner now should be able to read your file using the name
/home/your-account/public_html/my-account-script
-
With the file permissions set this way, ask your lab partner to try to
access and run your script when logged into her or his account. Describe
what happens.
-
Can your lab partner edit your file?
-
Change the protection code of your file my-account-script to allow
group editing (but still no access by others outside your group). What
happens now if your lab partner tries to edit the file?
-
Try accessing the file in your browser, using the URL
http://www.cs.grinnell.edu/~your-account/my-account-script
Describe what happens.
-
Change the permission code, so all others can read the file (but not
execute or change it).
Now try accessing the file again in your browser, and describe what you
see. (Is the file listed; is the file run?)
-
Change the permission code, so all others can execute the file (but not
read or change it). Again, describe what happens when you try accessing
this file in your browser.
-
Summarize your conclusions regarding the nature of permissions
for accessing a file with your browser.
-
Reset the permissions of your file, so that it can be read over the World
Wide Web.
Now set the permissions of your public_html directory,
so that it can be read, but not executed.
-
What happens when you try to access my-account-script in your
browser?
-
What happens in your browser when you use the URL
http://www.cs.grinnell.edu/~your-account
-
Now set the permissions of your public_html directory,
so that it can be executed, but not read. Again, determine what happens
in each case listed in the previous step.
-
Summarize your conclusions regarding the nature of permissions for
accessing a directory with your browser.
Work To Be Turned In
-
Explanations for steps 3, 7-8, 10-19.
This document is available on the World Wide Web as
http://www.cs.grinnell.edu/~walker/courses/105.sp04/file-sharing.shtml
