OPS145 Lab 4: Difference between revisions

From Littlesvr Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 1: Line 1:
=Data Representation / Numbering Conversion / File Permissions=
= Binary review =
Go back and review the binary stuff we looked at [[OPS145 Introduction#Digital electronics|in the course introduction]].


===Main Objectives of this Practice Tutorial===
This lab is about POSIX permissions, and you need to be completely comfortable with binary-to-decimal and decimal-to-binary conversion from 000 to 111 (decimal 0 to 7).


:* Understand how digital computers store data (i.e. data representation)
Here's a summary of the absolute minimum you need to remember from that:
 
{| class="wikitable"
:* Define '''decimal''', '''binary''', '''octal''' and '''hexadecimal''' numbers
!Binary
 
!Decimal
:* Manually perform '''numbering conversions''' between the '''decimal''', '''binary''', '''octal''' and '''hexadecimal''' numbering systems<br>(<u>without</u> the use of a computer or calculator)
|-
 
|000
:* Explain the purpose of '''file permissions'''
|0+0+0=0
 
|-
:* Explain how permissions work differently for '''directories''' as opposed for '''regular files'''
|00'''1'''
 
|0+0+'''1'''=1
:* Change file '''permissions''' with the '''chmod''' command (both ''symbolic'' and ''absolute'' methods)
|-
 
|0'''1'''0
:* Use the '''umask''' command to automatically assign permissions for '''newly created directories''' and '''regular files'''<br><br>
|0+'''2'''+0=2
 
|-
===Tutorial Reference Material===
|0'''11'''
 
|0+'''2'''+'''1'''=3
{|width="100%" cellspacing="0" cellpadding="10"
|-
 
|'''1'''00
|- valign="top"
|'''4'''+0+0=4
 
|-
|colspan="2" style="font-size:16px;font-weight:bold;border-bottom: thin solid black;border-spacing:0px;padding-left:15px;"|Numbering Conversion / File Permissions Reference<br>
|'''1'''0'''1'''
 
|'''4'''+0+'''1'''=5
|- valign="top" style="padding-left:15px;"
|-
|  style="padding-left:15px;" | '''Data Representation Definitions:'''
|'''11'''0
* [https://home.adelphi.edu/~siegfried/cs170/170l1.pdf Data Representation]<br>
|'''4'''+'''2'''+0=6
* [https://en.wikipedia.org/wiki/Decimal Decimal Numbers]
|-
* [https://en.wikipedia.org/wiki/Binary_number Binary Numbers]
|'''111'''
* [https://en.wikipedia.org/wiki/Octal Octal Numbers]
|'''4'''+'''2'''+'''1'''=7
* [https://en.wikipedia.org/wiki/Hexadecimal Hexadecimal Numbers]<br>
|  style="padding-left:15px;"|'''File Permission Concepts:'''
* [https://www.booleanworld.com/introduction-linux-file-permissions/ Introduction to File Permissions]<br><br>
'''File Permission Commands:'''<br>
* [https://ss64.com/bash/chmod.html chmod]<br>
* [https://ss64.com/bash/umask.html umask]<br><br>
|}
|}


= KEY CONCEPTS =
= Read, Write, Execute (rwx) permissions =
 
On a Linux filesystem every file and directory has 9 bits of information allocated for reording basic permissions. Those 9 bits are split into three groups of 3 bits.
===Data Representation===
[[Image:binary-number1.png|right|200px|https://creativecommons.org/licenses/by-sa/3.0/ cc]]
Digital computers are '''electronic devices''' that contain a series of '''circuits''' and voltage levels that can store / represent data.
 
'''Binary numbers''' can represent those series of circuits with voltage levels.<br>Those binary numbers are combined in a sequence to form a '''byte'''. Bytes are used to represent numbers or characters.
 
 
IT professionals may need to perform '''numbering conversion''' to use with<br>''programming functions'' or ''OS commands'' to perform common operations on a computer system.
 
''IT Professionals that Use Data Representation:''
 
* ''Network Specialists'': Building Large Networks via Sub-netting
* ''Programmers:'' Sending information over networks, files
* ''Web Developers:'' Setting color codes for webpage background or text 
* ''Unix/Linux System Administrators:'' Setting ''permissions'' for files and directories 
<br>
 
===Numbering Conversion Methods===
 
====<u>Method 1: Binary to Decimal</u>====
 
[[Image:convert-bin-decimal.png|thumb|right|350px|Performing a '''binary''' to '''decimal''' conversion.]]
When converting '''binary''' numbers to '''decimal''' numbers, perform the following steps:<br><br>
# Write down the binary number.<br>
# Starting from the '''right-side''', draw '''L''''s below the binary number moving to the left<br>(refer to diagram on right).<br>
# Starting on the ''rightmost'' "'''L'''", multiply the value (placeholder) by '''2''' to the power of zero.<br>
# Continually repeat '''step #3''' moving leftwards, increasing the power of ''2'' by '''1'''<br>(refer to diagram on right).<br>
# Add up the results to obtain the decimal value equivalent.<br><br>
'''NOTE:''' To convert ''octal'' and ''hexadecimal'' numbers to '''decimal''', replace the number <span style="color:red;font-weight:bold">2</span> <br>(in red in the diagram to the right) with <span style="color:red;font-weight:bold">8</span> (for ''octal'') or <span style="color:red;font-weight:bold">16</span> (for ''hexadecimal'').
<br><br>
 
==== <u>Method 2: Decimal to Binary</u> ====
 
[[Image:decimal-to-bin.png|thumb|right|275px|Performing a '''decimal''' to '''binary''' conversion.]]
When converting '''decimal''' numbers to '''binary''' numbers, perform the following steps:<br><br>
# Write down the '''decimal number''' to be converted.
# On the ''right-side'', write the number '''1''' and moving '''leftwards''', keep <u>doubling</u> the numbers until that number is '''greater than''' the decimal number to be converted (refer to the diagram on the right).<br>
# Starting on the left-side of those doubled numbers, compare that number with the decimal number. If that number if less than or equal to the decimal number, then write a '''1''' below and subtract that number from the decimal number to get a remainder. If the number is greater than decimal number (or remainder), then write a '''0''' below.<br><br>
# Repeat '''step #3''' (moving rightwards and comparing the number with the decimal's remainder)<br><br>'''NOTE:''' If you are converting to '''8-bit''', '''32-bit''', etc., add '''leading zeros''' if necessary.<br><br>
 
==== <u>Method 3: Octal to Binary / Binary to Octal</u> ====
 
<table align="right"><tr><td>[[Image:bin-to-octal.png|thumb|right|230px|Performing an '''binary to octal''' numbering conversion.]]</td><td>[[Image:octal-to-bin.png|thumb|right|275px|Performing an '''octal to binary''' numbering conversion.]]</td></table>
 
''Binary to Octal''
 
# '''One octal number''' represents '''3 binary numbers''', so '''starting from right-side''', group binary digits into '''groups of 3'''<br>(add leading zeros if necessary).
# Write '''(4)(2)(1)''' under <u>each</u> '''group of 3 binary numbers'''.
# Multiply the value or "placeholder" (i.e. '''0''''s and '''1''''s) by the corresponding '''(4)(2)(1)''' for each group to obtain the octal number (refer to diagram of ''binary to octal'' conversion).<br><br>
 
''Octal to Binary''
 
# '''One octal number''' represents '''3 binary numbers''', so space-out<br>the octal numbers to make space for a binary number.
# Write '''(4)(2)(1)''' under <u>each</u> octal number.
# Write '''0''''s or '''1''''s for each group of binary numbers to add up to the<br>corresponding octal number (refer to diagram of ''octal to binary'' conversion).<br><br>
 
==== <u>Method 4: Hexadecimal to Binary / Binary to Hexadecimal</u> ====
 
<table align="right"><tr><td>[[Image:bin-to-hex.png|thumb|right|275px|Performing a '''binary to hexadecimal''' conversion.]]</td><td>[[Image:hex-to-bin.png|thumb|right|350px|Performing a '''hexadecimal to binary''' conversion.]]</td></tr></table>
''Binary to Hexadecimal''
 
# '''One hexadecimal number''' represents '''4 binary numbers''', so starting from right-side, group binary digits into '''groups of 4''' (add leading zeros if necessary).
# Write '''(8)(4)(2)(1)''' under <u>each</u> group of 4 binary numbers.
# Multiply the values or "placeholders" (i.e. '''0''''s and '''1''''s) by the corresponding (8)(4)(2)(1) for each group to obtain the octal number.
# Convert values from '''10''' to '''15''' to '''A''' to '''F'''<br>(refer to diagram of ''binary to hexadecimal'' conversion)<br><br>
 
''Hexadecimal to Binary''
 
# '''One hexadecimal number''' represents '''4 binary numbers''',<br>so space-out the hexadecimal numbers to make space for a binary number.
# Convert letters '''A''' to '''F''' to '''10''' to 15 (refer to diagram of ''binary to hexadecimal'' conversion)
# Write '''(8)(4)(2)(1)''' under <u>each</u> hexadecimal number.
# Write '''0''''s or '''1''''s for each group of binary numbers to add up to the corresponding<br>hexadecimal number (refer to diagram of ''hexadecimal to binary'' conversion).<br><br>
 
==== <u>Method 5: Octal to Hexadecimal / Hexadecimal to Octal</u> ====
 
[[Image:octal-hex.png|thumb|right|275px|For conversions between octal and hexadecimal numbers, use binary as a '''bridge'''.]]
To convert using the method, simply use binary as a "'''bridge'''".
 
''Example:''
 
To convert octal to hexadecimal, convert octal to binary, then convert binary to hexadecimal.
 
To convert hexadecimal to octal, convert hexadecimal to binary, then convert binary to octal.
<br><br>
 
===File Permissions===
 
[[Image:listing-file-directory.png|thumb|right|400px|Detailed directory listing showing permissions for a '''directory'''<br>and a '''regular file'''.]]
Since Unix / Linux operating file systems allow for '''multiple user accounts'''<br>it is essential to have a system to '''share''' or '''limit''' access to directories and files contained within the file system.
 
 
When '''directories''' and r'''egular files''' are created, they are assigned to an '''owner'''<br>(typically the username which is the creator).
To ''allow'' or ''limit'' '''access''' to those<br>files and directories, those files and directories are assigned to an<br>initial '''group''' referred to as a "'''primary group'''".
[[Image:directory-permissions.png|thumb|right|350px|Permissions of a '''directory''' that contain subdirectories and regular files.]]
Users that <u>own</u> those ''directories'' and ''regular files'' are referred to as '''users''', users that belong within the <u>same group</u> are referred to as '''same group members''', and those users that do <u>NOT</u> belong to a particular group are referred to as '''other group members'''.
 
'''NOTE:''' In this course, we CANNOT create groups or assign users to groups in the '''Matrix''' server. Instead, you may learn how to those tasks when or if you take a Unix/Linux administration course. On the other hand, you can change which '''user''', '''same group members''' or '''other group members''' can access or NOT access a directory or regular file.<br><br>
[[Image:file-permissions.png|thumb|right|350px|Permissions of a '''regular file''' contained within a directory.]]
File Permissions consist of  '''two-layers''':<br><br>'''First''', the permissions of a '''directory''' that contains regular files, and '''second''', permissions of the ''subdirectories and/or regular files'' within that directory.
 


Permissions for directories have a different meaning than permissions for '''regular files'''. Refer to the diagrams to the right to see the explanation of permissions and how they differ between a directory and a regular file.
Each group of 3 bits records whether the following permissions are granted:


A symbol ''dash'' "'''-'''" indicates that the permission has '''NOT''' been granted.
* '''read''' permission (most significant bit, on the left, '''decimal 4''')
* '''write''' permission (second bit, in the middle, '''decimal 2''')
* '''execute''' permission (least significant bit, on the right, '''decimal 1''')


The permissions of '''newly-created''' directories and regular files are automatically assigned<br>via a '''user mask''' (we will discuss this shortly). In order to change permissions for<br>directories and regular files, you would use the '''chmod''' command.
These are usually called "octal" rather than decimal, but I suspect you won't find any value in that extra complication, so you can just think of them as decimal numbers.


== Permissions for files ==
The read and write permissions for files are pretty self-explanatory:


'''Changing File Permissions with "chmod" command:'''
* If you have '''read''' permission for a '''file''': the operating system kernel will allow you to read the contents of that file.
[[Image:symbolic-chart.png|thumb|right|550px|Examples of adding, removing and setting permissions using the '''chmod''' command with the '''Symbolic''' method.]]
* If you have '''write''' permission for a '''file''': the OS kernel will allow you to make changes to the contents of that file.


No permission implies any other permission. For example having write permission does not imply you have read permission, even though you might feel that you should.


'''<span style="font-style:italic">Symbolic Method:</span>'''
The '''execute''' permission is more complicated.


The chmod can use '''symbols''' to ''add'', ''remove'', and ''set'' <span style="font-family:courier;font-weight:bold;">rwx</span> permissions for the '''user''',<br>'''same group members''', and/or o'''ther group members''' for a directory or reqular file.
Remember that on Linux file extensions don't make much difference. In Windows the operating system will attempt to execute anything with an .exe extension that you double-click on. Linux will refuse to execute any file which doesn't have execute permission.
<br><br><br><br>
'''<span style="font-style:italic">Octal (Absolute) Method:</span>'''
[[Image:octal-permissions.png|thumb|right|150px|Using octal numbers to represent setting file permissions.]]
You can also use '''octal numbers''' to '''set''' permissions. This method is a short-cut and may require less typing than using the ''symbolic'' method. You can only use this method to set file permissions (as opposed to ''add'' or ''remove'' permissions.


Since 1 octal digit represents 3 binary digits, one octal digit can represent the <span style="font-family:courier;font-weight:bold;">rwx</span> permission granted or NOT granted. The permissions '''rwx''' are be in the form of 3 binary digits (1 represents the permission granted and 0 represents the permission NOT granted).
On the surface it seems simple. You either are are are not allowed to execute a file. But the complications are in the details. What exactly does it mean to "execute" a file? Different people will have different answers to that question.


'''NOTE:''' You can use the '''-R''' option to set permissions for directory, subdirectory and directory contents '''recursively'''.
The easiest way to think about the execute permission on a file is as a hint: if this file has execute permissions: it is a program that's intended to be executed. If it doesn't have execute permissions: you are not meant to try to execute it, though if you really wanted to: you probably could figure out how to do it.
<br><br><br>
'''Setting Permissions for Newly-Created Directories and Regular Files (umask):'''


<table align="right"><tr><td>[[Image:umask-directory.png|thumb|right|150px|Setting '''umask''' for newly-created '''directories'''.]]</td><td>[[Image:umask-file.png|thumb|right|150px|Setting '''umask''' for newly-created '''regular files''']]</td></tr></table>
The read and write permissions are used to secure access to files. The execute permission is just a convenience.
The '''umask''' command is used to set the permissions of newly-created directories and regular files.


== Permissions for directories ==
Read, write, and execute permissions on directories are intuitive for some people, but for everyone they will make more sense if they begin their understanding by thinking of the concept of a file/directory on a filesystem.


Issuing the '''umask''' command without arguments will display the current umask value.
Remember that there's a difference between the '''file's records''' (e.g. name, size, modification date, permissions) and the '''file's actual contents'''.  
Refer to the diagrams on the right-side to set the umask value for directories and regular files.
Setting the umask value (for example umask 022) only takes effect for the current shell session unless the umask command is contained in a start-up file<br>(e.g. '''.profile''', '''.bash_profile''', or '''.bashrc''').
<br><br>


=INVESTIGATION 1: NUMBERING CONVERSIONS=
* For a file: its the contents are the bytes representing the text, image, or whatever data is in the file.
* For a directory: its contents are the records of the files/directories contained inside that directory. Not the contents of those files/directories, but only their records.


<span style="color:red;">'''ATTENTION''': This online tutorial will be required to be completed by '''Friday in week 5 by midnight''' to obtain a grade of '''2%''' towards this course</span><br><br>
With that in mind:


For this investigation, we will NOT be logged into our Matrix account, but it is recommended to have an '''MS Word document'''<br>open to manually perform numbering conversions.
* If you have the '''read''' permission on a '''directory''': you will be allowed to read its contents, meaning: see what's inside the directory.
* If you have the '''write''' permission on a '''directory''': you will be allowed to modify its contents, for example by copying a file into that directory, or deleting a file from that directory, or renaming a file in that directory.


<span style="color:blue;">'''NOTE:''' It is essential that you learn how to <u>manually</u> perform numbering conversions since you will NOT be permitted to perform quizzes, midterm, or your final exam with a computer or a calculator. Learning to quickly perform manual numbering conversions will make IT professional more productive such as setting permissions, designing computer networks, or selecting complex colors when developing webpages.</span>
As with files, the '''execute''' permission for directories is more complicated.


[[Image:calc-check.png|thumb|right|200px|Only use a calculator to check your numbering conversion '''AFTER''' you have performed the operation '''manually'''. ]]
In most cases this is the simplest way to think of execute permissions:
You will now get practice performing numbering conversions.


* If you give a directory read or write permissions: give it execute permissions too.
* If you give a directory '''only execute''' permissions: you won't be able to read that directory's contents but can "get to" the directory's contents. For example:
** Open a file in that directory if you already know that file's name,
** Cd to a directory inside this directory, if you already know that directory's name


'''Perform the Following Steps:'''
= File ownership; user, group, others =
On a POSIX filesystem each file record specifies a user who is the owner of that file, and a group who is the owner of that file.


# Let's convert the following binary number '''10111110''' to a '''<u>decimal number</u>'''.<br><br><span style="color:blue;">'''NOTE:''' It is important to learn and '''memorize''' the '''correct methods''' to perform the<br>proper numbering conversion method (i.e. view '''method 1''' above (drawing the L's).</span><br><br>
The '''user''' who creates a file is automatically the owner of that file.  
# Write the manual conversion either in your MS Word document.<br><br>
# Use a '''calculator''' to check your work. In MS Windows, you can set the calculator to Programming mode<br>by making the selection to '''binary''', enter the binary number '''10111110''' and view the decimal equivalent.<br><br>Did you get the correct answer? If not, <u>retry</u> the method and check to see what you did wrong.<br><br>
# Perform a manual conversion of the '''decimal number 55''' to a '''<u>binary number</u>'''.<br>What method (displayed above) will you use? Use a calculator to check your work.<br><br>
# Perform a manual conversion of the '''octal number 461''' to a '''<u>binary number</u>'''.<br>What method (displayed above) will you use? Use a calculator to check your work.<br><br>
# Perform a manual conversion of the '''binary number 11110001''' to a '''<u>hexadecimal number</u>'''.<br>What method (displayed above) will you use? Use a calculator to check your work.<br><br>
# Perform a manual conversion of the '''hexadecimal number ABC''' to a '''<u>binary number</u>'''.<br>What method (displayed above) will you use? Use a calculator to check your work.<br><br>
# Perform a manual conversion of the '''binary number 10101111''' to an '''<u>octal number</u>'''.<br>What method (displayed above) will you use? Use a calculator to check your work.<br><br>
# Perform a manual conversion of the same '''binary number 10101111''' to a '''<u>hexadecimal number</u>'''.<br>What method (displayed above) will you use? Use a calculator to check your work.<br><br>
# Perform a manual conversion of the '''octal number 5636''' to a '''<u>hexadecimal number</u>'''.<br>What method (displayed above) will you use? Use a calculator to check your work.<br><br>
# Perform a manual conversion of the '''hexadecimal number D68''' to an '''<u>octal number</u>'''.<br>What method (displayed above) will you use? Use a calculator to check your work.<br><br>
# When you have performed all of the numbering conversions above, then you can proceed to the next INVESTIGATION.<br><br>


=INVESTIGATION 2: FILE PERMISSIONS=
That user will be a member of a group, and by default the '''group''' owner of the created file will be that group.


[[Image:file-permission-practice-1.png|right|250px|thumb|]]
Only the system administrator can change the owner of a file. The owner of the file can only change the group owner of a file if they are a member of the new group.
In this investigation, you will get experience using the '''chmod''' command to '''change permissions'''<br>for <u> existing</u> files and the using '''umask''' command to automatically set permissions<br>for <u>newly-created</u> files.


From an ownership/permissions point of view: if someone is not the owner, and they're not part of the group owner: they are classed as "'''others'''".


'''Perform the Following Steps:'''
= Putting it all together =
Each file/directory record on your filesystem has 9 permission bits. The permission bits are shown when you run '''ls -l''', but instead of showing 1s and 0s it shows the meaning of those bits:


# '''Login''' to your matrix account and issue a command to '''confirm''' you are located in your '''home''' directory.<br><br>
* '''r''' for read, '''w''' for write, and '''x''' for execute if that permission is granted
# Issue a single Linux command to create the following directory structure displayed in the diagram to the right.<br><br>'''NOTE:''' You will now run a shell script to confirm that you properly created that directory structure<br>in your ''Matrix'' account.<br><br>
* '''-''' if that permission is denied
# Issue the following Linux command to run a checking script:<br><span style="color:blue;font-weight:bold;font-family:courier;">~uli101/week4-check-1</span><br><br>
# If you encounter errors, make corrections and '''re-run''' the checking script until you<br>receive a congratulations message, then you can proceed.<br><br>[[Image:file-permission-practice-2.png|right|450px|thumb|]]
# Issue Linux commands to create '''<u>empty</u> files''' for each of those newly created '''directories''' as shown in diagram to the right:<br><br>'''NOTE:''' You will now run another shell script to confirm that you properly created those empty files within those specified directories.<br><br>
# Issue the following Linux command to run a checking script:<br><span style="color:blue;font-weight:bold;font-family:courier;">~uli101/week4-check-2</span><br><br>
# If you encounter errors, make corrections and '''re-run''' the checking script until you<br>receive a congratulations message, then continue the remaining steps.<br><br>Let's get practice '''viewing permissions''', '''changing permissions''', and <u>automatically</u> '''setting permissions for newly created files'''.<br><br>
# Issue the following Linux commands:<br><span style="color:blue;font-weight:bold;font-family:courier;">ls -ld ~/documents ~/clients ~/vendors<br>ls -lR ~/documents ~/clients ~/vendors</span><br><br>'''NOTE:''' You should see permissions already set for those newly created directories and regular files.<br>What do these permissions mean for '''same group member''' and '''other group member''' access to those directory and regular files?<br><br>
# Let's limit access to the '''clients''' and '''vendors''' directories to only yourself and same group members.<br>Issue the following Linux command:<br><span style="color:blue;font-weight:bold;font-family:courier;">chmod 750 ~/clients ~/vendors</span><br><br>
# Issue the '''ls -ld''' and '''ls -lR''' commands (as you did in ''step #8'') to confirm that the permissions for those directories have been changed.<br><br>'''NOTE:''' The '''-R''' option for the '''chmod''' command can change the file permissions <u>recursively</u> within a directory structure.<br><br>
# Issue the following Linux command: <span style="color:blue;font-weight:bold;font-family:courier;">chmod 750 -R ~/documents</span><br><br>
# Issue the '''ls -ld''' command to confirm the permissions for the<br>'''~/documents''', '''~/document/memos''' , '''~/documents/reports''', and '''~/documents/contracts''' directories.<br><br>
# Issue the following Linux command: <span style="color:blue;font-weight:bold;font-family:courier;">ls -lR ~/documents</span><br>What do you noticed happened to the permissions for the regular files contained in those directories.<br>Did those regular file permissions change?<br><br>We will now change permissions for regular text file contained in subdirectories<br>of the '''documents''' directory to: <span style="font-weight:bold;font-family:courier;">r w - r - - - - -</span><br><br>
# Issue the following Linux commands: <br><span style="color:blue;font-weight:bold;font-family:courier;">chmod 640 ~/documents/memos/memo*.txt<br>chmod 640 ~/documents/reports/report*.txt<br>chmod 640 ~/documents/contracts/contract*.txt</span><br><br>
# Issue the <span style="font-weight:bold;font-family:courier;">ls -lR</span> command for the '''~/documents''' directory to confirm that those regular file permission have changed.<br><br>Let's run a checking script to make certain you correctly set permissions for those directories and files.<br><br>
# Issue the following: <span style="color:blue;font-weight:bold;font-family:courier;">~uli101/week4-check-3</span><br><br>
# If you encounter errors, make corrections and then re-run the checking script until you receive a congratulations message<br>and then continue with this tutorial.<br><br>Let's get some practice setting permissions to allow users to make editing changes to regular files.<br><br>
# Issue the following Linux command: <span style="color:blue;font-weight:bold;font-family:courier;">chmod ugo-w ~/documents/memos/memo*.txt</span><br><br>
# Use the <span style="font-weight:bold;font-family:courier;">ls</span> command to verify that those regular file's permissions have changed.<br><br>
# Using the nano or vi text editor, open the regular file '''~/documents/memos/memo1.txt'''<br>and type in some text and try to save your editing changes.<br>What happened?<br><br>
# To <u>'''abort'''</u> your editing session in '''vi''': type <span style="color:blue;font-weight:bold;font-family:courier;">:q!</span> and press '''ENTER'''.<br>To <u>'''abort'''</u> your editing changes in '''nano''': type <span style="color:blue;font-weight:bold;font-family:courier;">ctrl-x</span><br>type <span style="color:blue;font-weight:bold;font-family:courier;">n</span> and then press '''ENTER''' when prompted to save editing changes.<br><br>
# Issue the following Linux command to add write permissions for all files in the '''memos''' directory<br>for yourself (i.e. user): <span style="color:blue;font-weight:bold;font-family:courier;">chmod u+w ~/documents/memos/*</span><br><br>
# Repeat steps to edit the file '''~/documents/memos/memo1.txt''' (as you did in ''step #20'').<br>Were you able to edit the file and save your editing changes?<br><br>
# Issue a Linux command to view the <u>contents</u> of the '''~/documents/memos/memo1.txt'''<br>text file that you were able to edit.<br><br>
# Issue the following Linux command to view permissions for your '''home''' directory: <span style="color:blue;font-weight:bold;font-family:courier;">ls -ld ~</span><br><br>What does execute permissions mean for same group members and other group members<br>in terms of your '''home''' directory?<br><br>
# Issue the following Linux command to create a new subdirectory: <span style="color:blue;font-weight:bold;font-family:courier;">mkdir ~/shared</span><br><br>
# Issue the following Linux command: <span style="color:blue;font-weight:bold;font-family:courier;">ls -ld ~/shared</span><br><br>What are the permissions for this newly-created directory?<br>Can other users access the directory pathname '''<span style="font-family:courier">~youruserid/shared</span>''' ?<br><br>
# Issue the following Linux command (without an argument): <span style="color:blue;font-weight:bold;font-family:courier;">umask</span><br><br>'''NOTE:''' You should see a '''four-digit octal''' number. Drop the leading zero on the left to obtain the '''default umask value'''.<br><br>
# Perform a '''mathematical calculation''' by taking the octal number '''777''' and <u>subtracting</u><br>the default umask value you determined in the previous step. What is the result?<br><br>
# Convert that octal number result to a '''binary''' number. What does that represent as newly created directory permissions?<br>Does that correspond to the permissions for the newly created '''~/shared''' directory?<br><br>
# Repeat the calculation (like in step #28) but with a umask setting of '''077''' to see how this new umask setting would<br>affect permissions of newly-created directories.<br><br>
# Issue the following Linux command: <span style="color:blue;font-weight:bold;font-family:courier;">umask 077</span><br><br>
# Issue the following Linux command (without arguments): <span style="color:blue;font-weight:bold;font-family:courier;">umask</span><br><br>NOTE: You should notice the value '''0077'''. By dropping the leading zero to the left,<br> that would provide the default '''umask value of 077'''.<br><br>
# Issue the following Linux command: <span style="color:blue;font-weight:bold;font-family:courier;">mkdir ~/shared2</span><br><br>
# Issue the following Linux command: <span style="color:blue;font-weight:bold;font-family:courier;">ls -ld ~/shared2</span><br><br>Do the permissions for this newly created directory match the predicted permissions that you calculated in '''step #30'''?<br><br>
# Issue the following Linux command to create an empty regular file called '''myfile.txt''' in the '''~/shared2''' directory:<br> <span style="color:blue;font-weight:bold;font-family:courier;">touch ~/shared2/myfile.txt</span><br><br>
# Use the <span style="font-weight:bold;font-family:courier;">ls -l</span> command to view the permissions for this newly created regular file.<br><br>What do you notice about those permissions?<br><br>Let's run a checking script to make certain you correctly set permissions for those recently-created directories and files.<br><br>
# Issue the following: <span style="color:blue;font-weight:bold;font-family:courier;">~uli101/week4-check-4</span><br><br>If you encounter errors, make corrections and then re-run the checking script until you receive a congratulations message<br>and then continue with this tutorial.<br><br>
# Logout of your Matrix account, and then log-back into your Matrix account.<br><br>
# Issue the following Linux command (without arguments): <span style="color:blue;font-weight:bold;font-family:courier;">umask</span><br><br>What happened? Referring to your notes, what do you need to do to make that umask value persistent?<br><br><span style="color:red;">'''WARNING''':<br>You should be <u>extremely</u> aware of your permissions since you may perform '''marked work''' for <u>other</u> courses on your '''Matrix''' server.<br>You should NOT set permissions to share your work with '''same group''' or '''other group''' members (unless given '''specific permissions instructions from your course professors'''). If students can have access to your directories and project files, they could '''copy''' your work and thus make yourself and other student(s) that copied your work to be charged with '''academic dishonesty'''.</span><br><br>
: Complete the Review Questions sections to get additional practice.<br><br>


= LINUX PRACTICE QUESTIONS =
== Permissions for files ==
[[File:FilePermissions.png|center]]


The purpose of this section is to obtain extra practice to help with your quizzes, your midterm, and your final exam.
== Permissions for directories ==
[[File:DirectoryPermissions.png|center]]


Here is a link to the MS Word Document of ALL of the questions displayed below but with extra room to answer on the document to
= Examples =
simulate a quiz:


https://wiki.cdot.senecacollege.ca/uli101/files/uli101_week4_practice.docx
* Download this tarball for practice in this lab [http://ops345.ca/ops145/SamplePermissions.tar.xz SamplePermissions.tar.xz] and extract it into your downloads directory so that you'll end up with a ~/Downloads/SamplePermissions directory.
* Create another user on your workstation. The extra user will also help with the practice:<syntaxhighlight lang="bash">
sudo adduser joe --uid 1145
# put in your own password at the sudo prompt
# put in any password you like for the new user joe
# press enter to accept the defaults for all the other questions
</syntaxhighlight>
* In a terminal change to that directory, and run '''ls -l'''
[[File:SamplePermissions.png|center]]


Your instructor may take-up these questions during class. It is up to the student to attend classes in order to obtain the answers to the following questions. Your instructor will NOT provide these answers in any other form (eg. e-mail, etc).
* Ignore for now the first character in the ls -l output, it has nothing to do with permissions.


* Here are examples of ways to check whether permissions set on these files work:
** Run '''cat <nameofthefile>''' to read its contents
** Open the text file in a '''graphical text editor''', make some changes, and attempt to save your changes.
** Run '''./<nameofthescript>.sh''' to attempt to execute that script.
** Run '''mv <originalnameoffile> <newnameoffile>''' to attempt to rename
* Answer the following questions first, and then check whether you were correct.
*# Which of the files can you read?
*# Which of the files can you change the contents of?
*# If you are unable to change the contents of a file, can you still rename that file? Does that change its permissions?
*# Which of the files can you execute?
*# Which subdirectories can you '''cd''' into?
*# Which subdirectories can you see the contents of?
*# Both the NotAllowed and SortOfAllowed directories contain a file called ForThoseWhoKnow.txt - can you read its contents?
* Open a second terminal window, and switch to the '''joe''' user in that terminal using the '''su''' command:<syntaxhighlight lang="bash">
su joe
</syntaxhighlight>In that one window you are not your regular user, you are joe and you only have the privileges that joe has.
*As joe, change to the JoePractice directory. Answer the following questions first, and then check whether you were correct.
*#Who owns all the contents of this directory?
*#Which of the files can you read? Which of the files can Joe read?
*# Are there any files joe can read but you cannot?
* Close the second terminal.
You are the '''owner''' of the files, and joe (not being part of your group) has the permission of '''others'''.


'''Review Questions:'''
= Changing permissions with chmod using octal notation =
Once you understand how permissions work: you can start changing them to accomplish security goals. The POSIX permissions system is relatively rudimentary, but it can still be used on its own to secure files on a server which is accessed by many people.


# List the number of digits for the following numbering systems:<ul><li>'''Decimal'''</li><li>'''Binary'''</li><li>'''Octal'''</li><li>'''Hexadecimal'''</li></ul><br>
* Create a directory named lab4 inside your home directory.
# Write a simple chart to show which values are represented for letter '''A - F''' for a hexadecimal number.
* Use the graphical file manager and graphical archive manager to extract another copy of the SampleFiles directory and all its contents into ~/lab4
# How many '''binary''' digits does 1 octal digit represent?
* Change your present working directory to ~/lab4/SamplePermissions in your terminal.
# How many '''binary''' digits does 1 hexadecimal digit represent?[[Image:number-conversion-chart.png|right|450px|thumb|]]
* Use chmod to allow yourself [you are the file owner] to '''read''' the file DontReadMe.txt:<syntaxhighlight lang="bash">
# Use '''manual numbering conversion''' to complete the table displayed to the right.
chmod 400 DontReadMe.txt
</syntaxhighlight>
* Test (using cat) that your new permissions work as expected.
* Use chmod to allow yourself to '''read and write''' to the file DontChangeMe.txt:<syntaxhighlight lang="bash">
chmod 600 DontChangeMe.txt
</syntaxhighlight>
*Test (using a graphical text editor) that your new permissions work as expected.
*Use chmod to allow yourself to '''read and write and execute''' the file DontRunMe.sh:<syntaxhighlight lang="bash">
chmod 700 DontRunMe.sh
</syntaxhighlight>
*Test that your new permissions work as expected by executing the DontRunme.sh script.
*Use chmod to allow yourself to '''see the contents''' of the SortOfAllowed directory:<syntaxhighlight lang="bash">
chmod 500 SortOfAllowed/
</syntaxhighlight>
*Test (using ls) that your new permissions work as expected.
*Use chmod to allow yourself to '''see and modify the contents''' of the SortOfAllowed directory:<syntaxhighlight lang="bash">
chmod 700 NotAllowed/
</syntaxhighlight>
*Test (using ls) that you can see the contents of NotAllowed, and test (using cp or mv or mkdir) that you can make changes to the contents of NotAllowed.
Note that in all the permissions above only the owner gets some particular permissions. The group and everyone else get no permissions (0). You can check that by trying to read or execute any of these files as the user joe.


* Keep your PWD as ~/lab4/SamplePermissions and use chmod to allow everyone who's not you (including joe) to '''read''' the file DraftToBoss.txt:<syntaxhighlight lang="bash">
chmod 604 JoePractice/DraftToBoss.txt
</syntaxhighlight>
* Open a second terminal, cd to ~/lab4/SamplePermissions/JoePractice and switch to the joe user in that second terminal.
* Confirm (using cat) that joe can now read the DraftToBoss.txt file.


<ol><li value="6">Write the '''chmod''' command (using the ''symbolic'' method) to set “'''pass-through'''” permissions<br>(eg. <span style="font-family:courier;font-weight:bold;">r w x - - x - - x</span>) for your '''home''' directory using an '''absolute pathname'''.<br>Write a Linux command to verify that permissions where set.<br><br><br></li><li>Perform a binary to octal numbering conversion for the permissions: '''r w x - - x - - x'''<br>Write single Linux command to set “'''pass-through'''” permissions for your '''home''' directory,<br>using the '''absolute method''' (i.e. octal numbers).<br><br></li><li>Write a single Linux command to '''add read permissions''' for '''same group members''' for the '''~/tests''' directory.<br><br></li><li>Write a single Linux command to '''remove write permissions''' for '''same group members'''<br>and '''other group members''' for the '''~/projects''' directory. Use the ''symbolic'' method.<br><br></li><li>Write a single Linux command to set the permissions for the '''~/assignments''' directory<br> to the following using the '''absolute''' method (i.e. octal numbers): '''r w x r - x - - x''' <br>Show your work to perform a '''binary''' to '''octal''' conversion.<br>Write the command below using octal numbers and using a relative-to-home pathname.<br><br></li><li>Assume that you just issued the command:<br>
= Changing permissions with chmod using symbolic notation =
<span style="font-family:courier;font-weight:bold">chmod u=rwx,go=x ~/linux/content</span><br>What would be the new permissions for the “'''content'''” directory?<br><br></li><li>Assume that you just issued the commands:<br><span style="font-family:courier;font-weight:bold;">umask 077<br>mkdir mydir<br>touch mydir/myfile.txt<br></span><br>What would be the permissions for the newly created '''directory''' and '''regular file'''?<br>(show your work)
Specifying permissions as a number is very efficient if you know exactly what nine permissions you want the file/directory to have.
</li></ol>


Sometimes you just need to change one particular permission, in which case it's easier to use the symbolic notation. The chmod command is invoked the same way, but instead of the numeric permissions it's a combination of letter codes:
[[File:SymbolicPermissions.png|center]]




_________________________________________________________________________________
There are too many combinations to remember at this time, so we'll just look at a couple of examples.


Author: Murray Saul
* In your terminal change to ~/lab4/SamplePermissions and run '''ls -l''' to confirm that the group has no permissions to any files or directories in there:


License: LGPL version 3
[[File:GroupHasNoPermissions.png|center]]
Link:    https://www.gnu.org/licenses/lgpl.html


_________________________________________________________________________________
* Use the chmod command with symbolic permissions to give the '''group''' owner '''execute''' permissions for the shell scripts, without modifying any of the other permissions:<syntaxhighlight lang="bash">
chmod g+x RunMe.sh DontRunMe.sh
</syntaxhighlight>Note that you can change permissions on more than one file at the same time, as long as you want the same thing done to all the files.
*Confirm using ls -l that the permissions were changed as you exptected.
*Use the chmod command with symbolic permissions to give the '''group''' owner '''read''' permissions for all the text files, without modifying any of the other permissions:<syntaxhighlight lang="bash">
chmod g+r *.txt
</syntaxhighlight>The '''*.txt''' is a little new: it's the same * wildcard you've used in the last lab. We'll spend more time on wildcards in a later lab.
*Confirm using ls -l that the permissions were changed as you exptected.
*Use the chmod command with symbolic permissions to give the '''group''' owner read and write and execute permissions to the JoePractice and NotAllowed directories, without modifying any of the other permissions:<syntaxhighlight lang="bash">
chmod g+rwx JoePractice/ NotAllowed/
</syntaxhighlight>
*Confirm using ls -l that the permissions were changed as you exptected.
Your permissions should look like this by now:
[[File:ChangingPermissionsDone.png|center]]




In many environments the group owner typically has the same permissions for files as the user owner. But that sort of decision needs to be made on a case-by-case basis.


= Submit evidence of your work =
After you finish the lab: run the following commands to submit your work:<syntaxhighlight lang="bash">
cd ~
wget http://ops345.ca/check/ops145-lab4-check.sh
chmod 700 ops145-lab4-check.sh
./ops145-lab4-check.sh
</syntaxhighlight>If it says "Your lab3 has been submitted": make a screenshot, and you're done. If it gives you any warnings or errors: you have to fix them and try the ./ops145-lab4-check.sh command again.


[[Category:OPS145]]
[[Category:OPS145]]

Revision as of 01:02, 4 February 2024

Binary review

Go back and review the binary stuff we looked at in the course introduction.

This lab is about POSIX permissions, and you need to be completely comfortable with binary-to-decimal and decimal-to-binary conversion from 000 to 111 (decimal 0 to 7).

Here's a summary of the absolute minimum you need to remember from that:

Binary Decimal
000 0+0+0=0
001 0+0+1=1
010 0+2+0=2
011 0+2+1=3
100 4+0+0=4
101 4+0+1=5
110 4+2+0=6
111 4+2+1=7

Read, Write, Execute (rwx) permissions

On a Linux filesystem every file and directory has 9 bits of information allocated for reording basic permissions. Those 9 bits are split into three groups of 3 bits.

Each group of 3 bits records whether the following permissions are granted:

  • read permission (most significant bit, on the left, decimal 4)
  • write permission (second bit, in the middle, decimal 2)
  • execute permission (least significant bit, on the right, decimal 1)

These are usually called "octal" rather than decimal, but I suspect you won't find any value in that extra complication, so you can just think of them as decimal numbers.

Permissions for files

The read and write permissions for files are pretty self-explanatory:

  • If you have read permission for a file: the operating system kernel will allow you to read the contents of that file.
  • If you have write permission for a file: the OS kernel will allow you to make changes to the contents of that file.

No permission implies any other permission. For example having write permission does not imply you have read permission, even though you might feel that you should.

The execute permission is more complicated.

Remember that on Linux file extensions don't make much difference. In Windows the operating system will attempt to execute anything with an .exe extension that you double-click on. Linux will refuse to execute any file which doesn't have execute permission.

On the surface it seems simple. You either are are are not allowed to execute a file. But the complications are in the details. What exactly does it mean to "execute" a file? Different people will have different answers to that question.

The easiest way to think about the execute permission on a file is as a hint: if this file has execute permissions: it is a program that's intended to be executed. If it doesn't have execute permissions: you are not meant to try to execute it, though if you really wanted to: you probably could figure out how to do it.

The read and write permissions are used to secure access to files. The execute permission is just a convenience.

Permissions for directories

Read, write, and execute permissions on directories are intuitive for some people, but for everyone they will make more sense if they begin their understanding by thinking of the concept of a file/directory on a filesystem.

Remember that there's a difference between the file's records (e.g. name, size, modification date, permissions) and the file's actual contents.

  • For a file: its the contents are the bytes representing the text, image, or whatever data is in the file.
  • For a directory: its contents are the records of the files/directories contained inside that directory. Not the contents of those files/directories, but only their records.

With that in mind:

  • If you have the read permission on a directory: you will be allowed to read its contents, meaning: see what's inside the directory.
  • If you have the write permission on a directory: you will be allowed to modify its contents, for example by copying a file into that directory, or deleting a file from that directory, or renaming a file in that directory.

As with files, the execute permission for directories is more complicated.

In most cases this is the simplest way to think of execute permissions:

  • If you give a directory read or write permissions: give it execute permissions too.
  • If you give a directory only execute permissions: you won't be able to read that directory's contents but can "get to" the directory's contents. For example:
    • Open a file in that directory if you already know that file's name,
    • Cd to a directory inside this directory, if you already know that directory's name

File ownership; user, group, others

On a POSIX filesystem each file record specifies a user who is the owner of that file, and a group who is the owner of that file.

The user who creates a file is automatically the owner of that file.

That user will be a member of a group, and by default the group owner of the created file will be that group.

Only the system administrator can change the owner of a file. The owner of the file can only change the group owner of a file if they are a member of the new group.

From an ownership/permissions point of view: if someone is not the owner, and they're not part of the group owner: they are classed as "others".

Putting it all together

Each file/directory record on your filesystem has 9 permission bits. The permission bits are shown when you run ls -l, but instead of showing 1s and 0s it shows the meaning of those bits:

  • r for read, w for write, and x for execute if that permission is granted
  • - if that permission is denied

Permissions for files

FilePermissions.png

Permissions for directories

DirectoryPermissions.png

Examples

  • Download this tarball for practice in this lab SamplePermissions.tar.xz and extract it into your downloads directory so that you'll end up with a ~/Downloads/SamplePermissions directory.
  • Create another user on your workstation. The extra user will also help with the practice:
    sudo adduser joe --uid 1145
# put in your own password at the sudo prompt
# put in any password you like for the new user joe
# press enter to accept the defaults for all the other questions
  • In a terminal change to that directory, and run ls -l
SamplePermissions.png
  • Ignore for now the first character in the ls -l output, it has nothing to do with permissions.
  • Here are examples of ways to check whether permissions set on these files work:
    • Run cat <nameofthefile> to read its contents
    • Open the text file in a graphical text editor, make some changes, and attempt to save your changes.
    • Run ./<nameofthescript>.sh to attempt to execute that script.
    • Run mv <originalnameoffile> <newnameoffile> to attempt to rename
  • Answer the following questions first, and then check whether you were correct.
    1. Which of the files can you read?
    2. Which of the files can you change the contents of?
    3. If you are unable to change the contents of a file, can you still rename that file? Does that change its permissions?
    4. Which of the files can you execute?
    5. Which subdirectories can you cd into?
    6. Which subdirectories can you see the contents of?
    7. Both the NotAllowed and SortOfAllowed directories contain a file called ForThoseWhoKnow.txt - can you read its contents?
  • Open a second terminal window, and switch to the joe user in that terminal using the su command:
    su joe
    In that one window you are not your regular user, you are joe and you only have the privileges that joe has.
  • As joe, change to the JoePractice directory. Answer the following questions first, and then check whether you were correct.
    1. Who owns all the contents of this directory?
    2. Which of the files can you read? Which of the files can Joe read?
    3. Are there any files joe can read but you cannot?
  • Close the second terminal.

You are the owner of the files, and joe (not being part of your group) has the permission of others.

Changing permissions with chmod using octal notation

Once you understand how permissions work: you can start changing them to accomplish security goals. The POSIX permissions system is relatively rudimentary, but it can still be used on its own to secure files on a server which is accessed by many people.

  • Create a directory named lab4 inside your home directory.
  • Use the graphical file manager and graphical archive manager to extract another copy of the SampleFiles directory and all its contents into ~/lab4
  • Change your present working directory to ~/lab4/SamplePermissions in your terminal.
  • Use chmod to allow yourself [you are the file owner] to read the file DontReadMe.txt:
    chmod 400 DontReadMe.txt
  • Test (using cat) that your new permissions work as expected.
  • Use chmod to allow yourself to read and write to the file DontChangeMe.txt:
    chmod 600 DontChangeMe.txt
  • Test (using a graphical text editor) that your new permissions work as expected.
  • Use chmod to allow yourself to read and write and execute the file DontRunMe.sh:
    chmod 700 DontRunMe.sh
  • Test that your new permissions work as expected by executing the DontRunme.sh script.
  • Use chmod to allow yourself to see the contents of the SortOfAllowed directory:
    chmod 500 SortOfAllowed/
  • Test (using ls) that your new permissions work as expected.
  • Use chmod to allow yourself to see and modify the contents of the SortOfAllowed directory:
    chmod 700 NotAllowed/
  • Test (using ls) that you can see the contents of NotAllowed, and test (using cp or mv or mkdir) that you can make changes to the contents of NotAllowed.

Note that in all the permissions above only the owner gets some particular permissions. The group and everyone else get no permissions (0). You can check that by trying to read or execute any of these files as the user joe.

  • Keep your PWD as ~/lab4/SamplePermissions and use chmod to allow everyone who's not you (including joe) to read the file DraftToBoss.txt:
    chmod 604 JoePractice/DraftToBoss.txt
  • Open a second terminal, cd to ~/lab4/SamplePermissions/JoePractice and switch to the joe user in that second terminal.
  • Confirm (using cat) that joe can now read the DraftToBoss.txt file.

Changing permissions with chmod using symbolic notation

Specifying permissions as a number is very efficient if you know exactly what nine permissions you want the file/directory to have.

Sometimes you just need to change one particular permission, in which case it's easier to use the symbolic notation. The chmod command is invoked the same way, but instead of the numeric permissions it's a combination of letter codes:

SymbolicPermissions.png


There are too many combinations to remember at this time, so we'll just look at a couple of examples.

  • In your terminal change to ~/lab4/SamplePermissions and run ls -l to confirm that the group has no permissions to any files or directories in there:
GroupHasNoPermissions.png
  • Use the chmod command with symbolic permissions to give the group owner execute permissions for the shell scripts, without modifying any of the other permissions:
    chmod g+x RunMe.sh DontRunMe.sh
    Note that you can change permissions on more than one file at the same time, as long as you want the same thing done to all the files.
  • Confirm using ls -l that the permissions were changed as you exptected.
  • Use the chmod command with symbolic permissions to give the group owner read permissions for all the text files, without modifying any of the other permissions:
    chmod g+r *.txt
    The *.txt is a little new: it's the same * wildcard you've used in the last lab. We'll spend more time on wildcards in a later lab.
  • Confirm using ls -l that the permissions were changed as you exptected.
  • Use the chmod command with symbolic permissions to give the group owner read and write and execute permissions to the JoePractice and NotAllowed directories, without modifying any of the other permissions:
    chmod g+rwx JoePractice/ NotAllowed/
  • Confirm using ls -l that the permissions were changed as you exptected.

Your permissions should look like this by now:

ChangingPermissionsDone.png


In many environments the group owner typically has the same permissions for files as the user owner. But that sort of decision needs to be made on a case-by-case basis.

Submit evidence of your work

After you finish the lab: run the following commands to submit your work:

cd ~
wget http://ops345.ca/check/ops145-lab4-check.sh
chmod 700 ops145-lab4-check.sh
./ops145-lab4-check.sh

If it says "Your lab3 has been submitted": make a screenshot, and you're done. If it gives you any warnings or errors: you have to fix them and try the ./ops145-lab4-check.sh command again.

Retrieved from "http://wiki.littlesvr.ca/w/index.php?title=OPS145_Lab_4&oldid=1264"