CS计算机代考程序代写 c++ CS246-F20-01-UnixShell

CS246-F20-01-UnixShell

Lecture 1.12

• UNIX file permissions

• chgrp and chmod

CS246

UNIX file permissions
• Each file/dir in UNIX has three sets of access permissions that

define how each of three different classes of users may access it:
User the userID that owns the file
Group the UNIX group associated with the file
Other everyone else (who has an account on this machine)

• A UNIX group is an “arbitrary” collection of userIDs that make sense
in some organizational context
– Groups are defined in a single place under admin (root) control
– A user can belong to multiple groups

e.g., research group, ad hoc project, top secret project, bowling league scores, …
– We won’t worry too much about groups, … in practice, group

permissions for a file are usually the same as “other”

UNIX file permissions
• For each file and for each user kind, there are three

permissions that can be allowed or not:
– Read, write, execute

• For normal files:
– Read/write means that kind of user can read/write the file
– Execute means “allowed to be run as a program”

• The file should be a shell script or a binary executable for this to be sensible

• For directories:
– Read means the user can ask what files are in the directory (“ls”)
– Write means the user can add / delete files (and dirs) in the directory
– Execute means the user can “cd” into that directory

• But “ls” works only if “read” is also permitted

• To see the permissions, do “ls –l”:

drwxr-x— 2 jfdoe cs138staff 4096 Oct 19 18:19 cs138/
drwxr-x— 2 jfdoe jfdoe 4096 Oct 21 08:51 cs247/
-rw——- 1 jfdoe jfdoe 22714 Oct 21 08:50 test.cc
-rw——- 1 jfdoe jfdoe 63332 Oct 21 08:50 notes.tex

• Again, the columns are:
– permissions, #-of-hard-links (ignore this), owner’s user ID, group ID, file

size in bytes (ignore for directories), date of last change, file name

• Let’s assume I am user jfdoe

UNIX file permissions

Permissions example: Normal file

• test.cc is a (plain, old) file:
– I can read/change the contents (if I am user jfdoe)
– The .cc suffix indicates that it’s (likely) a file of C++ source code, not

a shell script or binary, so it should not be executable
– No one else can read or write it

rw- —-test.cc

Permissions example: Directory

• cs138 is a directory:
– I can navigate, ls, add/remove files from this dir (if I am user jfdoe)
– Members of the group cs138staff can navigate into it and perform

an ls command there, but may not add/remove files
– Others can’t see or enter inside this dir

cs138

File permissions
• In practice, “other” & “group” often have the same permissions

– Don’t usually give anyone but me write permission (security issue)
– May or may not give others read / execute permission, depending on

context / file contents

• Myself, I usually make:
– Research files readable, and dirs readable/executable

• So I can share info with my research group
– Teaching, email, and other personal files/dirs totally private

• You should make everything private on your UW UNIX accounts

chgrp
• chgrp changes group-name associated with a file

• Usage:
chgrp [ -R ] group-name file/directory-list

-R recursively modify the group of a directory

• Examples:
$ chgrp cs138staff cs138 # course directory
$ chgrp -R cs138staff cs138/a5 # assgt dir/files

• Must associate group along entire pathname and files

• Creating/deleting group-names is done only by sysadmin (root/sudo)

chmod

• chmod changes permissions of a file

• Usage:
chmod [ -R ] mode-list file/directory-list
-R recursively modify permissions of a directory + contents

• mode-list has the form
security-level operator permission

– Security levels are denoted by u for you (user), g for group, o for
other, a for all (ugo).

– Operator + adds permission, – removes permission, = sets permission
• Or you can use octal, if you’re a geek like me

chmod

• Elements of the mode-list are separated by commas.
chmod g-r,o-r,g-w,o-w foo
chmod go-rw foo # short form
chmod g+rx cs138
chmod -R g=rw cs138/a5

• To achieve desired access, must associate suitable
permissions along entire pathname and files
– So if a file is readable but its enclosing directory is not executable,

then you won’t be allowed to see it

Exercise
• Let’s go into the directory where I keep the web version

of the cs246 lecture slides:

$ cd ~/public_html/246/old
$ ls
total 60
drwxr-xr-x 2 migod migod 4096 Jan 15 2019 code/
-rw-r–r– 1 migod migod 32597 Aug 31 11:52 cs445-schedule.html
drwxr-xr-x 3 migod migod 4096 Aug 31 11:46 lectures/
drwxr-xr-x 2 migod migod 4096 Sep 13 07:42 migod/
drwx–x–x 3 migod migod 4096 Sep 4 15:54 savitch/
-rw-r–r– 1 migod migod 7549 Sep 13 07:44 schedule.html
$ chmod og-r schedule.html # now try to load the page
$ chmod a+r schedule.html # back to normal
$ chmod a-rwx code # now try to load sstream file
$ chmod u=rwx,go=rx code # back to normal

End

CS246