Protective Spells
Welcome back to my classroom. Again, I am Professor Meotod, and today it’s my pleasure to teach you about the various spells that protect the scrolls and files you create and own. Before we discuss what the spells are, I think it might be a good idea to review why we must use them. As some of you may know, not all mages are good. Some can be mischievous, and others, alas, actively work against us. I wish it were not so, but the choice is not mine to make. Deep in the past, the arch mages who crafted Unix trusted and relied on each other, but knew as the system grew, so would the number of people who used it. In their wisdom, they crafted several tools that we can use to ensure only the correct people are able to interact with our files.
Unix has two types of entities, users and groups. You may be familiar with the “user” entity, as you are one. A user is typically an individual with permissions to enter, or otherwise interact with the tower. Groups are collections of users, meant to provide permissions en masse. Do you belong to any groups? You can find out by muttering “groups” at the command line, and you’ll get a list of all that you belong to.
Now, as for the spells that we have at our disposal, a practical application might prove more memorable than an old fool lecturing. Lets all transport to our homes in the tower (using the ‘cd’ spell by itself will take you to your home). Inside our home directories, create a room called “class” (the proper spell would be ‘mkdir class’) and a room inside that, called “protection” (since the room will be inside class, we want to mutter ‘mkdir class/protection’). Now, lets transport to the directory (you’ve got it, ‘cd class/protection’). If that seemed to take a long time, remember that in the future, as your tutelage grows, you will learn all manner of shortcuts for doing what you just did.
Alright, in our room, if we issue an ‘ls’ spell, we see that it’s empty, which makes sense since it was just created. Let us create a scroll named “test” using the ‘touch’ spell. Mutter ‘touch test’, then issue an ls. You should see the scroll sitting there now. Be that as it may, you are still missing a great deal of information about “test”. Issue the ‘ls’ spell again, but this time append ‘-l’ to the end of it, so that the spell is ‘ls -l’. Now you should see much of what you were missing.
The first line may consist of “total 0″, which is merely referring to how much space is being taken up. Since we just created the scroll, it shouldn’t be much. Now, the next line is full of information. At the far left, you have the current file permissions of the scroll. Lets leave these for now, and also skip the second column, which will probably be a “1″, and indicates the number of hard references to the inode for that file. Dear me, I’m spouting gibberish. I’ll explain myself at a later date, I assure you. In the meantime, forward to the third column, which looks suspiciously like your name in the tower. Indeed, that column displays who owns the scroll. The next column should look somewhat familiar, as it should be the first thing you saw when you cast the ‘groups’ spell. That’s right, it reports which group the file belongs to. The next column (fifth, if you’re counting) shows how large the scroll is, in this case 0. After that comes the date and timestamp of the last time you changed the scroll. Since all you did was ‘touch’ it, it should reflect what time the tower thought it was when you created it.
Whew, that is a lot of information to take in at once. Let us step back and look at the big picture again, before delving into details once more. The ‘ls -l’ spell gives you all the information you need to know the status of any particular file in the tower at a glance. If there are multiple files, each file gets it’s own line, so that the information can be parsed easily by mages and spells alike. There also exist spells to change every bit of information on that line, as well, however only three of them deal with protection, and that’s what we’re getting into next.
Now, let us examine in detail the first column of information we got from the ‘ls -l’ spell. If your output resembles my output, and I suspect it does, it should look like this: -rw-r–r– . That may not mean much to you right now, but it actually denotes the scroll’s “permission set”, and here’s how it breaks down: “r” stands for “read access”, “w” stands for “write access”, “x” (which doesn’t show up in this case) stands for “execute access”, and “-” means “this permission isn’t set”.
The way it is displayed on the line out put, it’s all run together, and it makes it difficult for the beginning mage to analyze, so lets break it up. The very first character (the “-”) is a flag that denotes what type of file our scroll is. It’s unset, which means that it’s a normal file. We can ignore it for right now. The next three characters (”rw-”) show the permissions for the owner of the scroll, in this case, you. The middle three (”r–”)are the permissions for the group that the file belongs too (remember the fourth column from the ‘ls -l’ command?) and the last three (”r–”) are for everyone that isn’t you and who doesn’t belong to the same group as the file. Simple, eh? I thought not, let us break it down further.
Since there are nine characters we care about, and three “permission sets” there, lets break it into groups of three:
| User | rw- |
| Group | r– |
| Others | r– |
What this table tells us is that the user who owns the file can read and write to the file, the users in the group that the file belongs to can read the file, and that everyone else can read the file as well. Once we do that, it should be relatively easy to see how they all fit together into rw-r–r–.
As you can see, there are a lot of blank, unset, permissions. If the permissions were all set, it would look like this: “rwxrwxrwx”. As you can see, the “r”s only go in the first columns, the “w”s in the middle, and the “x”s at the end. This is because they are used as “flags” to denote binary numbers. You don’t know binary? It’s very simple:
Binary means base two, in other words, there are only two numbers, zero (0) and one (1). As with base ten (what we normally use), when you are counting and you run out of numbers, you add another column, for instance: when we count, after we get to 9, there is no number for “10″, so we have to use a “1″ and a “0″ to mean the same thing; in binary, there is no number for “2″ so they use a “1″ and a “0″ as well. Here is how you would count in binary up to 7:
| 0 | 0 |
| 1 | 1 |
| 2 | 10 |
| 3 | 11 |
| 100 | |
| 101 | |
| 6 | 110 |
| 7 | 111 |
As you can see, since there are only two numbers, we add new columns a lot. How does this tie into permissions in the tower? Simple! Look at the user permission flags set: “rw-”, now imagine that each letter is a “1″ and each “-” is a “0″. You would get “110″, correct? Now, if you look at the table above, you can see that “110″ matches “6″ in decimal (base 10). The group and other flags (”r–” or “100″) match “4″ from the table, thus the permission set can be described as “644″.
Suppose for a moment that you were writing a scroll of sensitive nature. Beyond the normal protections put in place on your home, you wanted to ensure that no one aside from yourself could read the scroll. Utilizing the ‘chmod’ spell, you can ensure that by setting the permissions to “rw——-”. If we remember to convert the letters to ones, and the -’s do zeroes, we wind up with 600, according to the table above. This means that no one can do anything with the scroll except ourselves (and the tower administrator).
Use this knowledge well, and practice it. Keep in mind, class, that it is entirely possible to protect a scroll such that you yourself cannot open it. In that event, it is still possible to alter the permissions to correct that oversight.Thank you for your attention, and please return for my next class, which I believe will be “Editing scrolls using the ‘vi’ spell”. Until then,
Your Professor,
Meotod
Posted by Matt on Friday, November 10th, 2006
Sir, excellent tutorial.
on August 11th, 2007 at 9:21 am | #Link CommentI am able to comprehend the permission set in first reading itself, thanks to your lucid style of teaching.