Comp111: Operating Systems
Classroom Exercise 19 Answers
Identity and Protection
Fall 2017

  1. After 'chmod 02751 foo' what can every user do to foo? Consider both the case where foo is a directory, and the case where foo is a file.
    Answer:
  2. A very common error for linux beginners is to type 'chmod 0 .' What does this do? How does one fix it?
    Answer: It makes it impossible for the user to read their own directory. Fortunately, it does not revoke ownership, so the user can undo it via
     
    chmod 700 .
    
  3. Using chmod and chgrp, write commands that make a file 'bar' accessible to all students. What else has to be done, other than modifying 'bar'?
    Answer:
     
    chgrp student bar # requires user to be in student group. 
    chmod 640 bar # readable to group. 
    
    The other thing that one has to do is to make the containing directory (and all other directories above bar in its path) executable to student, via
     
    chmod g+x .
    
    and similar ones for every directory above.
  4. What additional capabilities are added by allowing one user to be a member of more than one group?
    Answer: This allows more than one group of people to collaborate and share a set of documents.
  5. Consider the following scenerio
    pathmodeownergroup
    /drwxr-xr-xrootroot
    /foodr-xr-sr-xcouchfaculty
    /foo/goo-r--r--r--rveroyfaculty
    /bardr-xr--r--brodleyfaculty
    /bar/joe---x--x--xbrodleyfaculty
    Assume that user rveroy has group student and that user couch has group faculty.
    1. How many directories can user rveroy list?
      Answer: All of them.
    2. How many files can user couch change?
      Answer: None of them.
    3. How did the file goo get a group that is not the same as the owner's group?
      Answer: Group inheritance (s) is enabled.
  6. One subtle property of linux protection is that the 'other' part of the protection word applies to only to processes that do not have the group of the file and do not have ownership of it. Based upon this, what is the effect of setting a file's protection to -r------w- (0402)?
    Answer: This creates a file such that people other than its group and owner can write it, while its owner and group cannot, and only its owner can read it.
  7. (Advanced) In former days, hiding things in unlistable directories under obscure names was considered a form of security. E.g., a file you didn't want everyone to find might be listed as h384j92bvkshd82j39d.txt in a directory that has x but not r permission. Thus, people cannot discover the file's name directly, but can open it if they know the name. This is now considered to be a very poor way to hide information. Why?
    Answer: The standards for what constitutes security have changed. If one hides a file by name, then the information as to what its name is completely compromises its security. Once one person knows that, it can be broadcast and then everyone will know how to get to it.