[techtalk] Permissions

[Magni Onsoien]

Carolyn Jarie Getter:

> Thanks for the help.  Believe it or not, I have RTFM, and the relevant 
> parts in Running Linux.  (Maybe I need to read them again, eh?  I have 
> not been too keen on Running Linux.  It seemed to me to far too often 
> read something like "you can do great things with XYZ, but we don't 
> have space to tell you about XYZ." 
> Or it tells how to do something without really explaining what it is I am
> doing.  I'll unbury it and give it another shot.)

I guess you'll always experience this with general books - it's actually
the natur of "general" :) Books like "Running Linux" (which I haven't
read myself) are probably very suitable for giving an overview of
something, but to get the depth you need to buy another book on the
specific issue or - maybe rather - search the web for it. (I personally
love Google, it usually gives me what I want. Just remember to include
all the words you think may be relevant, to narrow the search.)

Also remember to check the HOWTOs (I guess they are somewhere under
/usr/doc if you installed the doc on your box, or you can find them on
the web. And of course the man-pages - just remember to start with 'man
man' to get familiar with the commands :)

> I think I run into trouble mostly when my files are buried ten directories 
> down a tree.  Okay, maybe not ten, but definitely down the tree.  Am 
> I correct that to read, write or execute, say, three directories down a 
> tree, I have to give read, write, and execute privileges to each of the 
> directories in that tree?  That makes me a bit nervous.

No, they don't have to be readable or writeable. 
They have to be writeable for those who are going to make subdirectories
or files in them. Fex. you'll want to be able to write to your own
home-directory /home/cgetter, but you don't have to write to the 
/home-directory to use it. And you don't need to have read-rights to
/home, either - then you can cd into it (cd /home), but if you try 'ls
/home' to see whose homedirs are there, you'll get a permission
denied-message if you can't read the directory.

Marks that even if you can't read a directory, you can explore it with
cd to get further into it. So to answer you ten-directory-deep question:
the nine directories closest to the root-dir don't need to be neither
readable or writeable, while the innermost (the tenth - I think / is on
the outher edge :)) must be writeable to those who will put files there.
But it don't have to be readable to anyone - as long as the files within
it are readable.

And remember that only thos who are actually goning to write to a
directory (i.e. putting files into it) or file need write access to it -
use chmod to make them owner of it, or use chgrp and give access to a
suitable group. On a web server you'll often have a www-group which
contains all the people who maintain the servers main webpages, then the
files need to be writeable for the people in the group plus have the
appropriate groupship (hm, was that a new word?).

For personal webpages the files don't need to be writeable for a group,
of course, only for the actual owner of the page.

> The SUID bit has me a bit perplexed as well.  I swear that I have it set on
> the appropriate files, but I can't get whatever it is to function.  Yesterday,
> I tried to get ppp working using SUID where I thought necessary.  No cigars. 
> Login as root and I get it running no sweat.  Incredibly frustrating, that,
> especially when it happens nearly every time I try to install something!

Can you show us the bits on pppd or whatever program you are using (I
don't use ppp myself, so I don't know the programname, sorry)? Remember
that you have to be root to make a program suid root (i.e. make it
execute with root privelegesr), and also that you have to fix the right
owner and group for the program first. So a 'chmod u+s pppd' followed by
'chgrp pppgroup pppd' won't work - it must be in the opposite way.

(Ok, I was going to write something about suid programs in general, but
as I wrote my English seemed poorer and poorer and at last I felt like a
7 year old or something, so I'll skip that for now. Maybe after a cup of
coffee or a night's sleep, unless someone else says something wise :))


Magni, tired :)
-- 
ulimit is good for you.