===== Labtest File and Directory Permission =====

Often, labtest mode is perceived as being overly complicated.  The basic setup of labtest is actually relatively simple.  Most of the problems that occur are a result of misunderstanding file and directory permissions while in labtest mode.  As such, the purpose of this document is to try to strengthen the concept of file and directory permission within the labtest environment.

When machines are in labtest mode, they each run their own local web server for serving labtest content.  The web server process runs as user "labtest" and group "labtest".  All faculty are also **automatically** added to the labtest group.  

A file or directory that is accessible by group "labtest" will be readable by the web server running on a labtest machine, but will not be directly readable to users who are not in the labtest group (eg. students) from the command line.

A few examples will hopefully clear up any confusion.

==== Labtest Directory Permission Examples ====

This labtest directory will **not** be accessible to the web server running on a labtest machine:

<code>
% mkdir /eecs/dept/www/course/1020/labtest
% chmod 700 /eecs/dept/www/course/1020/labtest
% ls -ld /eecs/dept/www/course/1020/labtest

drwx------  4 roumani faculty 4096 Jun  1 13:34 /eecs/dept/www/course/1020/labtest
</code>

This directory is only accessible to user "roumani" and NOT group "labtest".

This directory will still **not** be accessible to the web server running on a labtest machine:

<code>
% mkdir /eecs/dept/www/course/1020/labtest
% chmod 750 /eecs/dept/www/course/1020/labtest
% ls -ld /eecs/dept/www/course/1020/labtest

drwxr-x---  4 roumani faculty 4096 Jun  1 13:34 /eecs/dept/www/course/1020/labtest
</code>

This directory allows group "faculty" to enter it, but again, not group "labtest".

Finally, this directory **is** accessible during labtest mode:

<code>
% mkdir /eecs/dept/www/course/1020/labtest
% chgrp labtest /eecs/dept/www/course/1020/labtest
% chmod 750 /eecs/dept/www/course/1020/labtest
% ls -ld /eecs/dept/www/course/1020/labtest

drwxr-x---  4 roumani labtest 4096 Jun  1 13:34 /eecs/dept/www/course/1020/labtest
</code>

This directory is accessible by group "labtest".  This required using the //chgrp// command to change the group from "faculty" to "labtest".  It also required adding the "rx" bits for "group" using //chmod//.

In order to remove access to this directory before the labtest, you can do:

<code>
% chmod 700 /eecs/dept/www/course/1020/labtest
% ls -ld /eecs/dept/www/course/1020/labtest
  
drwx------  4 roumani labtest 4096 Jun  1 13:34 /eecs/dept/www/course/1020/labtest
</code>

You can make the directory accessible just before your labtest like this:

<code>
% chmod 750 /eecs/dept/www/course/1020/labtest
% ls -ld /eecs/dept/www/course/1020/labtest
  
drwxr-x---  4 roumani labtest 4096 Jun  1 13:34 /eecs/dept/www/course/1020/labtest
</code>

==== Labtest File Permission Examples ====

The same permission concepts apply to files.  This file is **not** accessible during labtest:

<code>
% cp /tmp/index.html /eecs/dept/www/course/1020/labtest/index.html
% chmod 640 /eecs/dept/www/course/1020/labtest/index.html
% ls -l /eecs/dept/www/course/1020/labtest/index.html

-rwxr-----  4 roumani faculty 360 Jun  1 13:34 /eecs/dept/www/course/1020/labtest/index.html
</code>

This file is readable by group "faculty", but not group "labtest".

But this file **is** accessible during labtest:

<code>
% cp /tmp/index.html /eecs/dept/www/course/1020/labtest/index.html
% chgrp labtest /eecs/dept/www/course/1020/labtest/index.html 
% chmod 640 /eecs/dept/www/course/1020/labtest/index.html
% ls -l /eecs/dept/www/course/1020/labtest/index.html

-rwxr-----  4 roumani labtest 360 Jun  1 13:34 /eecs/dept/www/course/1020/labtest/index.html
</code> 
 
Again, //chgrp// was used to change the group of the index.html file to group "labtest", and //chmod// opened up read access.

If you have any questions about the way that labtest files and permissions work, please contact tech.