Table of Contents
Labtest File and Directory Permission
Often, labtest mode is perceived as being overly complicated. The basic setup of labtest is actually relatively simple. Most of the problems that occur are a result of misunderstanding file and directory permissions while in labtest mode. As such, the purpose of this document is to try to strengthen the concept of file and directory permission within the labtest environment.
When machines are in labtest mode, they each run their own local web server for serving labtest content. The web server process runs as user “labtest” and group “labtest”. All faculty are also automatically added to the labtest group.
A file or directory that is accessible by group “labtest” will be readable by the web server running on a labtest machine, but will not be directly readable to users who are not in the labtest group (eg. students) from the command line.
A few examples will hopefully clear up any confusion.
Labtest Directory Permission Examples
This labtest directory will not be accessible to the web server running on a labtest machine:
% mkdir /eecs/dept/www/course/1020/labtest % chmod 700 /eecs/dept/www/course/1020/labtest % ls -ld /eecs/dept/www/course/1020/labtest drwx------ 4 roumani faculty 4096 Jun 1 13:34 /eecs/dept/www/course/1020/labtest
This directory is only accessible to user “roumani” and NOT group “labtest”.
This directory will still not be accessible to the web server running on a labtest machine:
% mkdir /eecs/dept/www/course/1020/labtest % chmod 750 /eecs/dept/www/course/1020/labtest % ls -ld /eecs/dept/www/course/1020/labtest drwxr-x--- 4 roumani faculty 4096 Jun 1 13:34 /eecs/dept/www/course/1020/labtest
This directory allows group “faculty” to enter it, but again, not group “labtest”.
Finally, this directory is accessible during labtest mode:
% mkdir /eecs/dept/www/course/1020/labtest % chgrp labtest /eecs/dept/www/course/1020/labtest % chmod 750 /eecs/dept/www/course/1020/labtest % ls -ld /eecs/dept/www/course/1020/labtest drwxr-x--- 4 roumani labtest 4096 Jun 1 13:34 /eecs/dept/www/course/1020/labtest
This directory is accessible by group “labtest”. This required using the chgrp command to change the group from “faculty” to “labtest”. It also required adding the “rx” bits for “group” using chmod.
In order to remove access to this directory before the labtest, you can do:
% chmod 700 /eecs/dept/www/course/1020/labtest % ls -ld /eecs/dept/www/course/1020/labtest drwx------ 4 roumani labtest 4096 Jun 1 13:34 /eecs/dept/www/course/1020/labtest
You can make the directory accessible just before your labtest like this:
% chmod 750 /eecs/dept/www/course/1020/labtest % ls -ld /eecs/dept/www/course/1020/labtest drwxr-x--- 4 roumani labtest 4096 Jun 1 13:34 /eecs/dept/www/course/1020/labtest
Labtest File Permission Examples
The same permission concepts apply to files. This file is not accessible during labtest:
% cp /tmp/index.html /eecs/dept/www/course/1020/labtest/index.html % chmod 640 /eecs/dept/www/course/1020/labtest/index.html % ls -l /eecs/dept/www/course/1020/labtest/index.html -rwxr----- 4 roumani faculty 360 Jun 1 13:34 /eecs/dept/www/course/1020/labtest/index.html
This file is readable by group “faculty”, but not group “labtest”.
But this file is accessible during labtest:
% cp /tmp/index.html /eecs/dept/www/course/1020/labtest/index.html % chgrp labtest /eecs/dept/www/course/1020/labtest/index.html % chmod 640 /eecs/dept/www/course/1020/labtest/index.html % ls -l /eecs/dept/www/course/1020/labtest/index.html -rwxr----- 4 roumani labtest 360 Jun 1 13:34 /eecs/dept/www/course/1020/labtest/index.html
Again, chgrp was used to change the group of the index.html file to group “labtest”, and chmod opened up read access.
If you have any questions about the way that labtest files and permissions work, please contact tech.