User Tools

Site Tools


services:labtest:old:labtest_user

Labtest File and Directory Permission

Often, labtest mode is perceived as being overly complicated. The basic setup of labtest is actually relatively simple. Most of the problems that occur are a result of misunderstanding file and directory permissions while in labtest mode. As such, the purpose of this document is to try to strengthen the concept of file and directory permission within the labtest environment.

When machines are in labtest mode, they each run their own local web server for serving labtest content. The web server process runs as user “labtest” and group “labtest”. All faculty are also automatically added to the labtest group.

A file or directory that is accessible by group “labtest” will be readable by the web server running on a labtest machine, but will not be directly readable to users who are not in the labtest group (eg. students) from the command line.

A few examples will hopefully clear up any confusion.

Labtest Directory Permission Examples

This labtest directory will not be accessible to the web server running on a labtest machine:

% mkdir /eecs/dept/www/course/1020/labtest
% chmod 700 /eecs/dept/www/course/1020/labtest
% ls -ld /eecs/dept/www/course/1020/labtest

drwx------  4 roumani faculty 4096 Jun  1 13:34 /eecs/dept/www/course/1020/labtest

This directory is only accessible to user “roumani” and NOT group “labtest”.

This directory will still not be accessible to the web server running on a labtest machine:

% mkdir /eecs/dept/www/course/1020/labtest
% chmod 750 /eecs/dept/www/course/1020/labtest
% ls -ld /eecs/dept/www/course/1020/labtest

drwxr-x---  4 roumani faculty 4096 Jun  1 13:34 /eecs/dept/www/course/1020/labtest

This directory allows group “faculty” to enter it, but again, not group “labtest”.

Finally, this directory is accessible during labtest mode:

% mkdir /eecs/dept/www/course/1020/labtest
% chgrp labtest /eecs/dept/www/course/1020/labtest
% chmod 750 /eecs/dept/www/course/1020/labtest
% ls -ld /eecs/dept/www/course/1020/labtest

drwxr-x---  4 roumani labtest 4096 Jun  1 13:34 /eecs/dept/www/course/1020/labtest

This directory is accessible by group “labtest”. This required using the chgrp command to change the group from “faculty” to “labtest”. It also required adding the “rx” bits for “group” using chmod.

In order to remove access to this directory before the labtest, you can do:

% chmod 700 /eecs/dept/www/course/1020/labtest
% ls -ld /eecs/dept/www/course/1020/labtest
  
drwx------  4 roumani labtest 4096 Jun  1 13:34 /eecs/dept/www/course/1020/labtest

You can make the directory accessible just before your labtest like this:

% chmod 750 /eecs/dept/www/course/1020/labtest
% ls -ld /eecs/dept/www/course/1020/labtest
  
drwxr-x---  4 roumani labtest 4096 Jun  1 13:34 /eecs/dept/www/course/1020/labtest

Labtest File Permission Examples

The same permission concepts apply to files. This file is not accessible during labtest:

% cp /tmp/index.html /eecs/dept/www/course/1020/labtest/index.html
% chmod 640 /eecs/dept/www/course/1020/labtest/index.html
% ls -l /eecs/dept/www/course/1020/labtest/index.html

-rwxr-----  4 roumani faculty 360 Jun  1 13:34 /eecs/dept/www/course/1020/labtest/index.html

This file is readable by group “faculty”, but not group “labtest”.

But this file is accessible during labtest:

% cp /tmp/index.html /eecs/dept/www/course/1020/labtest/index.html
% chgrp labtest /eecs/dept/www/course/1020/labtest/index.html 
% chmod 640 /eecs/dept/www/course/1020/labtest/index.html
% ls -l /eecs/dept/www/course/1020/labtest/index.html

-rwxr-----  4 roumani labtest 360 Jun  1 13:34 /eecs/dept/www/course/1020/labtest/index.html

Again, chgrp was used to change the group of the index.html file to group “labtest”, and chmod opened up read access.

If you have any questions about the way that labtest files and permissions work, please contact tech.

services/labtest/old/labtest_user.txt · Last modified: 2017/09/13 16:00 by 127.0.0.1

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki