2002 06 27

                    LINUX NEWS
        Resources & Links From CramSession.com
             Thursday, June 27, 2002


1) Sean’s Notes

2) Linux News

Linux is Dead
GNOME 2.0 Desktop and Developer Platform Released
The Taxman Uses mod_perl
Linux Kernel Summit Summary

3) Linux Resources

Network Performance Links
Installing Slash for Dummies
Staying Out Of Trouble
Hot Swappable Kernel?
Writing Secure CGI

4) App o’ the Week

~~~~~~~~~~~~~~~~~~~~~~ ADVERTISEMENT ~~~~~~~~~~~~~~~~~~~~~~~

Free Windows 2000 Professional Quizzer. Full Version! We are offering a free full version 70-210 quizzer to all Cramsession/ Brainbuzz subscribers. 400+ questions and answers with detailed explanations. $149.95 retail value, download your free full version today. Offer valid thru June 30 2002.

Download at http://ad.brainbuzz.com/?RC06&AIT26

For information on how to advertise in this newsletter
please contact mailto:adsales@CramSession.com or visit

1) Sean's Notes

The Unix filesystem employs a fairly simple set of access
controls.  Though some OSes add in fine grained controls
(similar to those used in Windows NT), you'll need to know the
basics first.

Every file is owned by both a user and a group, and also has a
file permission:

$ ls -l /etc/dumpdates
-rw-rw-r--    1 root     disk     629 Jun 22 00:48 /etc/dumpdates

Here, /etc/dumpdates is owned by user "root", and the "disk"
group.  The file permission is "-rw-rw-r--".  You'll often see
the file permission written this way.

The first character is special, we'll talk about it later.
A '-' means that it's just a regular file, though.

The last 9 characters can be broken down into groups of three.
The first group relates to the user, the second to the group,
and the third to everyone. Permissions really don't apply to
the root user, he can read and write any file he wants.  Such
is the greatness of root.

Within each group of letters are "read", "write", and "execute"
(r, w, and x).  If the permission is there, then the letter is
present.  If a dash is there, it means the permission isn't there.

"-rw-rw-r--" is a pretty standard permission.  It means that
everyone can read (the last group of three), and that the owner
and people in the group can read AND write.  None of the three
classes have the execute bit set.

The chmod command changes the permissions (sometimes called the
"mode").  You have to be the owner, or root, to use this command.
chmod uses the r, w, and x above, and "u, g, o, and a" to
represent the user (owner), group, others, and all permissions
respectively.  We're also going to throw in +, -, and = to
represent adding, subtracting, and setting the privilege.
Confused?  An example or two:

$ chmod u=r,g=r,o=r foo
gives you
-r--r--r--    1 sean     sean           21 Jun 26 22:01 foo

You can then add write access for the user and group with
$ chmod u+w,g+w foo
-rw-rw-r--    1 sean     sean           21 Jun 26 22:01 foo

Or, take away write access to the group
$ chmod g-w foo
-rw-r--r--    1 sean     sean           21 Jun 26 22:01 foo

Reading and writing are pretty easy to conceptualize, but what
about that execute flag?  It's job is to tell the kernel that
it's ok to run the program as executable code.  The code could
be a binary or a script:

$ ./foo
bash: ./foo: bad interpreter: Permission denied
$ chmod +x foo
$ ./foo

One example of where this will be used is when downloading
installation programs off the Internet, such as Star Office.
The binary will be saved without the executable bit set, so
to run it, you'll need to use chmod to set it.

All that "u=rwx,g=rwx,o=rx" stuff is just too much of a pain
to type sometimes, which is why we can translate file
permissions to numbers.  The resulting permission is in octal
(base 8), because that's the most confusing way to do it.
(Remember that Unix is user friendly, just picky about who
it considers a friend)

Remember this:


Read and write is 4+2 = 6.  Read/write/execute is 4+2+1=7.
Do it three times, for user, group, and others, respectively.
Thus, -rw-rw-r-- becomes 664, or as an argument to chmod:

chmod 664 foo

755 is -rwxr-xr-x, often used on binaries (everyone can
execute it, but only the owner can change it).  0, will mean
no bits are set.

In practice, most people use the octal format to set the
permissions explicitly, and the long hand format to make subtle
changes, such as setting the executable bit.  Using octal has
the advantage that you are always explicit about the file mode
-- the risk of accidentally giving everyone read access to the
payroll records is much less.

A file mode of 600 means that only the owner can read and
write it:

$ chmod 600 foo
$ ls -l foo
-rw-------    1 sean     sean           21 Jun 26 22:21 foo
$ cat foo
echo hello

Goin in as another user (not root)

$ cat foo
cat: foo: Permission denied

Assuming this user were in the "sean" group, we could let him in:

$ chmod 640 foo (or chmod g+r foo)

That will let only members of the group read the file, though
the owner can still write it.

Here's something -- The "sean" user is also a member of the
"sean" group.  Which permission is taken?  Can "sean" write to
the file by virtue of being the owner, or will he be denied
because he's in the "sean" group?  The answer is the first one,
since the more specific permissions take precedence over the
less specific ones.

That means that I could allow all users in the "sean" group to
read the file, but block out the "sean" user!

$ chmod 060 foo
$ ls -l foo
$ ls -l foo
----rw----    1 sean     sean           21 Jun 26 22:21 foo
$ cat foo
cat: foo: Permission denied
$ id
uid02(sean) gidP0(sean)

Or, let everyone BUT sean and the people in the sean group
read it

$ chmod 006 foo

File permissions are fun, aren't they?

Unix file permissions are probably one of the most important
things to know.  If everyone could write to every file, the
system would crash faster than a competing OS that we often
like to make fun of.  The simplicity and absoluteness of the
Unix file modes is one of the contributers to Unix's great

Next week we'll look at how permissions apply to directories,
and some other funky bits we can set to get added functionality.

Long live the Penguin,


2) Linux News

Linux is Dead
Sorry, I forgot to tell you that Linux is dead. The rest of
this newsletter is just a figment of your imagination.


GNOME 2.0 Desktop and Developer Platform Released
"The GNOME Foundation today released version 2.0 of the
GNOME Desktop and Developer Platform at the Ottawa Linux
Symposium. With the inclusion of GNOME 2.0 by leading Linux
and Unix vendors later this year, users of GNOME can look
forward to an improved user environment for existing GNOME
applications, including a faster and more powerful Nautilus
file manager, features that are better organized and
usability-tested, dozens of useful utilities, applications,
and even games."


The Taxman Uses mod_perl
CCRA is the Canadian version of the IRS, and is the entity
that takes a good portion of each of my paycheques. It's some
consolation that they use mod_perl to handle their online
forms, though.


Linux Kernel Summit Summary
In Ottawa, about 80 kernel hackers gathered to talk about
various aspects of development, including plans for the AMD
Hammer architecture. Interesting reading, and the story will
be added to as the work progresses.


3) Linux Resources

Network Performance Links
I love it when people post their bookmarked links. Here are
300+ links on various aspects of network performance, from
operating system parameters to properties of TCP.


Installing Slash for Dummies
Slash is the code that powers Slashdot, and it's widely
available for you to use on your own site. A bit complex to
install, this document walks you through absolutely
everything, from installing your own perl and apache, to
getting the Slash code up and running.


Staying Out Of Trouble
"This is the first part of a series geared toward getting
you, the average web monkey, up to speed on Linux. I don't
have the space here to teach you everything you need to know
about Linux, but by the end of this article you'll hopefully
know enough to stay out of trouble."


Hot Swappable Kernel?
It's an interesting idea: being able to upgrade the kernel
with no downtime. This discussion of why it's not going to
happen in the near future provides some insight into other
aspects of the kernel. Nowhere do they say that this isn't
possible, though, so maybe we'll see it someday.


Writing Secure CGI
CGI is one technique used to create dynamic web pages. As
with any code, it could possibly be exploited to give a
remote attacker elevated privileges. By looking at how CGI
can be attacked, you'll gain an insight into how you can
protect yourself.


4) App o' the Week
An old favourite, Space Invaders, comes to a Linux box near you!


(C) 2002 BrainBuzz.com, Inc. All Rights Reserved.

          This message is from CramSession

You are currently subscribed to the following list
   Hottest Linux News and Resources
   as: sean@ertw.com

To un-subscribe from this newsletter by e-mail,
   send a blank email message to:

To subscribe to this newsletter and many others visit
our site at: