LINUX NEWS
Resources & Links From CramSession.com
Thursday, June 27, 2002
TABLE OF CONTENTS
1) Sean’s Notes
2) Linux News
Linux is Dead
GNOME 2.0 Desktop and Developer Platform Released
The Taxman Uses mod_perl
Linux Kernel Summit Summary
3) Linux Resources
Network Performance Links
Installing Slash for Dummies
Staying Out Of Trouble
Hot Swappable Kernel?
Writing Secure CGI
4) App o’ the Week
~~~~~~~~~~~~~~~~~~~~~~ ADVERTISEMENT ~~~~~~~~~~~~~~~~~~~~~~~
Free Windows 2000 Professional Quizzer. Full Version! We are offering a free full version 70-210 quizzer to all Cramsession/ Brainbuzz subscribers. 400+ questions and answers with detailed explanations. $149.95 retail value, download your free full version today. Offer valid thru June 30 2002.
Download at http://ad.brainbuzz.com/?RC06&AIT26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For information on how to advertise in this newsletter please contact mailto:adsales@CramSession.com or visit http://cramsession.com/marketing/default.asp
1) Sean’s Notes
The Unix filesystem employs a fairly simple set of access controls. Though some OSes add in fine grained controls (similar to those used in Windows NT), you’ll need to know the basics first.
Every file is owned by both a user and a group, and also has a file permission:
$ ls -l /etc/dumpdates -rw-rw-r– 1 root disk 629 Jun 22 00:48 /etc/dumpdates
Here, /etc/dumpdates is owned by user “root”, and the “disk” group. The file permission is “-rw-rw-r–”. You’ll often see the file permission written this way.
The first character is special, we’ll talk about it later. A ‘-’ means that it’s just a regular file, though.
The last 9 characters can be broken down into groups of three. The first group relates to the user, the second to the group, and the third to everyone. Permissions really don’t apply to the root user, he can read and write any file he wants. Such is the greatness of root.
Within each group of letters are “read”, “write”, and “execute” (r, w, and x). If the permission is there, then the letter is present. If a dash is there, it means the permission isn’t there.
“-rw-rw-r–” is a pretty standard permission. It means that everyone can read (the last group of three), and that the owner and people in the group can read AND write. None of the three classes have the execute bit set.
The chmod command changes the permissions (sometimes called the “mode”). You have to be the owner, or root, to use this command. chmod uses the r, w, and x above, and “u, g, o, and a” to represent the user (owner), group, others, and all permissions respectively. We’re also going to throw in +, -, and = to represent adding, subtracting, and setting the privilege. Confused? An example or two:
$ chmod u=r,g=r,o=r foo gives you -r–r–r– 1 sean sean 21 Jun 26 22:01 foo
You can then add write access for the user and group with $ chmod u+w,g+w foo -rw-rw-r– 1 sean sean 21 Jun 26 22:01 foo
Or, take away write access to the group $ chmod g-w foo -rw-r–r– 1 sean sean 21 Jun 26 22:01 foo
Reading and writing are pretty easy to conceptualize, but what about that execute flag? It’s job is to tell the kernel that it’s ok to run the program as executable code. The code could be a binary or a script:
$ ./foo bash: ./foo: bad interpreter: Permission denied $ chmod +x foo $ ./foo hello
One example of where this will be used is when downloading installation programs off the Internet, such as Star Office. The binary will be saved without the executable bit set, so to run it, you’ll need to use chmod to set it.
All that “u=rwx,g=rwx,o=rx” stuff is just too much of a pain to type sometimes, which is why we can translate file permissions to numbers. The resulting permission is in octal (base 8), because that’s the most confusing way to do it. (Remember that Unix is user friendly, just picky about who it considers a friend)
Remember this:
r=4 w=2 x=1
Read and write is 4+2 = 6. Read/write/execute is 4+2+1=7. Do it three times, for user, group, and others, respectively. Thus, -rw-rw-r– becomes 664, or as an argument to chmod:
chmod 664 foo
755 is -rwxr-xr-x, often used on binaries (everyone can execute it, but only the owner can change it). 0, will mean no bits are set.
In practice, most people use the octal format to set the permissions explicitly, and the long hand format to make subtle changes, such as setting the executable bit. Using octal has the advantage that you are always explicit about the file mode – the risk of accidentally giving everyone read access to the payroll records is much less.
A file mode of 600 means that only the owner can read and write it:
$ chmod 600 foo $ ls -l foo -rw——- 1 sean sean 21 Jun 26 22:21 foo $ cat foo
!/bin/sh
echo hello
Goin in as another user (not root)
$ cat foo cat: foo: Permission denied
Assuming this user were in the “sean” group, we could let him in:
$ chmod 640 foo (or chmod g+r foo)
That will let only members of the group read the file, though the owner can still write it.
Here’s something – The “sean” user is also a member of the “sean” group. Which permission is taken? Can “sean” write to the file by virtue of being the owner, or will he be denied because he’s in the “sean” group? The answer is the first one, since the more specific permissions take precedence over the less specific ones.
That means that I could allow all users in the “sean” group to read the file, but block out the “sean” user!
$ chmod 060 foo $ ls -l foo $ ls -l foo —-rw—- 1 sean sean 21 Jun 26 22:21 foo $ cat foo cat: foo: Permission denied $ id uid02(sean) gidP0(sean)
Or, let everyone BUT sean and the people in the sean group read it
$ chmod 006 foo
File permissions are fun, aren’t they?
Unix file permissions are probably one of the most important things to know. If everyone could write to every file, the system would crash faster than a competing OS that we often like to make fun of. The simplicity and absoluteness of the Unix file modes is one of the contributers to Unix’s great stability.
Next week we’ll look at how permissions apply to directories, and some other funky bits we can set to get added functionality.
Long live the Penguin,
Sean swalberg@cramsession.com
2) Linux News
Linux is Dead
Sorry, I forgot to tell you that Linux is dead. The rest of this newsletter is just a figment of your imagination.
http://www.msnbc.com/news/772215.asp
GNOME 2.0 Desktop and Developer Platform Released
“The GNOME Foundation today released version 2.0 of the GNOME Desktop and Developer Platform at the Ottawa Linux Symposium. With the inclusion of GNOME 2.0 by leading Linux and Unix vendors later this year, users of GNOME can look forward to an improved user environment for existing GNOME applications, including a faster and more powerful Nautilus file manager, features that are better organized and usability-tested, dozens of useful utilities, applications, and even games.”
http://www.gnome.org/pr-gnome20.html
The Taxman Uses mod_perl
CCRA is the Canadian version of the IRS, and is the entity that takes a good portion of each of my paycheques. It’s some consolation that they use mod_perl to handle their online forms, though.
http://www.oreillynet.com/cs/weblog/view/wlg/1632
Linux Kernel Summit Summary
In Ottawa, about 80 kernel hackers gathered to talk about various aspects of development, including plans for the AMD Hammer architecture. Interesting reading, and the story will be added to as the work progresses.
http://lwn.net/Articles/3327/
3) Linux Resources
Network Performance Links
I love it when people post their bookmarked links. Here are 300+ links on various aspects of network performance, from operating system parameters to properties of TCP.
http://www.csm.ornl.gov/~dunigan/netperf/netlinks.html
Installing Slash for Dummies
Slash is the code that powers Slashdot, and it’s widely available for you to use on your own site. A bit complex to install, this document walks you through absolutely everything, from installing your own perl and apache, to getting the Slash code up and running.
http://www.misterorange.com/docs/INSTALL-Slash-For-Dummies.html
Staying Out Of Trouble
“This is the first part of a series geared toward getting you, the average web monkey, up to speed on Linux. I don’t have the space here to teach you everything you need to know about Linux, but by the end of this article you’ll hopefully know enough to stay out of trouble.”
http://infocenter.cramsession.com/TechLibrary/GetHtml.asp?ID45
Hot Swappable Kernel?
It’s an interesting idea: being able to upgrade the kernel with no downtime. This discussion of why it’s not going to happen in the near future provides some insight into other aspects of the kernel. Nowhere do they say that this isn’t possible, though, so maybe we’ll see it someday.
http://kerneltrap.org/node.php?id(4
Writing Secure CGI
CGI is one technique used to create dynamic web pages. As with any code, it could possibly be exploited to give a remote attacker elevated privileges. By looking at how CGI can be attacked, you’ll gain an insight into how you can protect yourself.
http://b0iler.eyeonsecurity.net/tutorials/hackingcgi.htm
4) App o’ the Week
An old favourite, Space Invaders, comes to a Linux box near you!
http://home.snafu.de/nath/SDLInvaders/
(C) 2002 BrainBuzz.com, Inc. All Rights Reserved.
This message is from CramSession
You are currently subscribed to the following list Hottest Linux News and Resources as: sean@ertw.com
To un-subscribe from this newsletter by e-mail, send a blank email message to: mailto:leave-linuxnews-3825955Y@list.cramsession.com
To subscribe to this newsletter and many others visit our site at: http://newsletters.cramsession.com/signup/default.asp