Title: Math 481/581 Lecture 3: Umasks and Email
UNIX processes are associated with a user ID and group ID. In most cases, the process' user and group IDs are those of the person who ran the command.
Every UNIX process also has an associated umask. In order to understand the umask, we need to discuss UNIX file permissions first.
UNIX file permissions apply to three groups of people:
Each UNIX user is a member of one or more groups. On many systems, there only a small number of groups; therefore, you will want to be careful about granting group-write permission to your files and directories. On such systems, the "other" category generally consists of all human users and fictitious accounts like "lp" for the printing system, etc. In general, you should consider "group" and "other" permissions to be equivalent to "everyone".
Permissions are processed in order. If the you are the owner of a file, then the "owner" permission settings will apply. If you are not the owner of the file, but are a member of the group that owns the file, the "group" permissions apply. Otherwise, the "other" permissions are consulted.
If you execute ls -l, you will see the permissions on the
contents of your CWD:
-rw-r--r-- 1 hays users 5899 Aug 30 08:03 lec3.html drwxr-xr-x 2 hays users 1024 Jul 22 17:44 mail/The first field is a text representation of the file's permissions. The third and fourth fields show the user and group ownerships of the file. Let's take a closer look at the permission field.
The permissions field is 10 characters long. The first character shows the file's type. The two most common values here are "-", which means that the file is a regular old file, and "d", which means that it is a directory.
The last nine characters consist of 3 set of 3 characters each when read left to right. The sets correspond to "owner", "group", and "other" permissions. The characters within each set correspond to read, write, and execute permission. If a permission is set, either "r" or "w" or "x" will appear in the corresponding slot; otherwise, a "-" will fill the slot.
For regular files, permissions are interpreted as follows:
| Read | The corresponding people can read the file's contents |
| Write | The corresponding people can modify the file's contents |
| Execute | The corresponding people can execute the file as a program |
Here, "corresponding" means "owner", "group", or "other".
For directories, the interpretation is slightly different:
| Read | The corresponding people can read the read the directory's contents. In other words, they can do things like get a list of the directory's contents. |
| Write | The corresponding people can modify the directory. This means that they can create or delete files in the directory. |
| Execute | The corresponding people are granted search permission on the directory's contents. This means that they can access files in the directory (subject to the permissions set on of each of the directory's contents). |
If a directory does not have execute permission, its contents become inaccessible to that particular set of people. In general, you will want to set or clear the "rx" permissions together on directories.
The chmod command is used to set permissions on your
files. The usage is:
chmod mode filenamesThe
mode argument can either be a symbolic permission
specification or an octal integer (ie, expressed in base 8).
A symbolic specification consists of three parts:
| u | "user" -- the owner of the file. |
| g | "group" -- the group that owns the file. |
| o | "other" -- everyone else. |
| a | "all" -- shorthand for "ugo". |
| + | Add the corresponding permission. |
| - | Remove the corresponding permission. |
| r | read permission |
| w | Write permission |
| x | Execute permission |
chmod go+rx fred adds read and execute
permission for the group that owns "fred", as well as all users of the
system.
One limitation of specifying permissions symbolically is that you cannot
only have one "+" or "-" per chmod command. For this
reason, you can also specify all permissions at once as an octal number.
An octal permission setting consists of three octal digits. The leftmost digit is for the file owner, the middle one is for the group, and the rightmost digit is for everyone else. Each of these digits lets you specify the permission by summing according to the following weights:
| Perm | Weight |
|---|---|
| r | 4 |
| w | 2 |
| x | 1 |
For example, if you want to set permissions on a regular file named
"fred" such that you may read or write to it, the group owning fred can
only read it, and others may not access it at all, you would issue the
command chmod 640 fred.
If you set permissions on a directory to 700, you
effectively lock out everyone (other than yourself) from accessing that
directory and any of its contents. In other words, it is not necessary
to chmod 600 files and chmod 700
subdirectories under a mode-700 directory.
As a rule of thumb, you'll probably want to set your permissions as follows:
Note that if you have a published WWW page, your home directory and
public_html/ directory will need to be "world executable".
In addition, all files and subdirectories under public_html
will need to be world readable/executable so that the web server
software is able to read them. The web server is associated with a
fictitious user and always falls under the scope of the "other"
permissions.
UNIX provides a mechanism, called a umask, that is designed to help you set your personal file access policy.
In most cases, when a process creates a file or directory, the operating system consults the process' umask. For regular files, the actual permissions of the new file are 666 logically and-ed with the logical complement of the umask. For directories, the permissions are 777 and-ed with the complement of the umask.
In a lot of cases (where there are few user groups), there are two
interesting umask values: 022 and 077.
If the umask is 022, files get created with access bits of
644 and directories get permissions of
755. This means that anyone can wander through your
directories and read your files.
If the umask is 077, new files are closed: files are mode
600 and directories are mode 700. Nobody can
enter your directories or read your files. If you choose this policy,
remember to set appropriate permissions for your home directory itself.
You won't want to change the first umask digit from 0: doing so would prevent you from performing certain operations on your own files. Modifying the other digits is not too interesting, either: either you allow others write access to your data (not a good idea) or you permit search access on directories containing unreadable files, which doesn't make a lot of sense.
I prefer to operate with a umask of 022 and do an explicit
chmod for files and directories that I don't want other
people to access. It is a little more work to do things this way
because you have to remember what areas of your account you want to
close off. And you must issue commands to "make it so".
If you are unsure, it is safest to set your umask to 077
and check permissions on all files and directories directly under your
home directory.
An email address usually looks like username@hostname,
where "username" is your login name on the system, and "hostname" is an
Internet host name. For example, two of my email addresses are
mhays@u.arizona.edu hays@math.arizona.eduUsers normally interact with the email system via a mail client (also called a "mail user agent" or MUA). A mail client is a program that provides a convenient way of sending, receiving, and otherwise dealing with email messages. There are many mail clients available: Berkeley mail, elm, pine, mutt, MH, nsmail, etc. In this course we will cover Berkeley in detail since some incarnation of it exists on virtually every UNIX in existence.
Berkeley mail is accessed via one of two commands: "Mail" or "mail" -- it depends on what system you are on. If the system has a "Mail" command, this will usually get you Berkeley mail; otherwise, "mail" should do the trick. In any case, most systems do have a "mail" command which is used internally by the mail system to deliver messages to local recipients. Berkeley mail is accessed as "Mail" on shell.u.arizona.edu.
To send an email message to user@host, type
> Mail user@host Subject: Message subject type the message here end the message as follows: . Cc: someone@somewhere >When you execute the above
Mail command, you are
first prompted for the message subject. Once you type in the
subject, you type in the message body line by line. When your
message is complete, enter a line containing only a ".". Depending
on the system, you may be prompted for a list of addresses that will
recieve carbon copies of the message. At this point, your
message is on its way to its destination.
There are a number of special commands called tilde escapes available while you are typing the message body. These commands are called tilde escapes because they all start with the "~" character. You invoke the tilde escapes by typing them on a line by themselves.
One important tilde escape is "~e". This command feeds the message to the text editor specified in the EDITOR environment variable. This is nice because there is no other way to correct typing mistakes in Mail. We will cover how to permanently set the EDITOR variable next class.
Two other tilde escapes are usually available: "~s" and "~r". If you
type ~s string on a line by itself, the subject of the
message will be set to "string". If you type ~r
filename, the contents of filename will be
inserted into the message.
The Mail program also allows you to read email
messages by simply typing "Mail". If you do not have any unread
email, Mail will say so and exit; otherwise,
Mail will display the first 18 or so message
headers and present you with the "&" prompt. Each message
header looks something like:
>N 1 mhays@U.Arizona. Mon Aug 31 12:17 17/580 "test"The ">" marks the current message -- the current message is the default target of many of Mail's commands. The "N" means that the message is new; ie, you haven't seen it before. A "D" marks deleted messages, and a "U" marks unread messages. Next comes the message number, message sender, date sent, message size, and finally the message subject.
To read message number N, type N at the
"&" prompt and hit RETURN.
If you want to send a message while reading mail, type
& m rcpt1@host1 rcpt2@host2 ...You will be prompted for a message subject and message body just as if you'd sent a message directly from the command line.
To delete a message, use the "d" command:
& d 2 & d 3 7 & d 12-18The messages are actually deleted when you exit Mail with the "q" command. Up until the time you exit Mail, you can undelete messages with the "u" command.
If you want to reply, you can use either the "R" or "r" command. On the u.arizona.edu system, "R" sends a reply to the sender only and "r" sends a reply to the sender and all recipients of the original message. On other systems, the functions or "R" and "r" are reversed. If you are unsure, you can type a "?" at the "&" prompt to get a summary of all available Mail commands. To reply to the sender of message 3, you would type:
& R 3 To: mhays@U.Arizona.EDU Subject: Re: test type reply here .Sometimes it is nice to include the original message in your reply. To do this, use the "~m" escape while composing your reply. "~m" by itself inserts the current message (the one marked with ">") into the message you are composing. An alternative is to use "~m number" to insert the specified message instead.
To forward a message to someone else, use the "m" command in conjunction with the "~m" escape.
The "h [msg list]" command shows you the message headers (just like when you start Mail) in the specified range.
There are two ways to exit Mail: the "q" command and the "x" command. When you quit using "q", several things happen:
mbox in your home directory
If you want to read the messages in mbox at a later
time, invoke Mail (from your home directory) with:
> Mail -f mboxThe
mbox file is an example of a mail folder --
a file that stores related messages. You can save a message to a
folder using the "s" command:
& s 4 stuffsaves message number 4 into the "stuff" folder.
To send a text file via email, you can use something like the following:
> Mail -s 'message subject' user@host < file >The simplest way to send a binary file, is to process it using the "uuencode" program first. Uuencode turns a binary file into a larger text file, which can then be sent via email. For example, here's one way to uuencode and mail a TeX DVI file:
> uuencode file.dvi < file.dvi > file.dvi.uu > Mail -s 'uuencoded DVI file' user@host < file.dvi.uu > rm file.dvi.uu >On the first line, we convert the binary DVI file into an ASCII text file. The "file.dvi" argument on the "uuencode" command line is the filename that uudecode will create on the receiving end.
The second command mails the encoded DVI file. The subject of the message is very important: it tells the person who receives the message exactly what kind of encoding was used. Without this information, it is extremely difficult for the other person to know how to proceed.
If someone sends you a file by email, you can save it to a file by using the "s" command in Mail. For example, you can save the current message to the file "zzz" with:
& s zzz "zzz" [New file] &The output file consists of the message envelope and the message body. You'll need to remove the envelope using a text editor (described in the next section) before further processing can be done. Here's what you get when you save a message who's body consists of the single line "test":
>From hays Sun Aug 30 10:45:25 1998
Return-Path: <hays>
Received: (from hays@localhost)
by localhost.localdomain (8.8.5/8.8.5) id KAA03735
for hays; Sun, 30 Aug 1998 10:45:24 -0700
Date: Sun, 30 Aug 1998 10:45:24 -0700
From: Mark Hays <hays>
Message-Id: <199808301745.KAA03735@localhost.localdomain>
To: hays
Subject: testing
Status: R
test
The envelope is everything up to and including the first blank line.
If someone sends you a uuencoded message, here is what the file will look like after the headers (envelope) have been removed:
begin 644 testfile 2"E1H:7,@:7,@82!T97-T+@H* ` endThe first line shows the filename and permissions that the decoded file will have. To create the file "testfile" assuming that the uuencoded file is in testfile.uu, do:
> uudecode < testfile.uu >The file "testfile" will be created and contains:
This is a test.
You should be aware that most email systems are configured for a maximum article size of 1 MB. If you need to mail something larger than 1 MB, you will either need to split the file up into smaller pieces or use FTP to transfer the file. We'll cover FTP in more detail later.
Berkeley mail supports the notion of mail aliases. A mail alias
allows you to associate a name with a set of recipients. To create an
alias, add something like the following to the file .mailrc
in your home directory (we'll see how to do this in the next section):
cstaff hays jtorr@math.arizona.edu rbc rosario@lnx.math.arizona.eduIf I send mail to "cstaff", the mail program will actually send the message to the four people listed.
It is often the case that you receive email on computer system on which you have an account. If you have many accounts, it can get annoying to log into each one to see if you have any mail. Most UNIX systems allow you to forward all of your email on that system to a different address.
Here is an example. On each of my non-Math accounts, I create a file
called .forward in my home directory. This file contains
the following line:
hays@math.arizona.eduThis way, any email sent to any of my other accounts ends up at my Math department account -- enabling me to read all of my mail from a single location.
There is one problem to look out for: so called "mail loops". If my Math department .forward file contains "mhays@u.arizona.edu" and my u.arizona.edu .forward file contains "hays@math.arizona.edu", an infinite loop will result if anyone sends email to either address. The worst part about it is that the mail system cannot send you notification that a problem exists -- becuase such notification must be sent via email. Instead, the system administrators will be notified of the problem. They will have to contact you in person.