[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Lecture 3 Notes

Title: Math 481/581 Lecture 3: Umasks and Email

Math 481/581 Lecture 3: Umasks and Email

© 1998 by Mark Hays <hays@math.arizona.edu>. All rights reserved.

File Permissions and the Umask

If you are getting the feeling that each UNIX process carries a whole bunch of information around with it, you are correct. We aren't done yet, either!

UNIX processes are associated with a user ID and group ID. In most cases, the process' user and group IDs are those of the person who ran the command.

Every UNIX process also has an associated umask. In order to understand the umask, we need to discuss UNIX file permissions first.

UNIX file permissions apply to three groups of people:

For each group of people, there are three permissions that may be specified on a per-file basis:

Each UNIX user is a member of one or more groups. On many systems, there only a small number of groups; therefore, you will want to be careful about granting group-write permission to your files and directories. On such systems, the "other" category generally consists of all human users and fictitious accounts like "lp" for the printing system, etc. In general, you should consider "group" and "other" permissions to be equivalent to "everyone".

Permissions are processed in order. If the you are the owner of a file, then the "owner" permission settings will apply. If you are not the owner of the file, but are a member of the group that owns the file, the "group" permissions apply. Otherwise, the "other" permissions are consulted.

If you execute ls -l, you will see the permissions on the contents of your CWD:

-rw-r--r--   1 hays     users        5899 Aug 30 08:03 lec3.html
drwxr-xr-x   2 hays     users        1024 Jul 22 17:44 mail/
The first field is a text representation of the file's permissions. The third and fourth fields show the user and group ownerships of the file. Let's take a closer look at the permission field.

The permissions field is 10 characters long. The first character shows the file's type. The two most common values here are "-", which means that the file is a regular old file, and "d", which means that it is a directory.

The last nine characters consist of 3 set of 3 characters each when read left to right. The sets correspond to "owner", "group", and "other" permissions. The characters within each set correspond to read, write, and execute permission. If a permission is set, either "r" or "w" or "x" will appear in the corresponding slot; otherwise, a "-" will fill the slot.

For regular files, permissions are interpreted as follows:

Read  The corresponding people can read the file's contents
Write  The corresponding people can modify the file's contents
Execute  The corresponding people can execute the file as a program

Here, "corresponding" means "owner", "group", or "other".

For directories, the interpretation is slightly different:

Read  The corresponding people can read the read the directory's contents. In other words, they can do things like get a list of the directory's contents.
Write  The corresponding people can modify the directory. This means that they can create or delete files in the directory.
Execute  The corresponding people are granted search permission on the directory's contents. This means that they can access files in the directory (subject to the permissions set on of each of the directory's contents).

If a directory does not have execute permission, its contents become inaccessible to that particular set of people. In general, you will want to set or clear the "rx" permissions together on directories.

The chmod command is used to set permissions on your files. The usage is:

		chmod mode filenames
The mode argument can either be a symbolic permission specification or an octal integer (ie, expressed in base 8).

A symbolic specification consists of three parts:

For example, chmod go+rx fred adds read and execute permission for the group that owns "fred", as well as all users of the system.

One limitation of specifying permissions symbolically is that you cannot only have one "+" or "-" per chmod command. For this reason, you can also specify all permissions at once as an octal number.

An octal permission setting consists of three octal digits. The leftmost digit is for the file owner, the middle one is for the group, and the rightmost digit is for everyone else. Each of these digits lets you specify the permission by summing according to the following weights:

r 4
w 2
x 1

For example, if you want to set permissions on a regular file named "fred" such that you may read or write to it, the group owning fred can only read it, and others may not access it at all, you would issue the command chmod 640 fred.

If you set permissions on a directory to 700, you effectively lock out everyone (other than yourself) from accessing that directory and any of its contents. In other words, it is not necessary to chmod 600 files and chmod 700 subdirectories under a mode-700 directory.

As a rule of thumb, you'll probably want to set your permissions as follows:

Note that if you have a published WWW page, your home directory and public_html/ directory will need to be "world executable". In addition, all files and subdirectories under public_html will need to be world readable/executable so that the web server software is able to read them. The web server is associated with a fictitious user and always falls under the scope of the "other" permissions.

UNIX provides a mechanism, called a umask, that is designed to help you set your personal file access policy.

In most cases, when a process creates a file or directory, the operating system consults the process' umask. For regular files, the actual permissions of the new file are 666 logically and-ed with the logical complement of the umask. For directories, the permissions are 777 and-ed with the complement of the umask.

In a lot of cases (where there are few user groups), there are two interesting umask values: 022 and 077.

If the umask is 022, files get created with access bits of 644 and directories get permissions of 755. This means that anyone can wander through your directories and read your files.

If the umask is 077, new files are closed: files are mode 600 and directories are mode 700. Nobody can enter your directories or read your files. If you choose this policy, remember to set appropriate permissions for your home directory itself.

You won't want to change the first umask digit from 0: doing so would prevent you from performing certain operations on your own files. Modifying the other digits is not too interesting, either: either you allow others write access to your data (not a good idea) or you permit search access on directories containing unreadable files, which doesn't make a lot of sense.

I prefer to operate with a umask of 022 and do an explicit chmod for files and directories that I don't want other people to access. It is a little more work to do things this way because you have to remember what areas of your account you want to close off. And you must issue commands to "make it so".

If you are unsure, it is safest to set your umask to 077 and check permissions on all files and directories directly under your home directory.

Berkeley Mail

Electronic mail, or "email", is a mechanism that allows you to send and receive electronic messages. Each message has a "from" address, one or more "to" addresses, and a message body. The "from" and "to" addresses (along with some administrative info) make up the message "envelope". The message body is like the contents of a regular postal envelope.

An email address usually looks like username@hostname, where "username" is your login name on the system, and "hostname" is an Internet host name. For example, two of my email addresses are

Users normally interact with the email system via a mail client (also called a "mail user agent" or MUA). A mail client is a program that provides a convenient way of sending, receiving, and otherwise dealing with email messages. There are many mail clients available: Berkeley mail, elm, pine, mutt, MH, nsmail, etc. In this course we will cover Berkeley in detail since some incarnation of it exists on virtually every UNIX in existence.

Berkeley mail is accessed via one of two commands: "Mail" or "mail" -- it depends on what system you are on. If the system has a "Mail" command, this will usually get you Berkeley mail; otherwise, "mail" should do the trick. In any case, most systems do have a "mail" command which is used internally by the mail system to deliver messages to local recipients. Berkeley mail is accessed as "Mail" on shell.u.arizona.edu.

To send an email message to user@host, type

	> Mail user@host
	Subject: Message subject
	type the message here
	end the message as follows:
	Cc: someone@somewhere
When you execute the above Mail command, you are first prompted for the message subject. Once you type in the subject, you type in the message body line by line. When your message is complete, enter a line containing only a ".". Depending on the system, you may be prompted for a list of addresses that will recieve carbon copies of the message. At this point, your message is on its way to its destination.

There are a number of special commands called tilde escapes available while you are typing the message body. These commands are called tilde escapes because they all start with the "~" character. You invoke the tilde escapes by typing them on a line by themselves.

One important tilde escape is "~e". This command feeds the message to the text editor specified in the EDITOR environment variable. This is nice because there is no other way to correct typing mistakes in Mail. We will cover how to permanently set the EDITOR variable next class.

Two other tilde escapes are usually available: "~s" and "~r". If you type ~s string on a line by itself, the subject of the message will be set to "string". If you type ~r filename, the contents of filename will be inserted into the message.

The Mail program also allows you to read email messages by simply typing "Mail". If you do not have any unread email, Mail will say so and exit; otherwise, Mail will display the first 18 or so message headers and present you with the "&" prompt. Each message header looks something like:

>N  1 mhays@U.Arizona.  Mon Aug 31 12:17  17/580  "test"
The ">" marks the current message -- the current message is the default target of many of Mail's commands. The "N" means that the message is new; ie, you haven't seen it before. A "D" marks deleted messages, and a "U" marks unread messages. Next comes the message number, message sender, date sent, message size, and finally the message subject.

To read message number N, type N at the "&" prompt and hit RETURN.

If you want to send a message while reading mail, type

	& m rcpt1@host1 rcpt2@host2 ...
You will be prompted for a message subject and message body just as if you'd sent a message directly from the command line.

To delete a message, use the "d" command:

	& d 2
	& d 3 7
	& d 12-18
The messages are actually deleted when you exit Mail with the "q" command. Up until the time you exit Mail, you can undelete messages with the "u" command.

If you want to reply, you can use either the "R" or "r" command. On the u.arizona.edu system, "R" sends a reply to the sender only and "r" sends a reply to the sender and all recipients of the original message. On other systems, the functions or "R" and "r" are reversed. If you are unsure, you can type a "?" at the "&" prompt to get a summary of all available Mail commands. To reply to the sender of message 3, you would type:

	& R 3
	To: mhays@U.Arizona.EDU
	Subject: Re:  test

	type reply here
Sometimes it is nice to include the original message in your reply. To do this, use the "~m" escape while composing your reply. "~m" by itself inserts the current message (the one marked with ">") into the message you are composing. An alternative is to use "~m number" to insert the specified message instead.

To forward a message to someone else, use the "m" command in conjunction with the "~m" escape.

The "h [msg list]" command shows you the message headers (just like when you start Mail) in the specified range.

There are two ways to exit Mail: the "q" command and the "x" command. When you quit using "q", several things happen:

When you quit using "x", none of these actions are taken and your mail is restored to the spool area unchanged.

If you want to read the messages in mbox at a later time, invoke Mail (from your home directory) with:

	> Mail -f mbox
The mbox file is an example of a mail folder -- a file that stores related messages. You can save a message to a folder using the "s" command:
	& s 4 stuff
saves message number 4 into the "stuff" folder.

To send a text file via email, you can use something like the following:

	> Mail -s 'message subject' user@host < file
The simplest way to send a binary file, is to process it using the "uuencode" program first. Uuencode turns a binary file into a larger text file, which can then be sent via email. For example, here's one way to uuencode and mail a TeX DVI file:
	> uuencode file.dvi < file.dvi > file.dvi.uu
	> Mail -s 'uuencoded DVI file' user@host < file.dvi.uu
	> rm file.dvi.uu
On the first line, we convert the binary DVI file into an ASCII text file. The "file.dvi" argument on the "uuencode" command line is the filename that uudecode will create on the receiving end.

The second command mails the encoded DVI file. The subject of the message is very important: it tells the person who receives the message exactly what kind of encoding was used. Without this information, it is extremely difficult for the other person to know how to proceed.

If someone sends you a file by email, you can save it to a file by using the "s" command in Mail. For example, you can save the current message to the file "zzz" with:

	& s zzz
	"zzz" [New file]
The output file consists of the message envelope and the message body. You'll need to remove the envelope using a text editor (described in the next section) before further processing can be done. Here's what you get when you save a message who's body consists of the single line "test":
>From hays  Sun Aug 30 10:45:25 1998
Return-Path: <hays>
Received: (from hays@localhost)
        by localhost.localdomain (8.8.5/8.8.5) id KAA03735
        for hays; Sun, 30 Aug 1998 10:45:24 -0700
Date: Sun, 30 Aug 1998 10:45:24 -0700
From: Mark Hays <hays>
Message-Id: <199808301745.KAA03735@localhost.localdomain>
To: hays
Subject: testing
Status: R


The envelope is everything up to and including the first blank line.

If someone sends you a uuencoded message, here is what the file will look like after the headers (envelope) have been removed:

begin 644 testfile
The first line shows the filename and permissions that the decoded file will have. To create the file "testfile" assuming that the uuencoded file is in testfile.uu, do:
	> uudecode < testfile.uu
The file "testfile" will be created and contains:

This is a test.

You should be aware that most email systems are configured for a maximum article size of 1 MB. If you need to mail something larger than 1 MB, you will either need to split the file up into smaller pieces or use FTP to transfer the file. We'll cover FTP in more detail later.

Berkeley mail supports the notion of mail aliases. A mail alias allows you to associate a name with a set of recipients. To create an alias, add something like the following to the file .mailrc in your home directory (we'll see how to do this in the next section):

cstaff hays jtorr@math.arizona.edu rbc rosario@lnx.math.arizona.edu
If I send mail to "cstaff", the mail program will actually send the message to the four people listed.

It is often the case that you receive email on computer system on which you have an account. If you have many accounts, it can get annoying to log into each one to see if you have any mail. Most UNIX systems allow you to forward all of your email on that system to a different address.

Here is an example. On each of my non-Math accounts, I create a file called .forward in my home directory. This file contains the following line:

This way, any email sent to any of my other accounts ends up at my Math department account -- enabling me to read all of my mail from a single location.

There is one problem to look out for: so called "mail loops". If my Math department .forward file contains "mhays@u.arizona.edu" and my u.arizona.edu .forward file contains "hays@math.arizona.edu", an infinite loop will result if anyone sends email to either address. The worst part about it is that the mail system cannot send you notification that a problem exists -- becuase such notification must be sent via email. Instead, the system administrators will be notified of the problem. They will have to contact you in person.