mahler@pur-ee.UUCP (Mahler) (11/18/84)
This is the distribution for the access, info, and lock programs.
It is contained in four separate mailings; each mailing is in
so-called "shell archive" format.
This is file 3 of 4.
To extract the sources and compile the programs, do the following:
1. Save this file and the others into four separate
files. Edit the files and delete the mail headers
and this text (delete from line 1 up to and including
the line marked "--- CUT HERE ---").
2. Create an empty directory and copy the files you
made in step 1 into it. Now give each file to
the shell by typing
sh filename1
sh filename2
sh filename3
sh filename4
This will extract the various files in the
distribution.
3. Fill in the answers to the questions by editing the file
QUESTIONAIRE and mail it to
{decvax, ihnp4, ucbvax}!pur-ee!mahler
This is so we'll know just who is running the
program, and so we can distribute any corrections
or enhancements.
4. Follow the directions contained in the README file.
------------------------- CUT HERE -----------------------------
# This is a shell archive. Save this into a file, edit it
# and delete all lines above this comment. Then give this
# file to sh by executing the command "sh file". The files
# will be extracted into the current directory owned by
# you with default permissions.
#
# The files contained herein are:
# access.help access.ms
#
echo 'x - access.help'
sed 's/^X//' <<'________This_Is_The_END________' >>access.help
XThe following commands are currently understood:
X
X access exit more
X cat help pwd
X cd info quit
X chmod lock sh
X csh ls unlock
X
XThe long descriptions of each command follow. If you wish to stop
Xreading this file now, type "q".
X
X access file1 [file2 file3 .....]
X Print out a list of who may read, write, and execute
X each file named.
X
X cat [args] file1 [file2 file3 .....]
X Execute the "cat" program on the named files.
X
X cd directory-name
X Change into the directory named directory-name.
X
X chmod mode file1 [file2 file3 .....]
X Change the mode of each file listed to mode. Mode
X should be a sequence of three digits, representing user
X permissions, group permissions, and world permissions
X respectively. Each digit should be:
X
X 0 - for no permission
X 1 - for execute (search) permission
X 2 - for write permission
X 3 - for write and execute permission
X 4 - for read permission
X 5 - for read and execute permission
X 6 - for read and write permission
X 7 - for read, write, and execute permission
X
X For example, mode "640" specifies that the owner of
X the file may read and write the file, members of the group
X which owns the file amy read it, and everyone else
X may not do anything to it. You must own a file in
X order to change its mode.
X
X exit
X quit
X Leave the program. Typing control-d accomplishes
X the same thing.
X
X ?
X help
X Print this file.
X
X info [args] file1 [file2 file3 .....]
X Run the info(1) command on the named files. Info prints
X out various pieces of information about a file, such
X as its mode, owner, size, contents, creation time, etc.
X See the info(1) manual page for more details.
X
X lock [file1 file2 file3 .....]
X If no arguments are given, the current directory is
X locked, otherwise, the named files are locked. If
X a directory is locked, the files and subdirectories
X inside it become accessible to the owner of the
X directory only. You may only lock a directory or
X file which belongs to you. This is equivalent to
X using the "chmod" command with "700" as the mode
X argument.
X
X ls [args] [files]
X With no arguments, a listing of the current
X directory is given. Otherwise, only the specific
X files named are listed. Arguments may be given
X as described in the ls(1) manual page.
X
X more [args] file1 [file2 file3 .....]
X Run the "more" command on the named files.
X
X pwd
X Print the name of the current working directory.
X
X sh
X csh
X Fork a shell. If the environment variable SHELL is
X set, this program is executed, otherwise, /bin/sh
X is used. Typing control-d to the shell brings you
X back to the access program. (Note that typing "csh"
X does not give you csh unless it's in the SHELL
X environment variable.)
X
X unlock [file1 file2 file3 .....]
X Unlock the named files, or, if no arguments are
X given, unlock the current directory. This is
X equivalent to using the "chmod" command with the
X mode argument set to "755".
X
________This_Is_The_END________
echo 'x - access.ms'
sed 's/^X//' <<'________This_Is_The_END________' >>access.ms
X.DA October 1984
X.EH 'Access'- % -'Access'
X.OH 'Access'- % -'Access'
X.EF 'Mahler/Curry'\*(DY'Purdue \s-1ECN\s+1'
X.OF 'Purdue \s-1ECN\s+1'\*(DY'Mahler/Curry'
X.RP
X.TL
XAccess \-
XA Program to Interpret Pathname Access
XPermissions for the
X.UX
XOperating System
X.AU
XStephen J. Mahler
XDavid A. Curry
X.AI
XEngineering Computer Network
XSchool of Electrical Engineering
XPurdue University
XWest Lafayette, Indiana 47907
X.AB
XThe program described in this paper,
X.B access ,
Xwas written to help users interpret the permissions set on their
Xfiles by showing in a concise format who may read,
Xwrite,
Xexecute,
Xand remove a given file.
XRather than simply reporting the permissions on the file itself,
X.B access
Xtakes into account the permission bits set on the directories which
Xlead to the file.
XThis results in a correct listing of exactly who may access the file,
Xwhereas reporting the permissions on the file alone does not.
X.AE
X.NH 1
XIntroduction
X.PP
XWhen a user is first introduced to
X.UX ,
Xhe is taught about files \-
Xhow to edit them,
Xhow to read them,
Xhow to print them,
Xand how to delete them.
XUnfortunately,
Xhe is rarely instructed on how to protect or control access to them.
XAt the Purdue Engineering Computer Network (\s-1ECN\s+1),
Xbecause a large number of our users are faculty and students
Xwho use the computer for classwork,
Xfile protection is an important aspect of
X.UX
Xwhich we feel must be understood by even the most casual user.
XSome class instructors even impose a penalty if a student leaves
Xhis class files in an unprotected state.
X.PP
XMany users have problems in understanding the file protection facilites
Xunder the
X.UX
Xoperating system.
XThe lack of understanding about the file protection mechanism
Xcan be attributed to one or more of the following:
X.IP 1.
XThere are three sets of permissions for each file.
XThese are the permissions for the file's owner,
Xother members of the owner's group,
Xand ``the rest of the world.''
XMost users would have very little trouble understanding that,
X``I have one set of permissions,
Xand everyone else has another set.''
XUnfortunately,
Xthe concept of groups under
X.UX
Xthrows a monkey-wrench into the works.
XOften new users are all placed into the same
Xdefault group,
Xthe above sentence now becomes,
X``I have one set of permissions,
Xother people in my group have another set of permissions,
Xand the rest of the world has a third set of permissions.
XBut,
Xsince almost everyone else is in my group,
Xthen the group permissions are really more like the world permissions,
Xexcept that those people who aren't in my group still use the real
Xworld permissions.''
XIt is no wonder that many users are confused.
X.IP 2.
XThe program to change file permissions,
X.B chmod (1),
Xwas not written with the novice user in mind.
XModes are specified to
X.B chmod
Xby giving it an octal representation of the permission bits to
Xbe set on the file.
XThis may make sense to those who know how
X.UX
Xstores file permissions,
Xhowever,
Xto the average user these
X.ne 4
Xare just numbers with no inherent meaning\(dd.
X.FS
X\(dd
XThis may be due to the confusing nature (to the non-programmer)
Xof bit-fields and the logical operations
X.B and
Xand
X.B or .
X.FE
XThe newer versions of
X.B chmod
Xhave included a symbolic notation
Xfor specifying the modes to be set.
XThis is done by indicating which set (owner, group, world)
Xof permissions to change,
Xand which permissions (read, write, execute) to turn on and off.
XFor example,
Xthe command
X.B "chmod g-r"
X.I filename
Xwould be used to turn off group read permission on the
Xfile
X.I filename .
XAlthough this notation is somewhat unwieldy at times,
Xit is an improvement over the octal notation.
X.IP 3.
XUsers often do not realize that file access permissions are affected by the
Xpermissions on the directories leading to the file.
XFor example,
Xif a user makes his file readable by everyone,
Xand yet his directory is searchable only by him,
Xhe does not understand why his friend cannot copy the file.
X.PP
XIn order to help new users protect their files,
Xthe \s-1ECN\s+1 has created,
Xover the past several years,
Xfour programs which attempt to eliminate
Xthe sources of confusion described above.
XThis document is primarily intended to describe the newest and most unique of
Xthese programs,
X.B access .
XHowever,
Xbecause
X.B access
Xcan use the other three programs,
Xthey will be described in brief.
X.NH 1
X\s-1LOCK\s+1 and \s-1UNLOCK\s+1
X.PP
XSeveral years ago,
Xthe \s-1ECN\s+1 created two programs for changing file permissions.
XThese programs are called
X.B lock
Xand
X.B unlock .
XThe
X.B lock
Xprogram removes read, write, and execute permission for the group and
Xworld on each file named in its arguments.
XThe
X.B unlock
Xprogram restores read and execute permission for the group and world
Xon each file named in its arguments.
XBoth programs,
Xif no arguments are given to them,
Xwill change the permissions on the user's current working directory.
X.PP
XActually,
X.B lock
Xand
X.B unlock
Xwere implemented as a single shell script,
Xshown below:
X.DS
X.nf
X.ta 5m 10m 15m 20m 25m 30m 35m 40m 45m 50m 55m 60m
XPATH=/bin
Xmode=go-rwx
X
Xcase $0 in
X unlock|*/unlock) mode=go+rx
Xesac
X
Xfor name in ${*\-.}
Xdo
X if test ! \e( -f $name -o -d $name \e)
X then
X echo Making directory $name
X mkdir $name
X fi
X /bin/chmod $mode $name
Xdone
X.DE
X.NH 1
XThe \s-1INFO\s+1 Program
X.PP
XThe
X.B info
Xprogram is used to print information about a file.
XEssentially,
Xit is a combination of the
X.B file (1)
Xprogram,
Xand the
X.B stat (2)
Xsystem call.
XFor each file named in its arguments,
X.B info
Xwill print the name of the file,
Xits type (directory, normal file, character special file, etc.),
Xits size,
Xa guess at the contents of the file,
Xthe owner and group of the file,
Xand the creation,
Xlast modification,
Xand last access times for the file.
XIf the
X.B \-v
X(verbose)
Xflag is given,
Xthe number of links to the file,
Xits inode and device numbers are also printed.
X.PP
XAn important feature of
X.B info
Xwith respect to file permissions is that it ``decodes'' the permissions
Xwhich have been set on the file.
XThese permissions are printed in three formats.
XFirst,
Xthe octal representation of the permission bits is printed.
XSecond,
Xthe ``rwx'' notation as used by
X.B ls (1)
Xis printed,
Xand third,
Xa list of which permissions the owner,
Xgroup,
Xand world have on that file (\s-1N\s+1.\s-1B.\s+1: these are permissions
Xon the file only,
Xthe directories leading to the file are not considered).
XThis is demonstrated in the example below:
X.DS
X.ta 5m 20m
X$ info /etc/passwd
X File Name - /etc/passwd
X File Type - normal file
X File Size - 115525 bytes, 113 Kbytes
X File Contents - ASCII text
X Uid of Owner - root (0)
X Gid of Owner - root (0)
X File Mode - rw-r--r-- (644)
X.ta 14m
X User root: readable, writable
X.ta 13m
X Group root: readable
X.if t .ta 12m
X.if n .ta 10m
X Everyone else: readable
X.ta 5m 15m
X Links to file - 1
X Inode Number - 2130
X Inode's Device - 4
X Creation Time - Tue Sep 25 09:12:08 1984
X Last Modified - Tue Sep 25 09:12:07 1984
X Last Accessed - Tue Sep 25 09:55:20 1984
X$
X.DE
X.NH 1
XThe \s-1ACCESS\s+1 Program
X.PP
XThe
X.B access
Xprogram is used to actually determine who may read,
Xwrite,
Xexecute,
Xand remove a given file.
XIt is the newest of the four programs,
Xand we believe that it is unique in its approach to interpreting
X.UX
Xfile permissions.
X.B Access
Xoperates in one of two modes.
XIt can accept command-line arguments,
Xor,
Xif no arguments are given,
Xit enters an interactive mode.
XWhen arguments are given,
X.B access
Xwill print out the access permissions for each file named.
X.PP
XAccess determines file access permissions
Xusing the following algorithm (see the
Xnext section for a more detailed description):
X.DS
X.ta 5m 10m 15m 20m 25m 30m 35m 40m 45m 50m 55m 60m
Xfile = \fIfull path to file\fP
Xpath = ``/''
X
X\fBrepeat\fP
X \fIdetermine access permissions on\fP path
X
X \fBfor\fP i = 1 \fBto\fP \s-1MAXUSERS\s+1 \fBdo\fP
X \fIdetermine whether user\d\s-2i\s+2\u may read\fP path
X \fIdetermine whether user\d\s-2i\s+2\u may write\fP path
X \fIdetermine whether user\d\s-2i\s+2\u may execute\fP path
X
X \fIcombine this information with that determined\fP
X \fIfor the previous value of\fP path
X \fBend\fP
X
X path = path + \fBnextcomponent\fP(file)
X\fBuntil\fP path == file
X.DE
X.LP
XWhen the algorithm has finished,
Xeach user's access permissions for the file in question will be known.
XThis information is then processed in order to determine the most
Xconcise way to print it,
Xand the result is then printed on the standard output.
XFor example,
Xthe command
X.B "access /etc/passwd"
Xproduces the output
X.DS
X.ta 10m
X/etc/passwd (file):
X Readable by: everybody
X Writable by: root
X Executable by: nobody
X Removable by: root and members of group root
X.DE
X.LP
XIf the current directory is
X.I /e/davy/system/miscellaneous ,
Xthe command
X.B "access foo"
Xmight produce the output
X.DS
X.ta 10m
X/e/davy/system/miscellaneous/foo (file):
X Readable by: members of group nightowl
X Writable by: davy
X Executable by: nobody
X Removable by: davy
X.DE
X.LP
XNote that the entire path to the file is printed.
X.PP
XIf
X.B access
Xis invoked with no arguments,
Xinteractive mode is initiated.
XIn this mode,
X.B access
Xbehaves as a special shell,
Xand permits the user to execute various commands to examine and change
Xthe permissions on his files.
XThe following section describes the commands available in the interactive
Xmode.
X.NH 2
X\s-1ACCESS\s+1 Interactive User's Manual
X.PP
XWhen
X.B access
Xis first invoked,
Xit determines the current working directory.
XOnce this has been done,
Xthe prompt
X.I Command :
Xis printed.
XThe commands available are:
X.IP "\fBaccess\fP \fIfile\fP [\fIfile file .....\fP]"
XThe
X.B access
Xcommand prints out a list of who may read,
Xwrite,
Xexecute,
Xand remove each file or directory listed on the command line.
XThis list may be a single user's name,
Xthe name of a group,
Xor a list of names.
XAlthough
X.B access
Xis fairly smart about figuring out the most concise way to list the people
Xwho may do something to a file,
Xoccasionally it can't.
XIf this happens,
Xa line such as ``there are 592 names in this list'' will be printed,
Xand you will be asked if you really want to see the list.
XIf you do want to see the list,
Xtype `y' (for `yes'),
Xotherwise,
Xtype `n' (for `no').
X.IP "\fBcat\fP [\fIargs\fP] \fIfile\fP [\fIfile file .....\fP]"
XExecute the
X.B cat (1)
Xprogram on the named files.
XThis is used when you want to see what a file contains.
XSome of the arguments
X.B cat
Xaccepts are
X.B \-n
Xto number the lines,
Xand
X.B \-v
Xto print ``invisible'' characters.
X.IP "\fBcd\fP \fIdirectory-name\fP"
XChange into the directory named
X.I directory-name.
XThis command is just like the shell command of the same name.
X.IP "\fBchmod\fP \fImode file\fP [\fIfile file .....\fP]
XExecute the
X.B chmod (1)
Xcommand on the named files.
X.B Chmod
Xis used to change the permissions on a file.
XModes are described in the manual for
X.B chmod
Xand also in the help file for
X.B access
X(see the \fBhelp\fP command).
X.IP "\fBexit\fP"
XExit the
X.B access
Xprogram.
X.IP "\fBquit\fP"
XThe same as
X.B exit .
XYou may also type Control-\s-1D\s+1 to exit.
X.IP "\fBhelp\fP"
XDisplay a help file listing all the commands available and their uses.
XThis file is printed with the
X.B more (1)
Xcommand.
XTyping a question mark (`?') also shows this file.
X.IP "\fBinfo\fP [\fIargs\fP] \fIfile\fP [\fIfile file .....\fP]"
XRun the
X.B info (1)
Xcommand on the named files.
X.B Info
Xprints out various pieces of information about a file or directory,
Xsuch as its mode,
Xowner,
Xsize,
Xcontents,
Xcreation time,
Xetc.
XSome of the arguments to
X.B info
Xinclude
X.B \-v
Xto print even more information,
Xsuch as number of links,
Xinode numbers,
Xetc.,
Xand
X.B \-f
Xto skip trying to guess what's in the file.
X.IP "\fBlock\fP [\fIfile file file .....\fP]"
XLock the named files.
XIf no files are named,
Xthen the current directory is locked.
X.B Lock
Xis a variant of the
X.B chmod
Xcommand;
Xit simply makes everything mode 0700 (readable, writable, and executable
Xby the owner only).
X.IP "\fBls\fP [\fIargs\fP] [\fIfile file file .....\fP]"
XExecute the
X.B ls (1)
Xcommand on the named files.
XIf no files are named,
Xthe files in the current directory are listed.
XSome of the arguments to
X.B ls
Xinclude
X.B \-l
Xto get a long listing,
X.B \-s
Xto show the size in kilobytes of each file,
Xand
X.B \-a
Xto show files whose names begin with `.'.
X.IP "\fBmore\fP [\fIargs\fP] \fIfile\fP [\fIfile file .....\fP]"
XExecute the
X.B more (1)
Xcommand on the named files.
X.B More
Xis similar to
X.B cat,
Xexcept that it stops after every page of the file and waits for the
Xuser to press the space bar before going to the next page.
X.IP "\fBpwd\fP"
XPrint the pathname of the current directory.
X.IP "\fBsh\fP"
XExecute a shell.
XThe shell executed is normally taken from the environment variable
X.B \s-1SHELL\s+1 ,
Xif this is not set,
X.I /bin/sh
Xis used.
XTo return to
X.B access,
Xtype Control-\s-1D\s+1 (press the \s-1CTRL\s+1 key and the \s-1D\s+1
Xkey at the same time).
X.IP "\fBcsh\fP"
XThe same as the
X.B sh
Xcommand.
X.IP "\fBunlock\fP [\fIfile file file .....\fP]"
XUnlock the named files.
XIf no files were named,
Xunlock the current directory.
XThis is the inverse of the
X.B lock
Xcommand;
Xit makes the named files mode 0755 (readable, writable, and executable by
Xthe owner, readable and executable by everyone else).
X.PP
X.B Access ,
Xeven in interactive mode,
Xunderstands the
X.I metacharacters
Xused in the shell.
XThat is,
Xwhen naming files,
Xthe characters `*',
X`?',
Xand `[]'
Xhave special meanings.
XThese are described in the manual for the shell,
Xeither
X.B sh (1)
Xor
X.B csh (1).
X.B Access
Xalso understands the `~' character,
Xwhich represents the home directory.
XFor example,
Xa `~' alone represents your home directory,
Xbut ``~davy'' represents the home directory for user ``davy.''
X.NH 1
XHow \s-1ACCESS\s+1 Works
X.PP
X.B Access
Xworks by simulating (after a fashion) the
X.B access (2)
Xsystem call for each user on the system.
XFor each user,
Xa structure is maintained containing the user's user id,
Xlogin name,
Xand a list of the groups for which he is a member.
XFor each group,
Xa structure is maintained containing the group's group id,
Xits group name,
Xand the number of users who are members of that group.
XThe support program
X.B mkaccessdb
Xis run nightly by
X.B cron (8)
Xand is responsible for making the lists of users and groups and determining
Xwhich groups each user belongs to.
XThis information is then saved in two files which are loaded into memory
Xeach time the
X.B access
Xprogram is executed.
X.PP
XThe first thing
X.B access
Xdoes to determine who may access a file is to figure out the full
Xpathname to that file.
XThis is done by obtaining the name of the current directory,
Xand concatenating the name of the file to it.
XThe concatenation routine is somewhat intelligent,
Xand resolves things like ``../'' and ``./'' automatically.
XIf a file's name begins with `/',
Xthe full pathname is already known,
Xand the above procedure is not performed.
X.PP
XNow that the full path to the file is known,
X.B access
Xbegins ``walking'' the path and determining the protection mode of
Xeach component in the path using the
X.B stat (2)
Xsystem call.
XAt the outset,
Xeach user is ``granted'' permission to read,
Xwrite,
Xand execute any file.
XAs the path is traversed,
Xthe permissions for each user are modified according to the permission bits
Xset for the current path component.
XThese modifications are made following the same rules used by the operating
Xsystem to determine access permissions.
XBy logically
X.I and ing
Xthe file's permission bits with those of the user,
Xthe new permission bits for the user can be determined.
XNote that this implies that while a user may
X.I lose
Xpermission to do something to a file,
Xhe can never
X.I gain
Xpermission to do something.
XThe problem of which set (owner, group, world) of permission bits
Xto use when determining a specific user's permissions is resolved
Xby the following rules:
X.IP 1.
XIf the user whose permissions are currently being determined
Xowns the file (or directory) being evaluated,
Xhis access permission is determined by the owner permissions on
Xthe file (directory).
XIf he does not own the file,
Xthe group and world permissions will be checked.
X.IP 2.
XIf the user is a member of the group which owns the file,
Xand he does not own the file,
Xhis access permission is determined by the group permissions on
Xthe file.
XIf he is not a member of the group,
Xthe world permissions will be checked.
X.IP 3.
XIf the user does not own the file,
Xand he is not a member of the group which owns the file,
Xhis access permissions will be determined by the world
Xpermissions on the file.
X.LP
XNote that under no circumstances will a user's access permission be determined
Xby more than one set of permission bits on the file.
XIn this way,
Xhe cannot regain access permission which has been denied by a previous set
Xof permission bits.
X.PP
XFinally,
Xafter determining the access permissions for every user,
X.B access
Xattempts to figure out a way to group together those users which have a
Xcertain access permission.
XFor example,
Xif all the users who have write permission on the file are members
Xof the same group,
Xthen
X.B access
Xcan print ``members of group x'' instead of listing the users
Xindividually.
XOf course,
Xif one of the users in the group does not have write permission on
Xthe file (e.g., if the owner permissions are read and execute and
Xthe group permissions are read, write, and execute
Xand the owner is a member of the group),
X.B access
Xwould modify the message slightly to read ``members of group x except y.''
XMany other combinations are possible,
Xand
X.B access
Xis nearly always capable of finding one which fits.
XIn the few cases in which it cannot decide on a grouping
X(for example,
Xwhen there are many subdirectories in the path to the
Xfile, each one owned by a different user and group,
Xand file permissions which alternate between owner-only
Xand ``everybody''),
X.B access
Xwill offer to print the entire list of names.
XThe user may decide whether he wishes to see this list.
X.PP
XThe amount of processor time used by
X.B access
Xcan be divided into two parts:
Xthe time taken to read in the user and group files (a once per invocation
Xoccurrence),
Xand the time taken to actually determine the access permissions for
Xa file.
XFor an ``average'' password file containing 107 users,
X.B access
Xuses less than 0.3 seconds of processor (sys + user) time.
XFor an extremely large password file containing 1,842 users,
X0.2 seconds of user time and 1.1 seconds of system time are used.
XThese times were recorded on a \s-1VAX\s+1-11/780 under 4.2\s-1BSD\s+1.
XThis initial overhead (particularly with the large password file)
Xprompted the creation of the interactive form of the command,
Xenabling users to save time when checking a number of files
Xby only reading the user and group files once.
X.PP
XAfter the user and group files have been read in,
X.B access
Xruns very rapidly.
XTo print out the access permissions for five files,
Xeach file five levels deep (i.e.,
X.I /a/b/c/d/e ),
X.B access
Xrequires 4.8 seconds of user time and 0.4 seconds of system time (in
Xaddition to the times used to read in the files) when running with
Xthe large password file;
Xapproximately 0.2 seconds of user and system time combined are needed
Xwhen using the short password file.
XThe times to print out the access permissions for the root directory (``/'')
Xare 0.4 seconds of user time and
X0.1 seconds of system time for the large password file;
Xless than 0.1 seconds of combined user and system time are needed when
Xusing the short password file.
X.NH 1
XSpecial Cases
X.PP
X.B Access
Xtreats two conditions as special cases.
XFirst,
X.B access
Xdoes not acknowledge the fact that user
X.I root
Xhas the capability to read,
Xwrite,
Xand execute
X.I all
Xfiles,
Xregardless of their owners or permissions.
XThis treatment was decided upon in order to prevent users from becoming
Xconfused by some unknown account (root) who could always read,
Xwrite,
Xand execute their files.
X.PP
XSecondly,
Xif
X.B access
Xencounters a file owned by a user who is not in the password file,
Xit assumes that the user does not exist (since it is impossible to
Xlog in under that user id).
XThus,
Xif a mode 0700 (read, write, and execute for owner only)
Xfile is owned by a non-existent user,
X.B access
Xwill state that nobody can read,
Xwrite,
Xor execute the file.
X.NH 1
XConclusion
X.PP
XThe
X.B access
Xprogram has been well-received at the \s-1ECN\s+1,
Xand is presently being taught to new students who are enrolled
Xin the beginning computer course for the School of Electrical Engineering.
XBy automating the process of determining who may access a file,
Xthe confusion for the user has been removed.
XAlthough this is arguably wrong,
Xsince the user will probably never learn how the permissions actually
Xwork,
Xit seems to be the most desirable solution.
XThis is primarily because most of our student users use the machine for
Xcoursework only,
Xand are not interested in how things work,
Xonly in getting their work done.
X.FS
XThis document and the software it describes are hereby placed
Xin the public domain and may be used by anyone for any purpose
Xprovided that they are not used or sold for profit and that
Xthis notice and the names of the orignal authors appear with
Xall copies.
X.FE
________This_Is_The_END________
exit