RFC: New section for the Unix Basics chapter.

Tom Rhodes trhodes at FreeBSD.org
Thu Jun 19 21:45:37 UTC 2003 

On Thu, 19 Jun 2003 23:38:58 +0200
"Simon L. Nielsen" <simon at nitro.dk> wrote:

> On 2003.06.19 14:44:21 -0400, Tom Rhodes wrote:
> 
> > In this email I have a patch to add information on symbolic permissions
> > to the Unix Basics chapter of our handbook.  Now I'm a little wierd on
> > the table output and I know that it could use a few more <literal>
> > tags, but I wanted to get a general idea before I put more work into
> > it.
> > 
> > Comments, suggestions, death threats welcome.  Thanks!
> 
> A few minor style/docbook sugestions in attached patch. General comments
> below.
> 
> > --- chapter.sgml	Thu Jun 19 14:39:43 2003
> > +++ chapter.sgml.new	Thu Jun 19 14:07:59 2003
> [CUT]
> +	  <row>
> +	    <entry>(permissions)</entry>
> +	    <entry>s</entry>
> +	    <entry>SUID or SGID</entry>
> +	  </row>
> 
> Set UID / Set GID or something a bit more verbose perhaps ?

Perhaps.  Thats actually a good idea, I'll just do it that way.

> 
> [CUT]
> > +    <para>These values are used with the <command>chmod</command> command
> > +      just like before, but with letters.  For an example, you could use
> > +      the following command to block other users from accessing the files
> > +      in your home directory:</para>
> > +
> > +    <screen>&prompt.user;<userinput>chmod go= *</userinput></screen>
> 
> I think this is a bad example since it really doesn't prevent others
> from reading e.g. dotfiles and the directory content. This section is
> targeting newbies I think it's better not to let them think they can
> "secure" a directory this way.  I think a simple example with some
> random file would be fine - like the next example.

Have a better one I could use?

> 
> > +    <para>A comma separated list can be provided when more than one set
> > +      of changes to a file must be made.  For example the following command
> > +      will remove the groups and <quote>world</quote> write permission
> 
> When referencing world here (which I think is OK) I think "(World)" or
> something like that should be added group option in the table.

At the time of writing, I couldn't think of a way to phrase it.  Help
on this would be great!

> 
> > +    <para>Most users will do not notice this, but it should be pointed out
> > +      that using the octal method will only set or assign permissions to
> > +      a file; it does not add or delete them.  This means that the octal
> > +      method does not have an equivalent option to the following command:</para>
> > +
> > +    <screen>&prompt.root; <userinput>chmod u+rw <replaceable>FILE</replaceable></userinput></screen>
> > +
> > +    <para>The closest octal value would be <literal>0600</literal> and it would not
> > +      be the same.</para>
> > +    </sect2>
> 
> I must say that I'm not really sure what you are trying to say here.
> 
> Mode 0600 would be the same as (the rather obscure) "chmod
> u+rw-sx,go-swrx"...

Ack, your right.

--
Tom Rhodes

More information about the freebsd-doc mailing list