Changelog:

  • 3 Feb 2023: describe how to make directory accessible to another user on portal; correct link to permissions reading
  • 7 Feb 2023: fix typo of /localtemp for /localtmp
  • 7 Feb 2023: add footnote regarding not working with a partner

Creating, renaming, removing, opening, reading from, writing to, and executing files can only be done the operating system. As such, the OS gets to decide when to approve a request to do one of these things and when to reject it. Although not all OSs use the same system, the POSIX standard defines a set of file permissions that are commonly used.

Work, ideally with a partner1, to achieve the following:

  1. Answer the first question about converting from a letter permission to numeric permission or vice-versa on the answer sheet.

  2. Create a directory either:

    • in your home directory, or
    • in /localtmp on the portal machines. (/bigtemp will not work, it does not support ACLs.) Do each of the following steps in that directory.
  3. Make sure the directory is accessible to your partner. Use chmod or setfacl to set permissions on the directory.

    • If it is in your home directory, then by default the permissions on your home directory disallow access to anything inside it, even if those files or directories are themselves set to allow access. You can change this with something like chmod og+x /u/COMPUTING-ID (On directories, x is search permission; which allows accessing files within the direcgtory if you know their names).

    • If it is in /localtmp, make sure you are on the same portal backend machine, like you did for the signals lab.

  4. Create a directory dir with a file foo and a file baz where you can ls and cat freely, but your partner finds that

    1. ls dir refuses to run
    2. cat dir/foo works
    3. cat dir/baz refuses to run
  5. Create a file shared.txt and set its access control list so that

    1. you can read and write it
    2. your partner can read it
    3. other users (including TAs) cannot do either one
  6. Make a file simple.sh which can be run both by bash simple.sh and ./simple.sh containing bash commands that

    1. appends a line containing the current day and time to file simple_runs
    2. reports how many lines simple_runs contains (See the section of the reading on executable text files.)
  7. Determine which of the following are possible to achieve and write your answers (with a brief explanation) on the answer sheet:.

    1. cat xyxxy works but echo 'hi' >> xyxxy does not
    2. echo hi >> xyxxy works but cat xyxxy does not
    3. ./xyxxy works but cat xyxxy does not
    4. ./xyxxy works but echo hi >> xyxxy does not
  8. Either:

    1. check off your lab completion with a TA, or
    2. from your home directory, run tar --acls -cvf permissions-lab.tar BASE-DIRECTORY where BASE-DIRECTORY is the directory you created for everything in the lab. Then upload permissions-lab.tar to the submission site.

The information needed to achieve these goals is explained in the reading on permissions. We recommend you read it in full, discussing it with a partner and asking clarifying questions of TAs as you go, then return to the tasks above.


  1. If you don’t work with a partner, you may use the username nobody in place of what would be your partner’s username. But you won’t be able to verify that some of your permissions settings work, which is why I would very strongly recommend having a partner.↩︎