10.1.1.1 The Permission Mask

10.1.1.1  The Permission Mask

  In the program discussed in Section 10.1.1, there was no DBM file to begin with. Although the file name given in the program is customers, the extension .db is added to it automatically in some implementations. Note that depending on the system, the .db extension may or many not be added. The program created a file called customers.db to store the contents of the hash. The program was run on a Linux machine running Red Hat Linux.   A Unix call

%file customers.db

gives the following information on the file.

customers.db: Berkeley DB 2.X Hash/Little Endian

(Version 5, Logical sequence number: file - 0, offset - 0, Bucket Size 4096, Overflow Point 1,

Last Freed 0, Max Bucket 1, High Mask 0x1, Low Mask 0x0, Fill Factor 40, Number of Keys 0)

It is not really important to understand all the details about the format of the file. It is not a text file and cannot be read directly on the terminal.

If the program does not have write access to the DBM file, or write and execute access to the directory containing the DBM file, the program can read the contents of the hash variable, but not update its contents. To test whether one can write to the hash, one can use the file test operators in Perl, if necessary. In addition, one can try setting a dummy hash entry inside an eval. eval is the usual mechanism to trap errors in Perl.  

   The permission mask parameter used in dbmopen needs additional explanation. On a Unix machine, every file or directory has a permission mode associated with it. The permission mask can be considered a three-digit octal number. There are three types of users: a) the owner of the file or directory, b) the group of users to which the owner belongs, and c) everyone else. Every user in Unix belongs to a group. The group a user belongs to is established when the user’s account is created, although it can be changed later. Anyone not in the user’s group is considered everyone else. Each number in the permission mask can be considered as specifying permission modes for three types of users. We can abbreviate the three digits as U, G
and O, standing for the owner, the group and others, respectively. The three digits occur in the order UGO.

Table 10.10:  Permission Modes for Files and Directories

For example, a permission mode of 0444 gives read permission to each of the owner, everyone in the owner’s group, and to everyone else as well. In other words, everyone who has a user account on the system can read a file that has permission mode 0444. The 0 in front says it is an octal number. The permission mode for a single type of user (i.e., U, G or O) can be obtained by adding the three permission values of 4, 2 and 1. Table 10.10 specifies the value of the individual digit values for file or directory permission. For example, a permission value of 7=4+2+1 gives read, write and execute permission to a specific type of user. Thus, if the permission associated with a file is 754, the file is readable, writable and executable by individuals in the owner’s group, and only readable by everyone else. Thus, the use of the three digits allows one to specify somewhat fine-grained access modes for a file or a directory.

This is not the whole story though. The dbmopen function does not directly specify a permission mode for a DBM file it creates if the DBM file does not exist already. What it specifies is a called a mask that can be used to obtain the permission mode using simple arithmetic computation.

Suppose the DBM file under consideration does not exist. Assume the program is running on a Unix machine or a Unix-like machine, say Linux or Macintosh OS X. On such a machine, every user is associated with a global variable called umask, the user mask for file creation. umask takes an integer value and is used to specify the default permission mode associated with newly created files and directories. In the case of dbmopen, the value of the global umask is subtracted from the permission mask specified in dbmopen. In other words, the permissions in the umask are turned off from the mode argument given to a command like dbmopen.    

Assume the value of umask is 22 and the permission mask provided in dbmopen is 0666. In such a case, the permission mode associated with the created DBM file is 0666-22=0644. We assume all numbers are in octal. Thus, the DBM file created is readable, writable and executable by the owner; and is readable and writable by everyone else. If the mask given in dbmopen were 0777, the DBM file created will have permission mode of 0777-22=0755. In other words, the owner has all
permissions while everyone else has read and execute permissions. In the specific case of a DBM file, execute permission is not really useful in practice. It is used here for illustration only.