1

Files Files are central to UNIX

Commands System privileges and permission control Device I/O Inter-process communication

2

File ownership File Ownership

User owner Group owner

The group owner is independent of user owner Example: Displaying file ownership “ls –l”

drwxrwxr-x 2 pop 403 512 Sep 24 11:47 acm

drwxr-xr-x 9 pop csdept 1024 Oct 13 15:54 acm.contest

-rw-r----- 1 john csdept 261 Mar 11 1999 address

3

More about file ownership Who owns new files?

Owner is the one who create it Group owner

On System V, current group of the user On BSD-based systems, the group owner of the

directory

Changing file ownership Use chown , chgrp

Traditional System V, both superuser and user owner are allowed

POSIX-compliant SystemV and BSD, only superuser can change

4

More about file ownership More about changing file ownership

Use recursive option –R#chown –R harvey /home/xyz

Use find command# find /home/xyz –print | xargs chown test

Change owner and group using chown#chown new-owner:new-group files

Change group owner#chgrp newgroup file

BSD: non-root users of chgrp must be The owner of the file and A member of the new group to change

5

File permission File Access Types

Access classes User access (u) Group access (g) Other access (o)

Example -rw-rw-r--

Access Meaning on File Meaning on Directory

r View file contents.

Search directory contents (e.g. use ls, ls *.txt).

w Alter file contents.

Alter directory contents ( e.g. delete files in it).

x Run executable file

Make it your current directory (cd to it)

6

File permission Setting file protection

chmod accessstring_list files Access string has three parts:

Access_classes operator access_type Access classes u, g, o, a Operator: +, -, = Access type: any combination of r,w,x

For example: #chmod g+w testfile

Recursive option: -R #chmod –R go-rwx /home/xyz

Read the mannual of chmod for more options

7

File permission Specifying numeric file modes

Example: r-xr—r– is 544 Specifying the default file mode

umask Specify the inhibited access permission with a

three digit numeric mode. Example: if umask is 077

077 is 000 111 111 No r,w,x for group and others. Possible rwx for

owners.

8

CASE STUDY New employee Sandy joined the

department and needs to share the access to some files owned by John.

Possible ways:1. Copy all the files from John to Sandy2. Make all the files permission 777. 3.

9

File Special Purpose Access Modes

Code Name Meaning

t Sticky bit Keep executable in memory after exit

s SUID Set process user ID on execution

s SGID Set process group ID on execution

l File locking Set mandatory file locking on read/writes.

10

File Sticky bit on directories

If set, a user can only delete files that she owns or she has explicit write permission.

Example: /tmp[ruihong@dafinn ~]$ ls -ld /tmpdrwxrwxrwt 27 root root 4096 Jan 13 14:58 /tmp

Set it with User access class #chmod u+t /tmp

Setgid access on directories Files created in this directory will have the same group

ownership as the directory itself. Example: when groups of users need to share a lot of

files, with s bit, correct group ownership will be set for new files.

#chmod g+s files

11

Files Numerical equivalents for special access

modes Additional octal digit is prepended to the mode

Setuid, setgid, sticky bit Chmod u+s Chmod g+s Chmod o+s

Example 4755: setuid 6755 : setuid and setgid 1777: stick bit

12

File How to recognize a File access problem

File ownership or protection problem If root can do it, then …

Example The temporary files with the same name created by a

different users still exist Application switched the group ownership behind the

scene. A administrator decided to protect /dev/null, which

caused some editor stopping working.

13

inode Mapping Files to Disks - inode

Data structure Created when initialize the disk –

Max number Typically, one inode for every 2 –

8Kbytes file storage Information stored

User owner and group owner ID’s.

File type Access modes File creation, access and

modification times Inode modification time Number of Links to the file Size of the file Disk addresses

specifying/leading to No file name in inode,

Where is file name stored? Where is the mapping between name and inode?

14

File File Types

Regular files Directories

A directory is a binary file. Directory entries are filename-inode pairs

Special files Two types of special files

Character special files Block special files

Located under /dev Links

Several filenames to refer to a single file on disk Hardlink and softlinks

15

File More file types

Unix domain sockets Communication connection points

Printing system Syslog (/dev/log)

Named pipes Also known as FIFO Communication between programs Commonly used to avoid writing temporary files like regular pipe

16

File Using “ls –l “to identify file types

- Plain file (hard link) d Directory l Symbolic link b Block specific file c Character special file s socket p Named pipe

17

File Example:

Show file types with -l[ruihong@dafinn filetypes]$ ls -ld * /dev/log /dev/hda1brw-rw---- 1 root disk 3, 1 Sep 15 2003 /dev/hda1srw-rw-rw- 1 root root 0 Nov 30 10:08 /dev/log-rw------- 2 ruihong csdept 0 Jan 4 09:43 gold.dat-rw------- 2 ruihong csdept 0 Jan 4 09:43 hlinklrwxrwxrwx 1 ruihong csdept 8 Jan 4 09:43 slink -> gold.datdrwx------ 2 ruihong csdept 512 Jan 4 09:48 testdir

Show types with -F[ruihong@dafinn filetypes]$ ls -ldF * /dev/log /dev/hda1brw-rw---- 1 root disk 3, 1 Sep 15 2003 /dev/hda1srw-rw-rw- 1 root root 0 Nov 30 10:08 /dev/log=-rw------- 2 ruihong csdept 0 Jan 4 09:43 gold.dat-rw------- 2 ruihong csdept 0 Jan 4 09:43 hlinklrwxrwxrwx 1 ruihong csdept 8 Jan 4 09:43 slink -> gold.datdrwx------ 2 ruihong csdept 512 Jan 4 09:48 testdir/

Show hard link –i[ruihong@dafinn filetypes]$ ls -ldFi *2624881 -rw------- 2 ruihong csdept 0 Jan 4 09:43 gold.dat2624881 -rw------- 2 ruihong csdept 0 Jan 4 09:43 hlink2624882 lrwxrwxrwx 1 ruihong csdept 8 Jan 4 09:43 slink -> gold.dat2675566 drwx------ 2 ruihong csdept 512 Jan 4 09:48 testdir/

Check file type using file command, which uses /etc/magic or /usr/share/file/magic

[ruihong@dafinn filetypes]$ file /etc/passwd /bin/ls /dev/log /dev/hda1/etc/passwd: ASCII text/bin/ls: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, dynamically linked (uses shared libs),

stripped/dev/log: socket/dev/hda1: block special (3/1)

18

Files and processes The Relationship between commands and files

Build-in shell commands Executable files

Search path $PATH

$echo $PATH/usr/bin:/usr/ucb:/bin:/usr/local/bin:.:/$HOME/bin

The order is important in $PATH Edit $HOME/.profile or $HOME/.login Check $PATH for error message “Command not found” Most administrative utilities are located under /etc,

/usr/sbin, /sbin

19

Devices Allow device I/O operations to look just like file I/O CASE study

A junior SA was asked to backup all the files under /apg to a tape

The correct tape device name was /dev/rmt2 The backup command should look like

#tar cvf /apg /dev/rmt2 Well, the SA typed the command with a typo

#tar cvf /apg /dev/rnt2 What will happen?

Will the command error out because of the wrong tape? Will the command finish without error? Where did the stuff go?

As a matter of fact, in the middle of the backup, users started to get errors saying / was full.

Warning: Better to check the tape by reading it after the backup finish.

20

Devices Example: disk drives

Disk partitions Root partition/system disk Disk special files (partitions, modes) Mounting a disk partition (filesystem) into the

Unix directory hierarchy Mount /dev/disk0a /home

21

Devices: Naming conventions On HP-UX,

/dev/rdsk/c2t4d0s0 Where

c2: the controller number t4: driver number on the controller d0: logical unit number for SCSI devicesWill be 0 only if more than one disk per target, say

storage array. S0: partition number on that drive

22

Devices: Naming conventions Solaris Device Naming Conventions

Referenced in three ways Physical device name - /devices Instance name /etc/path_to_inst Logical device name - /dev (links to /devices)

Linux Device Naming Default is device type plus an incrementing value based

on the order in which devices are found Ethernet devices: eth0, eth1 SCSI and Serial ATA disks: /dev/sda, dev/sdb IDE devices: /dev/hda, /dev/hdb

Linux 2.6 kernels and “udev” tool enable administrators to assign arbitrary names to devices

23

Devices: Naming conventions Example: Special files for Other devices

Special file form Example Device/Use

/dev/[r]fdn* /dev/fd0 Floppy disk

/dev/rmtn /dev/rmt1 Tape devices

/dev/nrmtn /dev/nrmt1 Non rewind tape device

/dev/cdrom Cdrom device

/dev/ttyn/dev/ttySn

/dev/tty1/dev/ttyS1

Virtual terminal consoleSerial line (hardwired terminal/modem)

/dev/console Console device

/dev/kmem Map of kernel virtual memory

/dev/swap Swap device

/dev/null Null devices.

24

Devices List the devices on a system

HP-UX: ioscan Tru64 UNIX: hwmgr Linux:

List pci devices “lspci” List SCSI devices “scsiinfo –l” List hard disk parameters “ hdparm”

Solaris: Print system configuration: prtconf Lists devices: getdev

25

The Unix Filesystem Layout Common directories

/ Root directory

/bin Executables for user commands and utilities. Some files are links to file under /usr/bin

/dev Device directory, may includes sub-dirs such as dsk, mnt, pts, etc.

/etc and /sbin System configuration files and executables

Boot scripts /etc/default

hold default parameter values for various commands /home or /usr/users /lost+found

Files marked as in use on disk, but not listed in any directory – found by fsck

There is a lost+found on every disk partition

26

The Unix Filesystem Layout More about common directories

/mnt Temporary mount directory

/proc Designed to enable processes to be manipulated using UNIX file

accessing system calls. Linux puts more files about system configuration

/tmp Available to all users as a scratch directory. Normally, one of the UNIX startup script will clear /tmp.

/usr Subdirs for programs, share libraries, administrative commands

/var Spooling and other volatile directories.

Print spooling, mail system, cron facility Optional softwares Log files

/stand on HP – kernel image /kernel on Solaris – kernel image

27

The Unix Filesystem Layout The /usr directory

/usr/bin Command binary files and shell scripts X system: /usr/bin/X11

/usr/include Include files *.h, C-language header files Operating system include file /usr/include/sys

/usr/lib Standard C libraries for mathematics and I/O

/usr/local By convention, /usr/local/bin holds file that were

developed locally or retrieved from other sources.

28

The Unix Filesystem Layout More about /usr directory

/usr/share Shared among a group of networked systems for

static data files, … /usr/share/man

Manual pages Subdir /usr/share/man/man# for every man section

/usr/ucb Contains standard UNIX commands originally

developed under BSD.

Filesystem mounting/unmounting Mount a file system to the point of tree

#mount /dev/sda4 /users Umount

#umount /users Check what process hold references

#fuser –c /users

29

Access Control List Traditional UNIX 9bit permission Windows has a much more complicated

way – Access control lists POSIX started ACL for Unix

Extension to support multiple user/groups NSFv4 ACL

A union of all (UNIX + Windows) ACLs

30

ACL in Linux Entries:

User::perms User:username:perms Group::perm Group:groupname:perm Other::perms Mask::perms

Implemented at the file system level Disabled by default

Enable by mounting as –o acl Try to match the single most appropriate entry

Set/Get access control list – setfacl,getfacl31

Example: grant write to a user$ ls –l-rw-r--r-- 1 test test 0 Sep 21 14:57 file

$ setfacl -m user:ruihong:w file

$ ls -l file-rw-rw-r--+ 1 test test 0 Sep 21 14:57 file

$ getfacl file# file: file# owner: test# group: testuser::rw-user:ruihong:-w-group::r--mask::rw-other::r--

32

NFSv4 Linux does not support it

Can map POSIX acl to NFSv4 acl Solaris does support it See the textbook for more info

33