lpi 101 ch13 files and directories

8/9/2019 LPI 101 Ch13 Files and Directories

1/68

SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102

Chapter 13

Files and Directories


2/68


Objectives

Describe and explain the Linux filesystem

directory structure

Explain filesystemconcepts

Identify and explain inodes

Utilizechown, chgrp, and other filerelated

commands

Set user and group ID permissions

Identify and explain sticky bits

Identify and explain links


3/68


Standard Directories

Under Linux, nearly everything isrepresented as a file. Most

physical devicesin thesystem are accessed using special files

in the filesystem


4/68


Directory Hierarchy


5/68



/ The top of the Linux filesystem hierarchy

/bin Essential command binaries which arerequired in single usermode.

/boot Static files of theboot loader (containseverything required for theboot processexcept configuration files and themap installer)

/dev Device files, contains the location ofspecial or device files

/etc Reserved forconfiguration files that are local to yourmachine (nobinariesshould be located under/etc)

/etc/X11 is therecommended location for all X11 host-specificconfigurationfiles

/home User home directories

/lib Essential shared libraries and kernel modules (contains thosesharedlibrary images needed to boot thesystem and run thecommandsin theroot filesystem)


6/68



/mnt mount point of temporary partitions. Thisis generally thelocation to where temporary filesystems, such as floppies orCD-drives

/opt reserved for theinstallation of add-on application softwarepackages

/root Home directory ofroot user

/tmp temporary directory

/etc/init.d Masterstartup scripts (not used as part ofstartupconfiguration)

/etc/rc*.d Run-level startup configuration scripts, usually links to filesinthe/etc/init.d directory

/usr/src sourcecode

/usr/include

/usr/lib

header filesincluded by C programs

libraries


7/68



Windows directoriesrelate to Linux directoriesin terms of

functionality

Windows Linux

WinNT /system32 /bin, /sbin, /etc and /usr

Do not confuse the top level root directory / with the home

directory of thesuper user/root


8/68


FHS Data Types

The Filesystem Hierarchy System (FHS) defines two types

of data use:data sharingand data modification. Each of

theseclassifications has two opposing subtypes:


9/68


FHS Data Types

Data Sharing : defines the type of data used in a network

environment.Within data sharing, there are two subtypes:

Sharable

Non-Sharable Data that is defined assharable can be used by multiple

users orby multiple hosts

Non-sharable data is data that is linked to a specific host.

Passwords, configuration files, and logs areexamples of

non-sharable data


10/68


FHS Data Types

Data Modification : defines how data can be augmented.

There are two categories within thissection :

Variable

Static Variablerefers to data that ischanged by natural,

frequent, processes

Static data is just that: data that does not change on a

frequent orregularbasis. Binary programs are an

example ofstatic data types


11/68


The Linux File System

Linuxsupports diskpartitioning:

Onebranch of directory structurecan reside on one

partition

Different types of filesystems ormount optionscan beassigned to each partition


12/68



All UNIX-like filesystem types follow similarmodel:

Each filesystem on a partition (orslice) has an inode

table

Inode tablecomprisesone record for each file storedwithin this partition

Itsinode number uniquely identifies a file within the file

system


13/68



Each file has an inode tableentry:

Inode tableentry holds all attributes (meta data) of a file,

such as: filesize, user, group, permissions, etc.

Directoriesmap namesinto inode numbers: Directoriesstore links to inodes (and some/most store

short symlinks on ext2 and ext3 filesystems)

An inode numbercan havemore than one link

referencing it


14/68


Access Control

Primary function:prevent unauthorized access to system databy automatically protect file and directory accessby placinga standard set ofaccess permissions when files and directoriesarecreated


15/68


Viewing File and Directory Permissions

View permissions on files and directoriesby using the ls l

command.

Example

$ ls l .profile


16/68


Viewing File and Directory Permissions

r =readable

w = writeable

x = executable

- = denied


17/68


Permission Categories

User (owner) permissions

Group

Others (world)


18/68


Determining Access to a File orDirectory

Access to a file or a directory is determined by theUID andthe GID.

o UID Identifies the user who created the directory or fileand determines ownership.

o GID Identifies the group of users who own the directoryor file. A file or directory can belong to only one group at atime.

To view theseUID and GID numbers, use thels -n


19/68


Process ForDetermining Permissions


20/68


Types of Permissions

Permissionscontrol who can do whatto a file or directory andarerepresented by thecharacters:

r ( read )

w ( write )x ( execute )

- ( denied )


21/68


Types of Permissions


22/68


Example 1

-rwx------

File isread/write/execute forowneronly

dr-xr-x---

Directory isread/execute forownerand group

-rwxr-xr-x

File isread/write/execute forowner, and read/execute forgroup membersand others


23/68


Example 2

-rwxrw----

File isread/write/execute forownerand read/write forgroup

drwxr-x--x

Directory isread/write/execute forowner, read/execute forgroup and execute forothers

dr-x-w-r--

Directory isread/execute forowner, and write forgroupmembers and readforothers


24/68


Changing Permissions

You can modify the permissionsset on files or directoriesusing thechmod command.

$ chmod mode filename

Either theownerof the file or directory orsuperusercan usethiscommand to change permissions.

Thechmod command can modify permissionsspecified in

eithersymbolic mode oroctalmode.


25/68


SymbolicMode


26/68


Example 1

Removegroup readpermission :

$ ls -l dante

-rw-r--r-- 1 user2 staff 2 Jun 11 1:44 dante

$ chmod g-r dante

$ ls -l dante

-rw----r-- 1 user2 staff 2 Jun 11 1:44 dante


27/68


Example 2

Add execute permission forowner, and readpermission forgroup and others:

$ ls -l dante

-rw------- 1 user2 staff 2 Jun 11 1:44 dante

$ chmod u+x,go+r dante

$ ls -l dante

-rwxr--r-- 1 user2 staff 2 Jun 11 1:44 dante


28/68


Example 3

Set permission to readand write foreveryone:

$ chmod a=rw dante

$ ls -l dante

-rw-rw-rw- 1 user2 staff 2 Jun 11 1:44 dante


29/68


Octal(Absolute) Mode

Each permission has an octalvalue :


30/68


OctalDigits for Permission Sets


31/68


Combined Values and Permissions

Command format :

$ chmodoctal_mode filename


32/68


Example

Giveuser, group, and others readand execute access:

$ ls -l dante

-rw-rw-rw- 1 user2 staff 2 Jun 11 11:54 dante

$ chmod 555 dante

$ ls -l dante

-r-xr-xr-x 1 user2 staff 2 Jun 11 11:54 dante


33/68


Compare two Mode

Somesymbolicmodeexpressions have no equivalentexpression in absolutemode.

o Forexample, chmod u+x,g+w somefile has no parallel inabsolutemode.

Absolutemodeexpressions aresometimesmoreconcise thansymbolicmodeexpressions.

Absolutemodeexpressions aresometimesmoresuitable for

use within shell scripts that might takeinput from other

utilitiesin numeric form.


34/68


Default Permissions

Default permissions, which are automatically assigned when afile or directory iscreated.

Theinitial default permission valuespecified by thesystem for

a filecreation is 666 (rw-rw-rw-).

Theinitial default permission valuespecified by thesystem fora directory creation is 777 (rwxrwxrwx).


35/68


The umask Filter

Theumaskfiltercontrols the default permissions

assigned to newly created files and directories.

Theumaskfilteris a three-digit octal value that refers toread/write/execute permissions forowner, group, and other.

The default value ofumaskis:022


36/68


Calculating How the File Mode Creation Mask is

Applied

Write the default permissionsin theirexpanded (bitwise)form.

Write the filemodecreation maskbeneath the defaultpermissions.

Perform thebitwisesubtraction, and write down theresult.


37/68


Example 1

Default file permission r w r w r w ( 666 )

umask of 022 w w ( 022 )

Resulting file permission r w r r ( 644 )

Default dir permission r w x r w x r w x ( 777 )

umask of 022 w w ( 022 )

Resulting dir permission r w x r x r x ( 755 )


38/68


Example 2 : Important note


umask of 123 x w w x ( 123 )

Resulting file permission r w r r ( 644 )

(not543!)


umask of 123 x w w x ( 123 )

Resulting dir permission r w r x r ( 654 )


39/68


Changing the umaskValue

Command format :

umask [new_value]

( umask will be valid for current shell and subshells.)

Example :1. Verify the current umask.

$ umask

0222. Change the umask value to 027 and verify.

$ umask 027

$ umask

027


40/68


File & Dir Permission with umask = 027?


umask of 027 w r w x ( 027 )

Resulting file permission r w r ( 640 )


umask of 027 w r w x ( 027 )

Resulting dir permission r w x r x ( 750 )


41/68


Special Permissions

Three types of permission are available forexecutable filesand public directory:

Set user ID:suid

Set group ID:sgid Sticky bit


42/68


Set User ID

When suid isset on executale files, a user or process that runsthis fileis granted access based on the owner of the file (usually

root )instead of user who started the file

Thesuid permission displays as an sin the owners

executable field. If fileis not executable, lsshowscapital S

# ls l /bin/su /usr/bin/passwd

-rwsrxrx 1 root root 18452 Jul 2 2003 /bin/su

-r-s-x-x 1 root root 13476 Aug 7 2003 /usr/bin/passwd


43/68


Set User ID

Theroot user and ownercan set thesuid permission on fileusing chmod command and the octal value4000 orsymbolic

s:

#chmod 4755

#chmod u+s


44/68


Set Group ID

When sgid issimilar to suid, except that a user or process thatruns this fileis granted access based on the owners group of

the file

Thesgid permission displays as an sin the groups

executable field. If fileis not executable, lsshowscapital S

# ls l /usr/bin/slocate /usr/bin/write

-rwxr-srx 1 root slocate 9 Jul 2 2003 /usr/bin/slocate

-rwxr-srx 1 root tty 13476 Aug 7 2003 /usr/bin/write


45/68


Set Group ID

Thesgid is a useful feature forcreating shared directories:filescreated in these directoriesbelong to the group to which

the directoriesbelong

Theroot user and ownercan set thesuid permission on file

using chmod command and the octal value2000 orsymbolic

s:

#chmod 2755

#chmod g+s


46/68


Sticky Bit Permission

It protects the filesin within a public writable directory. If thedirectory has thesticky bit set, then:

Only the owner and root can delete files

Ownerstill need write permission to the directory Thesticky bit permission displays as an tin theothers

executable field. If fileis not executable, lsshowscapital T

# ls ld /tmp

drwxrwxrwt 8 root root 4096 Jul 2 2003 /tmp


47/68


chown Command

You usechown command to change the origin owner of a fileor directory to another user on thesystem

# ls l /usr/bin/slocate-rwxr-srx 1 root slocate 9 Jul 2 2003 /usr/bin/slocate

# chown minh /usr/bin/slocate

# ls l /usr/bin/slocate

-rwxr-srx 1 minh slocate 9 Jul 2 2003 /usr/bin/slocate


48/68


chgrp Command

Use thechgrp command to change the group of the files ordirectories to another group on thesystem


# chgrp instructors/usr/bin/slocate


-rwxr-srx 1 root instructors 9 Jul 2 2003 /usr/bin/slocate


49/68


Command User and Group OwnershipSimultaneously

chown command help you to change owner and group of a fileor directory simultaneously


# chown minh:instructors/usr/bin/slocate


-rwxr-srx 1 minh instructors 9 Jul 2 2003 /usr/bin/slocate


50/68


chown andchgrp Commands

You can also ownership and group recursively with Roption:

chown R

chgrp R


51/68


chattr Command

Thechattrcommand changes file attributes on an ext2 orext3filesystem. Using the different options, chattrcan markfiles

asimmutable, secure deletion, and more. Thesyntax forchattr:

chattr

To assign options, chattr uses three different options (called

opcodes):

+ Add attribute

- Remove attribute

= Assign attributes (removing unspecified

attributes)


52/68


chattr Command

The following is a list ofattributes used with chattr:

a Append only for writing. Can beset orcleared only by

a privileged userc Compressed

d No dump

i Immutable. Can beset orcleared only by a privilegeduser.

s Secure deletion; thecontents arezeroed on deletion

S Synchronous updates


53/68


lsattr Command

You can display attributes of a file areset by chattrby usingthiscommand


54/68


Access Control Lists

Access Control Lists (ACLs) provide greatercontrol over

file access permissions and providebetter filesecurity forthe file owner, group, other, specific users and specificgroups.


55/68


ACL Commands

ACLscan beset orviewed using thesecommands:

getfacl filename(s):Display ACL entries on a file(s). setfacl acl_entries: Creates ormodifies ACL entries on

files


56/68


ACL Entry Examples

u[ser]::perm Sets permissions for file owner.

g[roup]::perm Sets permissions for owners group. o[ther]:perm Sets permissions for users other than the

owner or owners group.


57/68


u[ser]:UID:perm or u[ser]:username:perm Sets

permissions for a specific user. g[roup]:GID:perm or g[roup]:groupname:perm Sets

permission for a specific group.

m[ask]:perm Sets ACL mask. Indicates themaximum

permissions allowed for all users, (except the owner) andfor all groups.


58/68


Adding ACL Permissions on a File

To add ACL permissions on a file, use thesetfacl mcommand.

#setfacl -m user:user8:6 file.txt#getfacl file.txt

# file: file.txt# owner: user1# group:classuser::rwxuser::user8:rw- #effective:r--

group::r- #effective:r--mask:rother:---


59/68


Modifying ACL Permissions on a File

#setfacl -m m:6 file.txt#getfacl file.txt

# file: file.txt

# owner: user1

# group:class

user::rwx

user::user8:rw- #effective:rw

group::r- #effective:r--

mask:rw

other:---


60/68


Determining if a File has an ACL

There are two ways to determineif a file has an ACL: By using the getfacl command By using the ls -l command

Using the ls -l command on any file with an ACL displays a

plus (+)sign at theend of the permission mode field. Forexample:#ls -l file.txt-rwxr-----+ 1 user1 class 167 Apr 18 11:13 file.tx


61/68


Deleting an ACL Entry on a File

To delete an ACL entry from a file, use thesetfacl xcommand and specify theentry type and theUID(username) or GID (groupname).

Thisexample deletes an ACL entry from file.txt:

#setfacl -x u:user8 file.txt


62/68


Replacing an Entire ACL on a File

Thisexamplesets the file owner permissions to read andwrite, group permissions to read only, and otherpermissions to none on file.txt.

#setfacl -m user::rw-,group::r--,other:---,mask:rw-,user:user8:rw- file.txt

#getfacl file.txt# file: file.txt# owner: user1# group:class

user::rwuser:user8:rw- #effective:rwgroup::r-- #effective:r--mask:rwother:---


63/68


Linking Files and Directories

Links are used to createalternate names oraliases for files anddirectories on a system

There are two kinds of links:

hardlink

symbolic link (orsoftlink)


64/68


Hard link

Used to linkfiles on thesame file system

Files that are hard linked share the same inode number (referto thesame data on disk)

Hard links arenot used to link directories and cannot cross filesystems.


65/68


Creating Link

Command Format :ln [-s]


66/68


Examle Creating Hard Link

$ln/export/home/user2/dante essay

$ls -i /export/home/user2/dante

89532 dante

$ls -i essay

89532 essay

Examle Creating Symbolic


67/68


Examle Creating SymbolicLink

$ln-s tutor.vi symlink

$ls -l symlink

lrwxrwxrwx 1 torey staff 8 May 9 symlink--->tutor.vi


68/68

Summary

Describe and explain the Linux file system directory structure Explain file system concepts

Identify and explain inodes

Utilize chown,chgrp, and other file related commands

Set user and group ID permissions

Identify and explain sticky bits Identify and explain links

lpi 101 ch13 files and directories

Documents