Part I: Introduction
Download
Report
Transcript Part I: Introduction
Files
Files are central to UNIX
Commands
System privileges and permission control
Device I/O
Inter-process communication
1
File ownership
File Ownership
User owner
Group owner
The group owner is independent of user owner
Example: Displaying file ownership “ls –l”
drwxrwxr-x
drwxr-xr-x
-rw-r-----
2 pop
9 pop
1 john
403
csdept
csdept
512 Sep 24 11:47 acm
1024 Oct 13 15:54 acm.contest
261 Mar 11 1999 address
2
More about file ownership
Who owns new files?
Owner is the one who create it
Group owner
On System V, current group of the user
On BSD-based systems, the group owner of the
directory
Changing file ownership
Use chown , chgrp
Traditional System V, both superuser and user
owner are allowed
POSIX-compliant SystemV and BSD, only
superuser can change
3
More about file ownership
More about changing file ownership
Use recursive option –R
#chown –R harvey /home/xyz
Use find command
# find /home/xyz –print | xargs chown test
Change owner and group using chown
#chown new-owner:new-group files
Change group owner
#chgrp newgroup file
BSD: non-root users of chgrp must be
The owner of the file and
A member of the new group to change
4
File permission
File Access Types
Access
Meaning on File
Meaning on Directory
r
View file
contents.
Search directory contents (e.g. use ls, ls *.txt).
w
Alter file
contents.
Alter directory contents ( e.g. delete files in it).
x
Run executable
file
Make it your current directory (cd to it)
Access classes
User access (u)
Group access (g)
Other access (o)
Example
-rw-rw-r--
5
File permission
Setting file protection
chmod accessstring_list files
Access string has three parts:
Access_classes operator access_type
Access classes u, g, o, a
Operator: +, -, =
Access type: any combination of r,w,x
For example:
#chmod g+w testfile
Recursive option: -R
#chmod –R go-rwx /home/xyz
Read the mannual of chmod for more options
6
File permission
Specifying numeric file modes
Example: r-xr—r– is 544
Specifying the default file mode
umask
Specify the inhibited access permission with a
three digit numeric mode.
Example: if umask is 077
077 is 000 111 111
No r,w,x for group and others. Possible rwx for
owners.
7
CASE STUDY
New employee Sandy joined the
department and needs to share the access
to some files owned by John.
Possible ways:
1.
2.
Copy all the files from John to Sandy
Make all the files permission 777.
3.
8
File
Special Purpose Access Modes
Code
Name
Meaning
t
Sticky bit
Keep executable in memory after
exit
s
SUID
Set process user ID on execution
s
SGID
Set process group ID on execution
l
File locking
Set mandatory file locking on
read/writes.
9
File
Sticky bit on directories
If set, a user can only delete files that she owns or she
has explicit write permission.
Example: /tmp
[ruihong@dafinn ~]$ ls -ld /tmp
drwxrwxrwt
27 root
root
4096 Jan 13 14:58 /tmp
Set it with User access class
#chmod u+t /tmp
Setgid access on directories
Files created in this directory will have the same group
ownership as the directory itself.
Example: when groups of users need to share a lot of
files, with s bit, correct group ownership will be set for
new files.
#chmod g+s files
10
Files
Numerical equivalents for special access
modes
Additional octal digit is prepended to the mode
Setuid, setgid, sticky bit
Chmod u+s
Chmod g+s
Chmod o+s
Example
4755: setuid
6755 : setuid and setgid
1777: stick bit
11
File
How to recognize a File access problem
File ownership or protection problem
If root can do it, then …
Example
The temporary files with the same name created by a
different users still exist
Application switched the group ownership behind the
scene.
A administrator decided to protect /dev/null, which
caused some editor stopping working.
12
inode
Mapping Files to Disks - inode
Data structure
Created when initialize the disk –
Max number
Information stored
Typically, one inode for every 2 –
8Kbytes file storage
User owner and group owner
ID’s.
File type
Access modes
File creation, access and
modification times
Inode modification time
Number of Links to the file
Size of the file
Disk addresses
specifying/leading to
No file name in inode,
Where is file name stored?
Where is the mapping between
name and inode?
13
File
File Types
Regular files
Directories
A directory is a binary file.
Directory entries are filename-inode pairs
Special files
Two types of special files
Character special files
Block special files
Located under /dev
Links
Several filenames to refer to a single file on disk
Hardlink and softlinks
14
File
More file types
Unix domain sockets
Communication connection points
Printing system
Syslog (/dev/log)
Named pipes
Also known as FIFO
Communication between programs
Commonly used to avoid writing temporary files
like regular pipe
15
File
Using “ls –l “to identify file types
d
l
b
c
s
p
Plain file (hard link)
Directory
Symbolic link
Block specific file
Character special file
socket
Named pipe
16
File
Example:
Show file types with -l
[ruihong@dafinn
brw-rw---1
srw-rw-rw1
-rw------2
-rw------2
lrwxrwxrwx
1
drwx-----2
Show types with -F
[ruihong@dafinn
brw-rw---1
srw-rw-rw1
-rw------2
-rw------2
lrwxrwxrwx
1
drwx-----2
filetypes]$ ls -ld * /dev/log /dev/hda1
root
disk
3,
1 Sep 15 2003
root
root
0 Nov 30 10:08
ruihong csdept
0 Jan 4 09:43
ruihong csdept
0 Jan 4 09:43
ruihong csdept
8 Jan 4 09:43
ruihong csdept
512 Jan 4 09:48
filetypes]$ ls -ldF * /dev/log /dev/hda1
root
disk
3,
1 Sep 15 2003 /dev/hda1
root
root
0 Nov 30 10:08 /dev/log=
ruihong csdept
0 Jan 4 09:43 gold.dat
ruihong csdept
0 Jan 4 09:43 hlink
ruihong csdept
8 Jan 4 09:43 slink -> gold.dat
ruihong csdept
512 Jan 4 09:48 testdir/
Show hard link –i
[ruihong@dafinn filetypes]$ ls -ldFi *
2624881 -rw------2 ruihong csdept
2624881 -rw------2 ruihong csdept
2624882 lrwxrwxrwx
1 ruihong csdept
2675566 drwx-----2 ruihong csdept
/dev/hda1
/dev/log
gold.dat
hlink
slink -> gold.dat
testdir
0
0
8
512
Jan
Jan
Jan
Jan
4
4
4
4
09:43
09:43
09:43
09:48
gold.dat
hlink
slink -> gold.dat
testdir/
Check file type using file command, which uses
/etc/magic or /usr/share/file/magic
[ruihong@dafinn filetypes]$ file /etc/passwd /bin/ls /dev/log /dev/hda1
/etc/passwd: ASCII text
/bin/ls:
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, dynamically linked (uses
shared libs), stripped
/dev/log:
socket
/dev/hda1:
block special (3/1)
17
Files and processes
The Relationship between commands and files
Build-in shell commands
Executable files
Search path
$PATH
$echo $PATH
/usr/bin:/usr/ucb:/bin:/usr/local/bin:.:/$HOME/bin
The order is important in $PATH
Edit $HOME/.profile or $HOME/.login
Check $PATH for error message “Command not found”
Most administrative utilities are located under /etc,
/usr/sbin, /sbin
18
Devices
Allow device I/O operations to look just like file I/O
CASE study
A junior SA was asked to backup all the files under /apg to
a tape
The correct tape device name was /dev/rmt2
The backup command should look like
#tar cvf /apg /dev/rmt2
Well, the SA typed the command with a typo
#tar cvf /apg /dev/rnt2
What will happen?
Will the command error out because of the wrong tape?
Will the command finish without error? Where did the stuff go?
As a matter of fact, in the middle of the backup, users
started to get errors saying / was full.
Warning: Better to check the tape by reading it after the
backup finish.
19
Devices
Example: disk drives
Disk partitions
Root partition/system disk
Disk special files (partitions, modes)
Mounting a disk partition (filesystem) into the
Unix directory hierarchy
Mount /dev/disk0a
/home
20
Devices: Naming conventions
On HP-UX,
/dev/rdsk/c2t4d0s0
Where
c2: the controller number
t4: driver number on the controller
d0: logical unit number for SCSI devices
Will be 0 only if more than one disk per target, say
storage array.
S0: partition number on that drive
21
Devices: Naming conventions
Solaris Device Naming Conventions
Referenced in three ways
Physical device name - /devices
Instance name /etc/path_to_inst
Logical device name - /dev (links to /devices)
Linux Device Naming
Default is device type plus an incrementing value based
on the order in which devices are found
Ethernet devices: eth0, eth1
SCSI and Serial ATA disks: /dev/sda, dev/sdb
IDE devices: /dev/hda, /dev/hdb
Linux 2.6 kernels and “udev” tool enable administrators
to assign arbitrary names to devices
22
Devices: Naming conventions
Example: Special files for Other devices
Special file form
Example
Device/Use
/dev/[r]fdn*
/dev/fd0
Floppy disk
/dev/rmtn
/dev/rmt1
Tape devices
/dev/nrmtn
/dev/nrmt1
Non rewind tape device
/dev/cdrom
/dev/ttyn
/dev/ttySn
Cdrom device
/dev/tty1
/dev/ttyS1
Virtual terminal console
Serial line (hardwired terminal/modem)
/dev/console
Console device
/dev/kmem
Map of kernel virtual memory
/dev/swap
Swap device
/dev/null
Null devices.
23
Devices
List the devices on a system
HP-UX: ioscan
Tru64 UNIX: hwmgr
Linux:
List pci devices “lspci”
List SCSI devices “scsiinfo –l”
List hard disk parameters “ hdparm”
Solaris:
Print system configuration: prtconf
Lists devices: getdev
24
The
Unix
Filesystem
Layout
Common directories
/
/bin
Executables for user commands and utilities.
Some files are links to file under /usr/bin
/dev
Root directory
Device directory, may includes sub-dirs such as dsk, mnt, pts,
etc.
/etc and /sbin
System configuration files and executables
Boot scripts
/etc/default
hold default parameter values for various commands
/home or /usr/users
/lost+found
Files marked as in use on disk, but not listed in any directory
– found by fsck
There is a lost+found on every disk partition
25
The
Unix
Filesystem
Layout
More about common directories
/mnt
/proc
Available to all users as a scratch directory.
Normally, one of the UNIX startup script will clear /tmp.
/usr
Designed to enable processes to be manipulated using UNIX
file accessing system calls.
Linux puts more files about system configuration
/tmp
Temporary mount directory
Subdirs for programs, share libraries, administrative
commands
/var
Spooling and other volatile directories.
Print spooling, mail system, cron facility
Optional softwares
Log files
/stand on HP – kernel image
/kernel on Solaris – kernel image
26
The Unix Filesystem Layout
The /usr directory
/usr/bin
/usr/include
Include files *.h, C-language header files
Operating system include file /usr/include/sys
/usr/lib
Command binary files and shell scripts
X system: /usr/bin/X11
Standard C libraries for mathematics and I/O
/usr/local
By convention, /usr/local/bin holds file that were
developed locally or retrieved from other sources.
27
The Unix Filesystem Layout
More about /usr directory
/usr/share
/usr/share/man
Shared among a group of networked systems for
static data files, …
Manual pages
Subdir /usr/share/man/man# for every man section
/usr/ucb
Contains standard UNIX commands originally
developed under BSD.
28
Filesystem mounting/unmounting
Mount a file system to the point of tree
Umount
#mount /dev/sda4 /users
#umount /users
Check what process hold references
#fuser –c /users
29
Access Control List
Traditional UNIX 9bit permission
Windows has a much more complicated
way – Access control lists
POSIX started ACL for Unix
Extension to support multiple user/groups
NSFv4 ACL
A union of all (UNIX + Windows) ACLs
30
ACL in Linux
Entries:
User::perms
User:username:perms
Group::perm
Group:groupname:perm
Other::perms
Mask::perms
Implemented at the file system level
Disabled by default
Enable by mounting as –o acl
Try to match the single most appropriate entry
Set/Get access control list – setfacl,getfacl
31
Example: grant write to a user
$ ls –l
-rw-r--r-- 1 test test 0 Sep 21 14:57 file
$ setfacl -m user:ruihong:w file
$ ls -l file
-rw-rw-r--+ 1 test test 0 Sep 21 14:57 file
$ getfacl file
# file: file
# owner: test
# group: test
user::rwuser:ruihong:-wgroup::r-mask::rwother::r--
32
NFSv4
Linux does not support it
Can map POSIX acl to NFSv4 acl
Solaris does support it
See the textbook for more info
33