Transcript Unix System Admin

Files & Directories
• Objectives
– to be able to describe and use the Unix file system model and concepts
• Contents
–
–
–
–
–
–
–
directory structure
file system concepts
i-nodes
permission bits and access control
links
set user/group ID
sticky bits
• Practicals
– manipulating files and permissions
• Summary
Standard Directories
Chart Title
/
(root)
bin
user
binaries
etc
home
tmp
proc
var
process
directory
boot
dev
kernel,
boot files
sbin
usr
admin
binaries
sysconfig
henry
log
cdrom
bin
init.d
...
lock
sd
lib
xinetd.d
run
hd
net
cron.*
ftp
pts
sbin
...
spool
tty
share
sysadm
mail
...
cron
The Unix Filesystem
• Unix supports disk partitioning and slicing
– one branch of directory structure can reside on one partition or slice
– different types of filesystem can be assigned to each partition or slice
• All filesystems types follow similar model
– each filesystem on a partition (or slice) has inode table
– inode table comprises one record for each file stored within this
partition
– file is uniquely identified within the filesystem by its inode number
• Each file has an inode table entry
– inode table entry holds all attributes of a file, such as:
– file size, user, group, permissions, etc.
• Directories map names into inode numbers
– directories do not store file attributes
– a inode number can have more than one name referencing it
Long Directory Listing
# ls -al
drwxr-xr-x
drwxr-xr-x
-rw-r--r-drwxr-xr-x
2
9
1
2
hawkeye
root
hawkeye
hawkeye
users
sys
users
users
512
512
23
512
Jul
Jul
Jul
Jul
11
11
15
15
11:21
10:54
10:21
10:25
.
..
file1
dir1
Link count
Permissions
r read
w write
x execute
Type of file
- plain file
d directory
l symbolic link
Size in bytes
File user (owner)
and group
Name
Date and time of
last modification
Access Control
• Three types of user, plus super user
– User (or owner)
– Group (any user in same group)
– Other
• Three types of protection
– Read
– Write
– Execute
• Determine protection flags using:
–
–
–
–
If super user, all operations permitted
If user, use user protection flags
If same group, use group protection flags
Otherwise use other protection flags
File & Directory Protection
• File protection
r - read file
w - write file (does not imply read)
x - execute file (program or shell script)
• Directory protection
r - can read directory list (does not imply access to files)
w - can write to directory (create, rename & delete files)
x - can search directory (pass through and access files)
• To create a file you need:
--x
-wx
permission on all directories in the pathname
permission on the last directory in the pathname
• To read a file you need:
--x
r--
permission on all directories in the pathname
permission on the file
• To write into a file you need:
--x
-w-
permission on all directories in the pathname
permission on the file
File Manipulation Permissions
• File manipulation permissions define ability to write
into a directory, ie executing cp, rm, mv, mkdir, rmdir
• To write into a directory you need:
- -x permission on all directories in the pathname
-wx permission on the last directory in the pathname
• You do not need access to the contents of the file itself
• You do not need to be the file owner!
• The rm and mv commands try to be helpful
– they will prompt you to confirm the operation for those files for which
you do not have write access
$ rm mypass
mypass mode 444?
# type y or n
– The -f (force) option on both commands suppresses this prompt
$ rm -f mypass
# done
Exercise - Using File Protection
$ id -a
uid=318(hawkeye) gid=300(users) groups=100(staff),300(users)
$ ls -ld . file* /etc/passwd /etc/shadow /etc
drwxr-xr-x
2 trapper users 512
Jul 11 11:21 .
-rw-rw-r-1 trapper staff 23
Jul 15 10:21 file1
-rw-r----1 trapper mash
41
Jul 15 10:21 file2
-rw-rw-rw1 hawkeye mash
41
Jul 15 10:21 file3
-r--r--r-1 root
root
132 Jan 01 9:30 /etc/passwd
-r-------1 root
shadow 96
Jan 01 9:30 /etc/shadow
drwxr-xr x 72 root
root 4096 Jan 01 9:30 /etc
• Which of the following operations are permitted?
$
$
$
$
$
more file1
more file2
ls -l >file1
more /etc/passwd
more /etc/shadow
$
$
$
$
$
rm
rm
cp
rm
rm
file2
file3
file1 file4
/etc/passwd
/etc/shadow
Set User & Group Ids
• Programs normally executed with the permissions of
the user running the program
– a child process inherits is UID and GID from the parent
• Using set user or set group id allows a program to run
with the ownership of the program's file
– the child process runs with the UID and GID of the file
• Used to give users access to files and programs which
would otherwise be restricted
# ls -l /etc/shadow /usr/bin/passwd
-r-------- 1 root shadow
473 Dec 25 09:30 /etc/shadow
-r-sr-xr-x 1 root root
18888 Jan 9 1992 /usr/bin/passwd
The Sticky Bit
• Files can have a sticky bit
– originally used to lock executables into memory
– no longer used for this purpose with modern memory paging Unix
• Shared directories should have the sticky bit set
– only the owner can delete files from sticky directories
– owner still needs write permission to the directory
$ ls -al /tmp
drwxrwxrwt 1 root
sys
1024 Dec 25 09:30 .
drwxr-xr-x 1 root
sys
512 Dec 25 09:30 ..
-rwxr--r-- 1 trapper users 188 Dec 25 09:30 ukulele
$ rm -f /tmp/ukulele
rm: /tmp/ukulele: permission denied
File Permission Commands
• Change ownership, group
chown [-R] user files...
chgrp [-R] group files...
# chown root /usr/bin/passwd
# chgrp sys /usr/bin/passwd
# chown -R user12 /home/user12
• Change permissions
chmod [-R] perms files...
perms can be symbolic of form [oug][+=-][rwxst]
# chmod ugo=rwx /tmp
# chmod +t /tmp
# chmod ug+s /usr/bin/passwd
perms can be octal digits
# chmod 1777 /tmp
# chmod -R 664 /project/bin
Links
• The ln command creates a link to a file
ln [-snf] file target
– create a new link called target to an existing file
-s
symbolic or soft link
-n
don't overwrite existing filename
-f
force overwrite of existing filename (default)
• Remove links with rm
– if symbolic link removes link not actual file
– a file is deleted when the last hard link is removed
• Symbolic links
– the link file holds the name of the real file
– transparent to all commands except ls and rm
• Hard links:
– must be within a filesystem
– only root can link to directories
Using Links
• Links used to save space or allow files to be known by
multiple names
• Consider files of sales data where each doctor puts
their monthly figures in a separate file
• Using links we can organise the files in different ways:
– by doctor
– by month
operations
hawkeye
hp5101
trapper
tm5101
hp5102
data
tm5102
5101
hp5103
5102
5103
tm5103
Looking at links
• Use ls command to look at links
-i
-l
-L
include inode number in listing
show symbolic link names and inode link count
traverse (hide) symbolic links (follow symbolic link to original file)
$ touch nurse1
$ ln nurse1 nurse2
$ ln -s nurse1 nurse3
$ ls -il nurse[1-3]
62 -rw-r--r-2 hawkeye
62 -rw-r--r-2 hawkeye
63 lrwxrwxrwx
1 hawkeye
$ ls -ilL nurse3
62 -rw-r--r-2 hawkeye
users
users
users
224 Jul 18 09:41
224 Jul 18 09:41
6 Jul 18 09:41
nurse1
nurse2
nurse3 -> nurse1
users
224 Jul 18 09:41
nurse3
Summary
• The Unix file system is a hierarchical tree
structure with a single root node
• Underlying disk layout is hidden from the
casual user
• Files on a disk are identified by a unique
number called the i-node number
• Directories map names onto i-node
numbers which permits file links (more than
one name for a file)
• Access to all aspects of the system is
controlled through the file permissions
• Unix has a standard directory structure
used by most systems