Understanding File Listings, Ownership, and Permissions

Files and Directory Types 1.Normal Files - contain data or executables 2.Directories (Directory files) oare special instance of normal files olist the locations of other files, or other directories
1.Hard Links and Symbolic Links -Symbolic links (also called symlinks or softlinks) most resemble Windows shortcuts or aliases on the Mac. they contain a pathname to a target file.

osymbolic links points to another file by its name. oallows symbolic links to point to files located on other partitions, even other network drives. -Hard links are a bit different. They are listings that contain information about the file. Linux files
don't actually live in directories. They are assigned an inode number, which Linux uses to locate files. So a file can have multiple hardlinks, appearing in multiple directories, but isn't deleted until there are no remaining hardlinks to it.

oevery file in the linux file system gets its own i-node oi-node keeps track of a files attributes and its location on the disk. ois used to refer to a single file using two separate filenames. oHard link will have same i-node as the original file and will therefore look and behave just like the original. oReference count is incremented for every hand link created. It is also decremented when hard link is removed. Note: Hard link cannot exist between two files on separate partitions. This is because, a files i-node may differ among file systems.
-Here are some other differences between hardlinks and symlinks:

1. You cannot create a hardlink for a directory. 2. If you remove the original file of a hardlink, the link will still show you the content of the file. 3. A symlink can link to a directory. 4. A symlink, like a Windows shortcut, becomes useless when you remove the original file.

-The ln Command: oln command lets you establish hard links and soft links, using the general format:

$ ln <original_file> <new_file> ouse the s option to create symbolic links Example1: Hard link
$ ln FileA FileB

Then use the "i" argument to list the inodes for both FileA and its hardlink. Type:

$ ls -il FileA FileB

This is what you get:

1482256 -rw-r--r-1482256 -rw-r--r--

2 bruno bruno 2 bruno bruno

21 May 5 15:55 FileA 21 May 5 15:55 FileB

You can see that both FileA and FileB have the same inode number (1482256). Also both files have the same file permissions and the same size. Because that size is reported for the same inode, it does not consume any extra space on your HD!

Example2: Symbolic links (Soft link)

$ ln -s FileB FileC

Then use the i argument again to list the inodes.

$ ls -il FileB FileC

This is what you'll get:

1482256 -rw-r--r-1482226 lrwxrwxrwx

1 bruno bruno 1 bruno bruno

21 May 5 15:55 FileB 5 May 5 16:22 FileC -> FileB

You'll notice the i-nodes are different and the symlink got a "l" before the rwxrwxrwx. The link has different permissions than the original file because it is just a symbolic link. Its real

content is just a string pointing to the original file. The size of the symlink (5) is the size of its string. (The "-> FileB" at the end shows you where the link points to.)

Note: But the symlink is obsolete because when original file was removed, the symlink
remains.

Block Devices -are files used to interface with devices such as disk. -Block devices (ex. Hard disk) communicate with the actual devices in large blocks. -Block device file has three identifying traits oMajor number identifies the represented device driver. oMinor number is a parameter passed to the device driver telling it which device it is accessing. Note that, there can be two or more devices with same device driver. Example: two serial ports have same device driver (same major number), but each will have unique minor number. oShows b as the first character of the permission field $ ls l /dev/hda Character Devices -are special files that allow you to access devices through the file system. -Character devices (ex. modem) communicate with the actual devices one character at a time. -Character device permissions start with a letter c , and the file has a major and minor numbers. $ ls l /dev/ttys0 Named Pipes http://www.linuxjournal.com/article/2156 -The symbol | - is an unnamed pipe. The pipe exists only inside the kernel and cannot be accessed by processes that created it, in this case, the bash shell. -The other sort of pipe is a named pipe, which is sometimes called a FIFO. FIFO stands for First In, First Out and refers to the property that the order of bytes going in is the same coming out. The name of a named pipe is actually a file name within the file system. The first character of named

pipes permissions is a letter p. Pipes are shown by ls as any other file with a couple of differences:
$ ls -l fifo1 prw-r--r-1 andy users 0 Jan 22 23:11 fifo1|

-Named pipes are special type of file that allows for interprocess communication. -On older Linux systems, named pipes are created by the mknod program, usually located in the /etc directory. The mknod command to create a named pipe file that one process can open for reading and another process can open for writing, thus allowing the two to communicate with one another. On more modern systems, mkfifo is a standard utility. The mkfifo program takes one or more file names as arguments for this task and creates pipes with those names. -For example, to create a named pipe with the name pipe1 give the command:
$ mkfifo pipe1

The simplest way to show how named pipes work is with an example. Suppose we've created pipe as shown above. In one virtual console1, type:
$ ls -l > pipe1

and in another virtual console2 type:

$ cat < pipe

The output of the command run on the first console shows up on the second console. Note that the order in which you run the commands doesn't matter. Note: If you watch closely, you'll notice that the first command you run appears to hang. This happens because the other end of the pipe is not yet connected, and so the kernel suspends the first process until the second process opens the pipe. In Unix jargon, the process is said to be blocked, since it is waiting for something to happen. -Example 2 : One very useful application of named pipes is to allow totally unrelated programs to communicate with each other. For example, a program that services requests of some sort (print files, access a database) could open the pipe for reading. Then, another process could make a request by opening the pipe and writing a command. That is, the server can perform a task on behalf of the client. Blocking can also happen if the client isn't writing, or the server isn't reading. Pipe Madness: create two named pipes, pipe1 and pipe2. Then run the commands:
$ echo -n x | cat - pipe1 > pipe2 & cat < pipe2 > pipe1

Note1: On screen, it will not appear that anything is happening, but if you run top (a command similar to ps for showing process status), you'll see that both cat programs are running like crazy copying the letter x back and forth in an endless loop. Note2: After you press ctrl-C to get out of the loop, you may receive the message broken pipe. This error occurs when a process writing to a pipe when the process reading the pipe

closes its end. Since the reader is gone, the data has no place to go. Normally, the writer will finish writing its data and close the pipe. At this point, the reader sees the EOF (end of file) and executes the request. Listing Files ls is used to lists files and subdirectories in the directory. $ ls l <filename>
drwxrwxr-x -rw-r-rdrwxr-xr-x -rw-r-r2 1 3 1 tclark tclark tclark tclark authors tclark tclark authors 4096 120 4096 0 Jan Aug Aug Jan 27 24 12 27 10:17 06:44 2002 00:22 examples .gtkrc .kde example.fil

First Column = permission (if first character ( - ) means normal files, ( d ) means
directory, and ( l ) means symbolic links, ( b ) block device, ( c ) character device, and ( p ) means named pipes ). oR (read) = 4 oW (write) = 2 oX (execute) = 1

Change Ownership : chown -allows you to change the ownership of a file to someone else. -Only root user can do this. $ chown [-R] <username> <filename> Change Group : chgrp -allows you to change the group setting of a file. $ chgrp [-R] <groupname> <filename>

(-R option applies when the specified filename is a directory name)

(-R option applies when the specified filename is a directory name)

Note: -R tells the command to recursively descend through the directory tree and apply the new ownership.

Shortcut method:

$ chown [-R] <username.groupname> <filename>

Change Mode : chmod -by default, permissions are set for the owner of the file, the group associated with the file, and everyone else who can access the file (also known as Owner, Group, Other). -Octal method of assigning permissions: $ chmod 755 foo.txt Rwx = 4 2 1 = 7 RWX 4 1 = 5 R-X 4- - =4 R -Symbolic method of assigning permissions: ou-user/owner og-group owner oo-others opermission: +/- rwx $ chmod ug+x,o-rwx foo.txt Note: + (add permission), - (subtract a permission bit), = (can be used instead of + / -).

MANAGING USERS

Linux Users -under Linux system, every file and programs must be owned by a user. -User oHave unique identifier called a user ID (UID) oMust belong to at least one group. oMay belong to multiple group. -Group oA collection of users established by the system administrator oHave unique identifier called group ID (GID) -accessibility of a file and program is based on its UIDs and GIDs. -A running program inherits the rights and permissions of the user who invokes it. Exception to this rule are files with SetUID and SetGID. -Normal users can access only what they own or have given permissions. -Root user is allowed to access all files and programs in the system. /etc/passwd file -stores the users login, encrypted password entry, default GID, name (GECOS), home directory, and login shell. -Fields of this file is shown below: yyang : * : 500 : 500 : Ying Yang : /home/yyang : /bin/bash oyyang username or login field or account field o* password field, contains encrypted password password is encrypted using AT&T DES o500 UID field A unique number that the OS and other applications use to identify the user and determine access privileges. 0 for root , 99-Fedora/RHEL or 655534-SUSE for nobody. o500 GID field Numerical equivalent of the primary group that the user belong to. Note: user can belong to other groups found in /etc/group file. oYing Yang GECOS (General Electric Comprehensive Operating System), optional and can be leave blank. This field can store various pieces of information for a user like user description, full name, telephone number, and so on.

o/home/yyang User home directory, allows user to work in a customized environment. Can store startup scripts, like : .bashrc/.profile file ( similar to windows autoexec.bat in MS Windows) .tcshrc/.login file (configuration files for tcsh) .xinitrc (this scripts overrides the default scripts that gets called when you log into X Window System). .Xdefault (contains defaults that you can specify for X Windows System applications) When a users account created, a set of default dot files are also created for the used to help get the user started. The default files are stored under the /etc/skel directory. /root (home directory for linux root) while / is root home directory for UNIX/Solaris systems o/bin/bash Shell field is equivalent to command.com, program manager, or Windows Explorer in Windows. Bourne Again Shell (bash) is the default. /etc/shells list several shells to chose from. /etc/shadow file -is the encrypted password file, it also stores optional password aging or expiration information. -This file came out because of the need to separate encrypted password from the /etc/passwd file. -Readable only to the root and other privileged programs that require access to that information. Note: only /etc/passwd file is readable to all users. -Its fields are: oLogin name oEncrypted password oDays since January 1, 1970, that password was last changed. oDays before password may be changed. oDays after which password must be changed oDays before password is to expire that user is warned oDays after password expires that account is disabled oDays since January 1, 1970, that account is disabled oReserved field /etc/group file -contains a list of groups, with one group per line. -Each users on the system belongs to at least one group. -Group ID (GID) should be unique for each group. -Field includes: oGroup name oGroup password optional, but if set it allows users who are not part of the group to join the group.

oGID oGroup members each member is separated by comma (,) User Management Tools *Command-Line User Management 1.useradd allows you to add a single user to the system. useradd [-u uid] [-o] [-g group] [-G group1,] [-d home] [-s shell] [-c comment] [-m [-k template]] [-f inactive] [-e expire] [-p password] [-M] [-n] [-r] name Options
-c comment -e expire-date -f inactive-time -m [-k skel-dir] -M -n -u uid

Descriptions
allows you to set name in the GECOS field (ex. c Ying Yang ) Expire date format YYYY MM DD (ex. e 2009 10 28) Specifies the number of days after a password expires that the account is still useable, default is -1(this value will never allows the account to be disabled, even if the password expired). A value of 0 indicates that the account is disabled immediately. By default, the system automatically creates the users home directory. This option explicitly create the users home directory. Ex. m k /etc/adminskel Tells the command not to create the users home directory. This option cannot be used with m option. Tells Red Hat not to create a new group with the same name as the new users login. Specifies the users uid. By default, the program will automatically find the next available UID and use it.

2.usermod allows you to modify an existing user in the system. usermod [-u uid] [-o] [-g group] [-G group1,] [-d home] [-s shell] [-c comment] [-l new_name] [-f inactive] [-e expire] [-p password] [-L] [-U] name Note: Changing the UID while user is logged in or running processes will cause unpredictable results. And -l option allows you to change the users login name. 3.userdel it remove existing users. userdel [-r] username

4.groupadd adds a group to the /etc/group file. groupadd [-g gid] [-o] [-r] [-f] group Options
-g gid

Descriptions
GID must be unique, unless the o option is used. By deault, it is automatically the first available value

-r -f

greater or equal to 500. This option tell groupadd that the group being added is a system group and should have the first available GID less than 499. Tells groupadd to exit without an error when the group already exist, and the existing group wont altered.

Note: Changing group information does not cause user information to be automatically changed. 5.groupdel remove existing group groupdel group 6.groupmod modify the parameters of an existing group. groupmod [-g gid [-o]] [-n new_group] group *GUI User Managers 1.redhat-config-users (for RHEL) and yast2 users (for SUSE)

SetUID and SetGID Programs -Normally, when a program is run by a user, it inherits all of the rights that the user has. -Permission of user who run the program can be different that the permissions of th user who owns the program file (usually called the binary). -SetUID can be used to allow users to run a program with permissions from the programs owner, not the permission of the user who run it. -SetGID works the same as SetUID. -Use chmod command to enable the SetUID bit (prefix the permission value with 4) or the SetGID bit (prefix the permission value with 2). Example: # chmod 4755 /bin/ls