Upload
amberlynn-carson
View
218
Download
0
Embed Size (px)
Citation preview
1
Files Files are central to UNIX
Commands System privileges and permission control Device I/O Inter-process communication
2
File ownership File Ownership
User owner Group owner
The group owner is independent of user owner Example: Displaying file ownership “ls –l”
drwxrwxr-x 2 pop 403 512 Sep 24 11:47 acm
drwxr-xr-x 9 pop csdept 1024 Oct 13 15:54 acm.contest
-rw-r----- 1 john csdept 261 Mar 11 1999 address
3
More about file ownership Who owns new files?
Owner is the one who create it Group owner
On System V, current group of the user On BSD-based systems, the group owner of the
directory
Changing file ownership Use chown , chgrp
Traditional System V, both superuser and user owner are allowed
POSIX-compliant SystemV and BSD, only superuser can change
4
More about file ownership More about changing file ownership
Use recursive option –R#chown –R harvey /home/xyz
Use find command# find /home/xyz –print | xargs chown test
Change owner and group using chown#chown new-owner:new-group files
Change group owner#chgrp newgroup file
BSD: non-root users of chgrp must be The owner of the file and A member of the new group to change
5
File permission File Access Types
Access classes User access (u) Group access (g) Other access (o)
Example -rw-rw-r--
Access Meaning on File Meaning on Directory
r View file contents.
Search directory contents (e.g. use ls, ls *.txt).
w Alter file contents.
Alter directory contents ( e.g. delete files in it).
x Run executable file
Make it your current directory (cd to it)
6
File permission Setting file protection
chmod accessstring_list files Access string has three parts:
Access_classes operator access_type Access classes u, g, o, a Operator: +, -, = Access type: any combination of r,w,x
For example: #chmod g+w testfile
Recursive option: -R #chmod –R go-rwx /home/xyz
Read the mannual of chmod for more options
7
File permission Specifying numeric file modes
Example: r-xr—r– is 544 Specifying the default file mode
umask Specify the inhibited access permission with a
three digit numeric mode. Example: if umask is 077
077 is 000 111 111 No r,w,x for group and others. Possible rwx for
owners.
8
CASE STUDY New employee Sandy joined the
department and needs to share the access to some files owned by John.
Possible ways:1. Copy all the files from John to Sandy2. Make all the files permission 777. 3.
9
File Special Purpose Access Modes
Code Name Meaning
t Sticky bit Keep executable in memory after exit
s SUID Set process user ID on execution
s SGID Set process group ID on execution
l File locking Set mandatory file locking on read/writes.
10
File Sticky bit on directories
If set, a user can only delete files that she owns or she has explicit write permission.
Example: /tmp[ruihong@dafinn ~]$ ls -ld /tmpdrwxrwxrwt 27 root root 4096 Jan 13 14:58 /tmp
Set it with User access class #chmod u+t /tmp
Setgid access on directories Files created in this directory will have the same group
ownership as the directory itself. Example: when groups of users need to share a lot of
files, with s bit, correct group ownership will be set for new files.
#chmod g+s files
11
Files Numerical equivalents for special access
modes Additional octal digit is prepended to the mode
Setuid, setgid, sticky bit Chmod u+s Chmod g+s Chmod o+s
Example 4755: setuid 6755 : setuid and setgid 1777: stick bit
12
File How to recognize a File access problem
File ownership or protection problem If root can do it, then …
Example The temporary files with the same name created by a
different users still exist Application switched the group ownership behind the
scene. A administrator decided to protect /dev/null, which
caused some editor stopping working.
13
inode Mapping Files to Disks - inode
Data structure Created when initialize the disk –
Max number Typically, one inode for every 2 –
8Kbytes file storage Information stored
User owner and group owner ID’s.
File type Access modes File creation, access and
modification times Inode modification time Number of Links to the file Size of the file Disk addresses
specifying/leading to No file name in inode,
Where is file name stored? Where is the mapping between name and inode?
14
File File Types
Regular files Directories
A directory is a binary file. Directory entries are filename-inode pairs
Special files Two types of special files
Character special files Block special files
Located under /dev Links
Several filenames to refer to a single file on disk Hardlink and softlinks
15
File More file types
Unix domain sockets Communication connection points
Printing system Syslog (/dev/log)
Named pipes Also known as FIFO Communication between programs Commonly used to avoid writing temporary files like regular pipe
16
File Using “ls –l “to identify file types
- Plain file (hard link) d Directory l Symbolic link b Block specific file c Character special file s socket p Named pipe
17
File Example:
Show file types with -l[ruihong@dafinn filetypes]$ ls -ld * /dev/log /dev/hda1brw-rw---- 1 root disk 3, 1 Sep 15 2003 /dev/hda1srw-rw-rw- 1 root root 0 Nov 30 10:08 /dev/log-rw------- 2 ruihong csdept 0 Jan 4 09:43 gold.dat-rw------- 2 ruihong csdept 0 Jan 4 09:43 hlinklrwxrwxrwx 1 ruihong csdept 8 Jan 4 09:43 slink -> gold.datdrwx------ 2 ruihong csdept 512 Jan 4 09:48 testdir
Show types with -F[ruihong@dafinn filetypes]$ ls -ldF * /dev/log /dev/hda1brw-rw---- 1 root disk 3, 1 Sep 15 2003 /dev/hda1srw-rw-rw- 1 root root 0 Nov 30 10:08 /dev/log=-rw------- 2 ruihong csdept 0 Jan 4 09:43 gold.dat-rw------- 2 ruihong csdept 0 Jan 4 09:43 hlinklrwxrwxrwx 1 ruihong csdept 8 Jan 4 09:43 slink -> gold.datdrwx------ 2 ruihong csdept 512 Jan 4 09:48 testdir/
Show hard link –i[ruihong@dafinn filetypes]$ ls -ldFi *2624881 -rw------- 2 ruihong csdept 0 Jan 4 09:43 gold.dat2624881 -rw------- 2 ruihong csdept 0 Jan 4 09:43 hlink2624882 lrwxrwxrwx 1 ruihong csdept 8 Jan 4 09:43 slink -> gold.dat2675566 drwx------ 2 ruihong csdept 512 Jan 4 09:48 testdir/
Check file type using file command, which uses /etc/magic or /usr/share/file/magic
[ruihong@dafinn filetypes]$ file /etc/passwd /bin/ls /dev/log /dev/hda1/etc/passwd: ASCII text/bin/ls: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.5, dynamically linked (uses shared libs),
stripped/dev/log: socket/dev/hda1: block special (3/1)
18
Files and processes The Relationship between commands and files
Build-in shell commands Executable files
Search path $PATH
$echo $PATH/usr/bin:/usr/ucb:/bin:/usr/local/bin:.:/$HOME/bin
The order is important in $PATH Edit $HOME/.profile or $HOME/.login Check $PATH for error message “Command not found” Most administrative utilities are located under /etc,
/usr/sbin, /sbin
19
Devices Allow device I/O operations to look just like file I/O CASE study
A junior SA was asked to backup all the files under /apg to a tape
The correct tape device name was /dev/rmt2 The backup command should look like
#tar cvf /apg /dev/rmt2 Well, the SA typed the command with a typo
#tar cvf /apg /dev/rnt2 What will happen?
Will the command error out because of the wrong tape? Will the command finish without error? Where did the stuff go?
As a matter of fact, in the middle of the backup, users started to get errors saying / was full.
Warning: Better to check the tape by reading it after the backup finish.
20
Devices Example: disk drives
Disk partitions Root partition/system disk Disk special files (partitions, modes) Mounting a disk partition (filesystem) into the
Unix directory hierarchy Mount /dev/disk0a /home
21
Devices: Naming conventions On HP-UX,
/dev/rdsk/c2t4d0s0 Where
c2: the controller number t4: driver number on the controller d0: logical unit number for SCSI devicesWill be 0 only if more than one disk per target, say
storage array. S0: partition number on that drive
22
Devices: Naming conventions Solaris Device Naming Conventions
Referenced in three ways Physical device name - /devices Instance name /etc/path_to_inst Logical device name - /dev (links to /devices)
Linux Device Naming Default is device type plus an incrementing value based
on the order in which devices are found Ethernet devices: eth0, eth1 SCSI and Serial ATA disks: /dev/sda, dev/sdb IDE devices: /dev/hda, /dev/hdb
Linux 2.6 kernels and “udev” tool enable administrators to assign arbitrary names to devices
23
Devices: Naming conventions Example: Special files for Other devices
Special file form Example Device/Use
/dev/[r]fdn* /dev/fd0 Floppy disk
/dev/rmtn /dev/rmt1 Tape devices
/dev/nrmtn /dev/nrmt1 Non rewind tape device
/dev/cdrom Cdrom device
/dev/ttyn/dev/ttySn
/dev/tty1/dev/ttyS1
Virtual terminal consoleSerial line (hardwired terminal/modem)
/dev/console Console device
/dev/kmem Map of kernel virtual memory
/dev/swap Swap device
/dev/null Null devices.
24
Devices List the devices on a system
HP-UX: ioscan Tru64 UNIX: hwmgr Linux:
List pci devices “lspci” List SCSI devices “scsiinfo –l” List hard disk parameters “ hdparm”
Solaris: Print system configuration: prtconf Lists devices: getdev
25
The Unix Filesystem Layout Common directories
/ Root directory
/bin Executables for user commands and utilities. Some files are links to file under /usr/bin
/dev Device directory, may includes sub-dirs such as dsk, mnt, pts, etc.
/etc and /sbin System configuration files and executables
Boot scripts /etc/default
hold default parameter values for various commands /home or /usr/users /lost+found
Files marked as in use on disk, but not listed in any directory – found by fsck
There is a lost+found on every disk partition
26
The Unix Filesystem Layout More about common directories
/mnt Temporary mount directory
/proc Designed to enable processes to be manipulated using UNIX file
accessing system calls. Linux puts more files about system configuration
/tmp Available to all users as a scratch directory. Normally, one of the UNIX startup script will clear /tmp.
/usr Subdirs for programs, share libraries, administrative commands
/var Spooling and other volatile directories.
Print spooling, mail system, cron facility Optional softwares Log files
/stand on HP – kernel image /kernel on Solaris – kernel image
27
The Unix Filesystem Layout The /usr directory
/usr/bin Command binary files and shell scripts X system: /usr/bin/X11
/usr/include Include files *.h, C-language header files Operating system include file /usr/include/sys
/usr/lib Standard C libraries for mathematics and I/O
/usr/local By convention, /usr/local/bin holds file that were
developed locally or retrieved from other sources.
28
The Unix Filesystem Layout More about /usr directory
/usr/share Shared among a group of networked systems for
static data files, … /usr/share/man
Manual pages Subdir /usr/share/man/man# for every man section
/usr/ucb Contains standard UNIX commands originally
developed under BSD.
Filesystem mounting/unmounting Mount a file system to the point of tree
#mount /dev/sda4 /users Umount
#umount /users Check what process hold references
#fuser –c /users
29
Access Control List Traditional UNIX 9bit permission Windows has a much more complicated
way – Access control lists POSIX started ACL for Unix
Extension to support multiple user/groups NSFv4 ACL
A union of all (UNIX + Windows) ACLs
30
ACL in Linux Entries:
User::perms User:username:perms Group::perm Group:groupname:perm Other::perms Mask::perms
Implemented at the file system level Disabled by default
Enable by mounting as –o acl Try to match the single most appropriate entry
Set/Get access control list – setfacl,getfacl31
Example: grant write to a user$ ls –l-rw-r--r-- 1 test test 0 Sep 21 14:57 file
$ setfacl -m user:ruihong:w file
$ ls -l file-rw-rw-r--+ 1 test test 0 Sep 21 14:57 file
$ getfacl file# file: file# owner: test# group: testuser::rw-user:ruihong:-w-group::r--mask::rw-other::r--
32
NFSv4 Linux does not support it
Can map POSIX acl to NFSv4 acl Solaris does support it See the textbook for more info
33