Files & Directories Objectives –to be able to describe and use the Unix file system model and concepts Contents –directory structure –file system concepts –i-nodes –permission bits and access control –links –set user/group ID –sticky bits Practicals –manipulating files and permissions Summary

Standard Directories

The Unix Filesystem Unix supports disk partitioning and slicing –one branch of directory structure can reside on one partition or slice –different types of filesystem can be assigned to each partition or slice All filesystems types follow similar model –each filesystem on a partition (or slice) has inode table –inode table comprises one record for each file stored within this partition –file is uniquely identified within the filesystem by its inode number Each file has an inode table entry –inode table entry holds all attributes of a file, such as: –file size, user, group, permissions, etc. Directories map names into inode numbers –directories do not store file attributes –a inode number can have more than one name referencing it

Long Directory Listing # ls -al drwxr-xr-x 2 hawkeye users 512 Jul 11 11:21. drwxr-xr-x 9 root sys 512 Jul 11 10:54.. -rw-r--r-- 1 hawkeye users 23 Jul 15 10:21 file1 drwxr-xr-x 2 hawkeye users 512 Jul 15 10:25 dir1 # ls -al drwxr-xr-x 2 hawkeye users 512 Jul 11 11:21. drwxr-xr-x 9 root sys 512 Jul 11 10:54.. -rw-r--r-- 1 hawkeye users 23 Jul 15 10:21 file1 drwxr-xr-x 2 hawkeye users 512 Jul 15 10:25 dir1 Type of file -plain file ddirectory lsymbolic link Permissions rread wwrite xexecute Size in bytes File user (owner) and group Link count Date and time of last modification Name

Three types of user, plus super user –User (or owner) –Group (any user in same group) –Other Three types of protection –Read –Write –Execute Determine protection flags using: –If super user, all operations permitted –If user, use user protection flags –If same group, use group protection flags –Otherwise use other protection flags Access Control

File & Directory Protection File protection r - read file w - write file (does not imply read) x - execute file (program or shell script) Directory protection r - can read directory list (does not imply access to files) w - can write to directory (create, rename & delete files) x - can search directory (pass through and access files) To create a file you need: --x permission on all directories in the pathname -wx permission on the last directory in the pathname To read a file you need: --x permission on all directories in the pathname r-- permission on the file To write into a file you need: --x permission on all directories in the pathname -w- permission on the file

File Manipulation Permissions File manipulation permissions define ability to write into a directory, ie executing cp, rm, mv, mkdir, rmdir To write into a directory you need: - -xpermission on all directories in the pathname -wx permission on the last directory in the pathname You do not need access to the contents of the file itself You do not need to be the file owner! The rm and mv commands try to be helpful –they will prompt you to confirm the operation for those files for which you do not have write access –The -f (force) option on both commands suppresses this prompt $ rm mypass mypass mode 444? # type y or n $ rm mypass mypass mode 444? # type y or n $ rm -f mypass # done

Exercise - Using File Protection Which of the following operations are permitted? $ id -a uid=318(hawkeye) gid=300(users) groups=100(staff),300(users) $ ls -ld. file* /etc/passwd /etc/shadow /etc drwxr-xr-x 2 trapper users 512 Jul 11 11:21. -rw-rw-r-- 1 trapper staff 23 Jul 15 10:21 file1 -rw-r trapper mash 41 Jul 15 10:21 file2 -rw-rw-rw- 1 hawkeye mash 41 Jul 15 10:21 file3 -r--r--r-- 1 root root 132 Jan 01 9:30 /etc/passwd -r root shadow 96 Jan 01 9:30 /etc/shadow drwxr-xr x 72 root root 4096 Jan 01 9:30 /etc $ id -a uid=318(hawkeye) gid=300(users) groups=100(staff),300(users) $ ls -ld. file* /etc/passwd /etc/shadow /etc drwxr-xr-x 2 trapper users 512 Jul 11 11:21. -rw-rw-r-- 1 trapper staff 23 Jul 15 10:21 file1 -rw-r trapper mash 41 Jul 15 10:21 file2 -rw-rw-rw- 1 hawkeye mash 41 Jul 15 10:21 file3 -r--r--r-- 1 root root 132 Jan 01 9:30 /etc/passwd -r root shadow 96 Jan 01 9:30 /etc/shadow drwxr-xr x 72 root root 4096 Jan 01 9:30 /etc $ more file1 $ more file2 $ ls -l >file1 $ more /etc/passwd $ more /etc/shadow $ more file1 $ more file2 $ ls -l >file1 $ more /etc/passwd $ more /etc/shadow $ rm file2 $ rm file3 $ cp file1 file4 $ rm /etc/passwd $ rm /etc/shadow $ rm file2 $ rm file3 $ cp file1 file4 $ rm /etc/passwd $ rm /etc/shadow

Set User & Group Ids Programs normally executed with the permissions of the user running the program –a child process inherits is UID and GID from the parent Using set user or set group id allows a program to run with the ownership of the program's file –the child process runs with the UID and GID of the file Used to give users access to files and programs which would otherwise be restricted # ls -l /etc/shadow /usr/bin/passwd -r root shadow 473 Dec 25 09:30 /etc/shadow -r-sr-xr-x1 root root Jan /usr/bin/passwd # ls -l /etc/shadow /usr/bin/passwd -r root shadow 473 Dec 25 09:30 /etc/shadow -r-sr-xr-x1 root root Jan /usr/bin/passwd

The Sticky Bit Files can have a sticky bit –originally used to lock executables into memory –no longer used for this purpose with modern memory paging Unix Shared directories should have the sticky bit set –only the owner can delete files from sticky directories –owner still needs write permission to the directory $ ls -al /tmp drwxrwxrwt 1 root sys 1024 Dec 25 09:30. drwxr-xr-x 1 root sys 512 Dec 25 09:30.. -rwxr--r--1 trapper users 188 Dec 25 09:30 ukulele $ rm -f /tmp/ukulele rm: /tmp/ukulele: permission denied $ ls -al /tmp drwxrwxrwt 1 root sys 1024 Dec 25 09:30. drwxr-xr-x 1 root sys 512 Dec 25 09:30.. -rwxr--r--1 trapper users 188 Dec 25 09:30 ukulele $ rm -f /tmp/ukulele rm: /tmp/ukulele: permission denied

File Permission Commands Change ownership, group chown [-R] user files... chgrp [-R] group files... Change permissions chmod [-R] perms files... perms can be symbolic of form [oug][+=-][rwxst] perms can be octal digits # chmod ugo=rwx /tmp # chmod +t /tmp # chmod ug+s /usr/bin/passwd # chmod ugo=rwx /tmp # chmod +t /tmp # chmod ug+s /usr/bin/passwd # chmod 1777 /tmp # chmod -R 664 /project/bin # chmod 1777 /tmp # chmod -R 664 /project/bin # chown root /usr/bin/passwd # chgrp sys /usr/bin/passwd # chown -R user12 /home/user12 # chown root /usr/bin/passwd # chgrp sys /usr/bin/passwd # chown -R user12 /home/user12

Links The ln command creates a link to a file ln [-snf] file target –create a new link called target to an existing file -s symbolic or soft link -n don't overwrite existing filename -f force overwrite of existing filename (default) Remove links with rm – if symbolic link removes link not actual file –a file is deleted when the last hard link is removed Symbolic links –the link file holds the name of the real file –transparent to all commands except ls and rm Hard links: –must be within a filesystem –only root can link to directories

Using Links Links used to save space or allow files to be known by multiple names Consider files of sales data where each doctor puts their monthly figures in a separate file Using links we can organise the files in different ways: –by doctor –by month operations hawkeyetrapper data hp5101hp5102hp5103tm5101tm5102tm

Looking at links Use ls command to look at links -i include inode number in listing -l show symbolic link names and inode link count -L traverse (hide) symbolic links (follow symbolic link to original file) $ touch nurse1 $ ln nurse1 nurse2 $ ln -s nurse1 nurse3 $ ls -il nurse[1-3] 62 -rw-r--r-- 2 hawkeye users 224 Jul 18 09:41 nurse1 62 -rw-r--r-- 2 hawkeye users 224 Jul 18 09:41 nurse2 63 lrwxrwxrwx 1 hawkeye users 6 Jul 18 09:41 nurse3 -> nurse1 $ ls -ilL nurse3 62 -rw-r--r-- 2 hawkeye users 224 Jul 18 09:41 nurse3 $ touch nurse1 $ ln nurse1 nurse2 $ ln -s nurse1 nurse3 $ ls -il nurse[1-3] 62 -rw-r--r-- 2 hawkeye users 224 Jul 18 09:41 nurse1 62 -rw-r--r-- 2 hawkeye users 224 Jul 18 09:41 nurse2 63 lrwxrwxrwx 1 hawkeye users 6 Jul 18 09:41 nurse3 -> nurse1 $ ls -ilL nurse3 62 -rw-r--r-- 2 hawkeye users 224 Jul 18 09:41 nurse3

Summary The Unix file system is a hierarchical tree structure with a single root node Underlying disk layout is hidden from the casual user Files on a disk are identified by a unique number called the i-node number Directories map names onto i-node numbers which permits file links (more than one name for a file) Access to all aspects of the system is controlled through the file permissions Unix has a standard directory structure used by most systems