1Week 4 - Jan 31, 2005 Week 4 Agenda UNIX Directory Structure Absolute pathname Relative pathname Permissions chmod (symbolic/absolute)

2Week 4 - Jan 31, 2005 UNIX Directory Structure The UNIX system is structured hierarchically (upside down tree-like). You can have any number of files and subdirectories under it organized in any way. This structure leads to a parent-child relationship between a directory and its sub-directories.

3Week 4 - Jan 31, 2005 UNIX Directory Structure The file system structure starts with one main directory, called the root directory. The file system structure starts with one main directory, called the root directory. From the root. At the end of each path is an ordinary file or a directory file. From the root. At the end of each path is an ordinary file or a directory file.

4Week 4 - Jan 31, 2005 Ordinary file VS Directory File Ordinary files (files) are at the end of paths and cannot support other paths while Directory files (directories) are the points that other paths can branch from. Directories directly connected by a path called parents (closer to the root) and children (farther from the root) Directory files (directories) are the points that other paths can branch from. Directories directly connected by a path called parents (closer to the root) and children (farther from the root)

5Week 4 - Jan 31, 2005 / Root directory – Root directory – the ancestor of all directories and the start of all absolute pathnames. ~ or $HOME ~ or $HOME Home directory - Home directory - the working directory when you first login Different Directories

6Week 4 - Jan 31, 2005 Different Directories. Current working directory – t Current working directory – t he directory under which you are working.... Parent directory – t Parent directory – t he directory above the working directory

7Week 4 - Jan 31, 2005 Pathname – Absolute VS Relative Absolute pathname – A pathname that starts with root directory. It locates a file without regard to the working directory. Absolute pathname – A pathname that starts with root directory. It locates a file without regard to the working directory. Relative pathname – A pathname that starts from the working directory. Relative pathname – A pathname that starts from the working directory.

8Week 4 - Jan 31, 2005 Your working directory is the_joker and home directory is action_heros 1. Copy flinstones to your working directory by using relative pathname 2. Copy flinstones to your working directory by using absolute pathname 3. Delete simpsons by using relative pathname 4. Rename cartoons to animation by using absolute pathname Pathname – Example

9Week 4 - Jan 31, 2005 Pathname – Example

Week 4 - Jan 31, Permissions - objectives 1.How do you find out what permissions are on a file? 2.How do you change permissions 3.Directory Permissions 4.Default Permissions 5.What permissions do you need to do the following tasks...?

11Week 4 - Jan 31, 2005 Key Concepts – File Permissions UNIX security for users and for the system is based on who has access to files and directories Setting “permissions” on a file controls who can read, write to or execute a file. Use the ls -l command to see the permissions on a file

12Week 4 - Jan 31, 2005 Your grocery lists and your Top Secret Buried Treasure maps should probably have different permissions! Warning !

13Week 4 - Jan 31, 2005 The output of the ls - l command will look like this: total 66 -r-xr-x ling.zhu users30 Mar26 19:49 colours drwxr-xr-x 4 ling.zhusys 512 Apr 1 17:41 comfind Key Concepts - File Permissions

14Week 4 - Jan 31, 2005 It is10 characters long. example: ling.zhu]>$ ls -l -r-xr-x ling.zhu users54 Sep 26 19:49 lab2 Permissions Field The Permission Field - the first field in the long listing entry

15Week 4 - Jan 31, r-xr-x ling.zhu users30 Mar26 19:49 colours drwxr-xr-x 4 ling.zhusys 512 Apr 1 17:41 comfind file type - r-x r-x The Permission Field - The first character position

16Week 4 - Jan 31, 2005 The first character position represents the file type: -a normal file d a directory la soft or symbolic link sa socket ca character-special device ba block-special device The Permission Field

17Week 4 - Jan 31, r-xr-x ling.zhu staff30 Mar26 19:49 colours drwxr-xr-x 4 ling.zhusys 512 Apr 1 17:41 comfind - r-x r-x The next 9 characters in the Permissions Field are read as groups of 3 The Permission Field

18Week 4 - Jan 31, 2005 Each set of three characters is read the same way: r w x an “r” in the first position gives read permission for the file a “w” in the second position gives write permission for the file an “x” in the third position gives execute permission for the file The next 9 characters in the Permissions Field are read as groups of 3 The Permission Field

19Week 4 - Jan 31, 2005 Similarly for each set of three characters a “-” in the first position means no read permission for the file a “-” in the second position means no write permission for the file a “-” in the third position means no execute permission for the file

20Week 4 - Jan 31, 2005 Warning! For normal files execute permission means it is executable! In DOS a file would have to have the proper extension in the filename to be executable. (.com,.exe,.bat)

21Week 4 - Jan 31, r-x r-x user The user that is the owner of a file is found in field 3 of the ls -l output. In this case ling.zhu has read and execute permission, no write permission -r-xr-x ling.zhu users30 Mar26 19:49 colours The first set of three characters - indicates the permissions for the user who owns the file.

22Week 4 - Jan 31, 2005 UNIX, If you created it.... you own it! Remember!

23Week 4 - Jan 31, r-x r-x group The group that the file belongs to is found in field 4 of the ls -l output. In this case users have read & execute but no write permissions -r-xr-x ling.zhu users30 Mar26 19:49 colours The second set of three characters - indicates the permissions for the members of the file’s group.

24Week 4 - Jan 31, r-x r-x others -r-xr-x ling.zhu users30 Mar26 19:49 colours In this case others have no read, no write & no execute permissions... The third set of three characters - indicates the permissions for all others on the system.

25Week 4 - Jan 31, r-xr-x ling.zhu users30 Mar26 19:49 colours drwxr-xr-x 4 ling.zhusys 512 Apr 1 17:41 comfind - r-x r-x file type user group others Key Concepts - File Permissions

26Week 4 - Jan 31, 2005 chmod

27Week 4 - Jan 31, add / remove permissions implicitly - symbolic method 2. set permissions explicitly - absolute or octal method 2 ways to specify permissions with the chmod command

28Week 4 - Jan 31, 2005 You need to provide 3 pieces of information: 1. WHO are you changing permissions for? 2. what OPERATION do you want to do? 3. WHAT are the permissions you want to add/remove? To add/remove permission implicitly (symbolic method)

29Week 4 - Jan 31, WHO are you changing permissions for? ufor the user gfor the group ofor all others afor all three To add/remove permission implicitly (symbolic method) you need to provide 3 pieces of information:

30Week 4 - Jan 31, what OPERATION do you want to do? + (plus sign) add the permission - (minus sign)remove the permission = (equal sign)set it to indicated mode To add/remove permission implicitly (symbolic method) you need to provide 3 pieces of information:

31Week 4 - Jan 31, WHAT are the permissions you want to add/remove? rread wwrite xexecute To add/remove permission implicitly (symbolic method) you need to provide 3 pieces of information:

32Week 4 - Jan 31, r-xr-x ling.zhu users30 Mar26 19:49 colours drwxr-xr-x 4 ling.zhusys 512 Apr 1 17:41 comfind - r-x r-x file type user group others To add/remove permission implicitly (symbolic method) you need to provide 3 pieces of information:

33Week 4 - Jan 31, r-x r-x file type usergroup others To add write permission for user who? u (user) 2. what operation? + (add) 3. what permission? w(write) To add/remove permission implicitly (symbolic method) you need to provide 3 pieces of information:

34Week 4 - Jan 31, r-x r-x file type usergroup others To add write permission for user for the file called colours the command would be: chmod u+w colours -r-xr-x ling.zhu users30 Mar26 19:49 colours To add/remove permission implicitly (symbolic method) you need to provide 3 pieces of information:

35Week 4 - Jan 31, rwx r-x file type usergroup others The chmod u+w colours command results in the following permissions for the file colours: -rwxr-x ling.zhu users30 Mar26 19:49 colours To add/remove permission implicitly (symbolic method) you need to provide 3 pieces of information:

36Week 4 - Jan 31, rwx r-x file type usergroup others To remove write permission for user, and add write permission for the group for the file called colours the command would be: chmod u-w,g+w colours -rwxr-x ling.zhu users30 Mar26 19:49 colours To add/remove permission implicitly (symbolic method) you need to provide 3 pieces of information:

37Week 4 - Jan 31, r-x rwx file type usergroup others The chmod u-w,g+w colours command results in the following permissions for the file colours: -r-xrwx ling.zhu users30 Mar26 19:49 colours To add/remove permission implicitly (symbolic method) you need to provide 3 pieces of information:

38Week 4 - Jan 31, 2005 Using Implicit or Symbolic Permissions! To get the permissions exactly as you want them you may have to use a series of addition and removal commands.... you can combine them all on one line, just make sure there are no spaces between them!

39Week 4 - Jan 31, 2005 There are 2 ways to specify permissions with the chmod command: 1. add / remove permissions implicitly 2. set permissions explicitly Key Concepts - File Permissions

40Week 4 - Jan 31, 2005 Assign individual permission letters “point values” r=4 w=2 x=1 deny all= 0 Setting permissions explicitly = octal = absolute

41Week 4 - Jan 31, Setting permissions explicitly: r = 4 w = 2x = 1 rwx= = 7read,write,execute rw-= = 6read, write r-x= = 5read, execute r--= = 4read only -wx = = 3write, execute -w-= = 2write only --x= = 1execute only ---= = 0no permission

42Week 4 - Jan 31, 2005 chmod 777 colours - rwx rwx rwx -rwxr-x ling.zhu users30 Mar26 19:49 colours rwx=4+2+1=7 -rwxrwxrwx 1 ling.zhu users30 Mar26 19:49 colours Setting permissions explicitly = octal = absolute

43Week 4 - Jan 31, 2005 chmod 640 colours - rw- r rwxr-x ling.zhu users30 Mar26 19:49 colours rw-=4+2+0=6r--=4+0+0=4---=0+0+0=0 -rw-r ling.zhu users30 Mar26 19:49 colours Setting permissions explicitly = octal = absolute

44Week 4 - Jan 31, 2005 Using Explicit or Octal Permissions ! allows you need to specify the exact permissions you want... regardless of the current permissions

45Week 4 - Jan 31, 2005 Directory Permissions Directory permissions are much the same as files the owner of a directory decides who has access to its files directory permissions are assigned using the same letters as for files but the meaning of the letters r,w,x are different.....

46Week 4 - Jan 31, 2005 Read permission for a directory means you are allowed to list the files in the directory with ls Write permission for a directory means you can create or remove files in it Execute permission for a directory means you can make it your working directory or pass through it in a path Read & execute = “search” permissions are required to get a long listing. Directory Permissions

47Week 4 - Jan 31, 2005 Question: What permission do you need for a directory in order to remove a file under it? Directory Permissions rw- ? -wx?

48Week 4 - Jan 31, 2005 Warning! For directories, you need “execute” permission to search them!... without “search” permission in a directory you need to know the exact name of a file to read it

49Week 4 - Jan 31, 2005 Question What is the minimum permission needed to view hiding.html under public_html/sub1/subsub1/week4 ?

50Week 4 - Jan 31, 2005 Two approaches to file security: 1. Permit wide access to your files and just turn off permissions for specific files and directories when more security is needed. 2. Permit limited access to your files and turn on permissions for specific files as needed. It’s YOUR choice! Setting Default Permissions for New Files

51Week 4 - Jan 31, 2005 umask

52Week 4 - Jan 31, 2005 Setting Default Permissions for New Files The umask command allows you to control access to new files and directories umask acts like chmod in reverse - each digit in umask tells what default permission to turn off

53Week 4 - Jan 31, 2005 default permissions for files are: rw-rw-rw-read, write for everyone no execute until you debug code default permissions for directories are: rwxrwxrwxread,write and execute so that the directory can be accessed Setting Default Permissions for New Files

54Week 4 - Jan 31, 2005 default permissions for files are: file default rw-rw-rw- umask of results in rw-r----- permission 640 turn off write for groupturn off all for others Setting Default Permissions for New Files

55Week 4 - Jan 31, 2005 default permissions for directories are: directory default rwx rwx rwx umask of results in rwxr-x--- permission 750 turn off write for group turn off all for others Setting Default Permissions for New Files