Chapter 4: Understanding Users and File Systems

Chapter 4: Understanding Users and File Systems
The Complete Guide to Linux System Administration

Objectives Create and manage user and group accounts
View and set access permissions on files and directories Understand how file systems are configured and accessed Perform basic file compression and archiving tasks The Complete Guide to Linux System Administration

Linux Users and Groups Must first log in using valid user account name and password More user accounts on Linux system More work required to keep them running smoothly The Complete Guide to Linux System Administration

Types of User Accounts Preconfigured user accounts Root
Administrative account Also called superuser Can perform any operation on Linux system Do not log in as root for normal work Change temporarily to root user The Complete Guide to Linux System Administration

Types of User Accounts (continued)
System  Administration Users & Groups Then the Query for root password will appear. (eg or linux5) The Complete Guide to Linux System Administration

Type of users The Complete Guide to Linux System Administration

su command Temporarily changes access rights to those of another user Without any parameters Change to root account Hyphen after su command Causes command to run login scripts Places you in login directory of user $ su - Password: # The Complete Guide to Linux System Administration

Preconfigured user accounts Regular user accounts Users who log in at keyboard and use Linux system Commonly associated with named individuals Special user account Used by Linux programs Created during installation of Linux Vary depending on services installed The Complete Guide to Linux System Administration

Linux Groups Group Each user in Linux is assigned to primary group
Collection of user accounts Can be collectively granted access to files and directories Each user in Linux is assigned to primary group /etc/group file Lists members of each defined group The Complete Guide to Linux System Administration

Linux Groups (continued)

User and Group Files /etc/passwd Stores user account information
Password information not stored in this file Contents include: User account name Password User ID number (UID) Group ID number (GID) User’s real name Home directory Default shell The Complete Guide to Linux System Administration

User and Group Files (continued)
/etc/group file Defines groups on Linux system vigr command Edit this file Contents include: Name of group Group password GID number Members of group The Complete Guide to Linux System Administration

Shadow Passwords /etc/shadow Shadow password suite
Stores encrypted passwords Can only be read by: Root user Certain utilities Shadow password suite Collection of password-related programs Have been modified to recognize /etc/shadow file The Complete Guide to Linux System Administration

Changing User Passwords
Can change password of any user account on system When logged in as root Use passwd command Standard procedure System administrator assigns initial password to new account User immediately selects new password The Complete Guide to Linux System Administration

Changing User Passwords (continued)
To change user’s password Use passwd without any parameters Must enter current password The Complete Guide to Linux System Administration

Change password The Complete Guide to Linux System Administration
Suppose your system includes a user account Jizw. To change her password, do the following: 1. Make sure you're logged in as root (typically by using the su command). 2. Enter the command passwd lizw. Changing password for user lizw New password: 3. Type the new password for the Linux user account and press Enter. Nothing appears on screen as you type, so work carefully. The following text appears after you press Enter: Retype new password: 4. Type the new password a second time, exactly as you typed it the first time. This verifies that the password was entered as you intended to type it. When you press Enter the second time, the following text appears: passwd: all authentication tokens updated successfully The Complete Guide to Linux System Administration

Changing User Passwords (continued)
Good password characteristics At least five characters long Include digits or punctuation marks Mix uppercase and lowercase letters Easy for account owner to remember Hard for anyone else to guess Not created from simple manipulation of: Word found in dictionary Name of person or place The Complete Guide to Linux System Administration

User Information Commands
id command Shows effective UID id uid=500(nwells) gid=500(nwells) groups=500 (nwells) logname command View user name that you used to log in whoami command Shows user name of currently effective UID groups command Lists all groups you are a member of The Complete Guide to Linux System Administration

User Information Commands (continued)
who command Lists all regular users on system Shows location where they are logged in $ who Root tty3 Mar 26 10:33 Nwells : Mar 26 10:29 Nwells pts/1 Mar 26 10:30 (:0.0) The Complete Guide to Linux System Administration

User Information Commands (continued
w command Information from who command, plus: Time person logged in Program they are running Information about system resources user is consuming The Complete Guide to Linux System Administration

File Permissions Each file and each directory in Linux is assigned an owner the owner is one of the users who has an account on the system. Each file and directory also has a group assigned to it the group must be one of the groups named in the /etc/groups file Files and directories have Owner Group Linux determines who can access file or directory based on: Who owner is Which group is assigned to object File permissions define access granted to file or directory The Complete Guide to Linux System Administration

File Permissions (continued)
Access mode Permissions Read permission (r) Write permission (w) Execute permission (x) Permissions can be assigned by: User permissions (u) Group permissions (g) Other permissions (o) The Complete Guide to Linux System Administration

File Permissions (continued)

Changing Ownership chown command
Change user and group assigned to file or directory Can only use when logged in as root Example: chown jtaylorManagers report.doc # chown jtaylor * If you add the -R option to the chown command, the command is recursive, meaning that it changes the owner on any files in subdirectories of the current directory that match the file name given. # chown –R pascal (pascal is a directory) The Complete Guide to Linux System Administration

Changing Ownership Can use graphical file manager to change owner of file chgrp command Change group assigned to file or directory Example: chgrp managers report.doc The Complete Guide to Linux System Administration

Changing File Permissions
chmod (change mode) command To use the chmod command, include the type of permissions you want to change (user u , group g , or other o), followed by a + to add , - to remove or = to set all permissions, followed by the permissions you want to set (r for read , W for write , or x for execute ). Change file permissions Regular users can alter permissions assigned to any file or directory that you own Example: chmod o+w reportDoc System administrators normally use shortcut syntax The Complete Guide to Linux System Administration

The following command changes those permissions to rwx:
For example, suppose the report.doc file has r-x permissions set for the group. The following command changes those permissions to rwx: $ chmod g+w report .doc But the following command changes the group permissions to be only rw, removing the x permission $ chmod g=rw report.doc The Complete Guide to Linux System Administration

Changing File Permissions (continued)
Alternate syntax chmod -R ### <filename or directory> -R is optional and when used with directories will traverse all the subdirectories of the target directory changing ALL the permissions to ###. Each of sets of three permissions is represented by number from 0 to 7 for (r w x ) Example: chmod 640 report.doc 6 for u user (110) (r w -) 4 for g group (010) (r - -) 0 for o other (000) (- - -) The Complete Guide to Linux System Administration

The #'s can be: 0 = Nothing 1 = Execute 2 = Write 3 = Execute & Write (2 + 1) 4 = Read 5 = Execute & Read (4 + 1) 6 = Read & Write (4 + 2) 7 = Execute & Read & Write ( ) The Complete Guide to Linux System Administration

Eg. $ chmod 640 report.doc $ ls -l report.doc -rw-r nwells nwells May 27 14:01 report.doc $ chmod 755 program_file $ ls -l program_file -rwxr-xr-x 1 root root 2177 May 29 14:01 program_file The Complete Guide to Linux System Administration

Graphical environment provides easy method of setting file permissions
Properties dialog box Permissions tab The Complete Guide to Linux System Administration

Default File Permissions
When the bash shell creates a new file because of actions you take at the command line (such as using the touch command or redirecting command output to a file), it creates the file with these permissions: rw-rw-rw- umask command Defines mask to stop certain permissions from being granted by default when files created Executed automatically when you log in to Linux Uses same three-digit permission codes as chmod command The Complete Guide to Linux System Administration

umask The value you give as a parameter to the umask command disables one or more of the 4 existing default permissions. Using the -S option on umask is helpful because it shows which permissions are currently allowed on new files: $ umask -s If you enter this next command, all permissions are permitted on new files: $ umask 000 If you enter the following command, no permissions at all are permitted for other on new files: $ umask 007 In most cases, you have no need to change the default "mask setting. The Complete Guide to Linux System Administration

Introducing the File System
Managing file system is basic task for system administrators The Complete Guide to Linux System Administration

Introduction to Linux UNIX File System

File System Introduction to Linux
The Unix file system looks like an inverted tree structure. You start with the root directory, denoted by /, at the top and work down through sub-directories underneath it.

Each node is either a file or a directory of files, where the latter can contain other files and directories. You specify a file or directory by its path name, either the full, or absolute, path name or the one relative to a location. The full path name starts with the root, /, and follows the branches of the file system, each separated by /, until you reach the desired file, e.g.: /home/condron/source/xntp

A relative path name specifies the path relative to another, usually the current working directory that you are at. Two special directories : . the current directory .. the parent of the current directory So if I'm at /home/frank and wish to specify the path above in a relative fashion I could use: ../condron/source/xntp This indicates that I should first go up one directory level, then come down through the condron directory, followed by the source directory and then to xntp.

Structure of Standard Directories in Unix/Linux
Introduction to Linux Structure of Standard Directories in Unix/Linux / The ancestor of all directories on the system; all other directories are subdirectories of this directory, either directly or through other subdirectories. /bin Essential tools and other programs (or binaries). /dev Files representing the system's various hardware devices. For example, you use the file `/dev/cdrom' to access the CD−ROM drive. /etc Miscellaneous system configuration files, startup files, etc.

Introduction to Linux Structure of Standard Directories in Unix/Linux /home The home directories for all of the system's users. /lib Essential system library files used by tools in `/bin'. /proc Files that give information about current system processes. /root The superuser's home directory, whose username is root. (In the past, the home directory for the superuser was simply `/'; later, `/root' was adopted for this purpose to reduce clutter in `/'.)

Introduction to Linux Structure of Standard Directories in Unix/Linux /sbin Essential system administrator tools, or system binaries. /tmp Temporary files. /usr Subdirectories with files related to user tools and applications.

Directories, Files and Inodes
Introduction to Linux Directories, Files and Inodes Every directory and file is listed in its parent directory. In the case of the root directory, that parent is itself. A directory is a file that contains a table listing the files contained within it, giving file names to the inode numbers in the list. The information about all the files and directories is maintained in INODE TABLE An Inode (Index Nodes) is an entry in the table containing information about a file (metadata) including file permissions, UID, GID, size, time stamp, pointers to files data blocks on the disk etc.

Partitions and File Systems
Distinct area of hard disk Has been prepared to store particular type of data That partition is marked with a code indicating that the partition contains (Windows or linux) data. File system Arrangement of information on device such as hard disk df command (display file system) See status of all currently accessible file systems The Complete Guide to Linux System Administration

Partitions and File Systems (continued)
Linux typically uses one of two default file system types: ext3 Reiserfs Windows typically uses one of two default file system types: FAT32 NTFS The Complete Guide to Linux System Administration

Partitions and File Systems (continued)

df command You can see the status of all currently accessible file systems using the df command (display file systems) . The output shows you the device on which the file system resides, the total storage space, the amount of free space, and other infornlation. The Complete Guide to Linux System Administration

Within an ext2 or ext3 file system, a fixed number of entries are defined to hold information about files. Each of these entries is called an inode (pronounced eye-node). A file system typically contains more than enough inode entries for all the files you might possibly create on that file system. Each inode has an associated number and contains information such as the ID number for the owner and group assigned to the file, the file permissions of the file, the file size, the time the file was created, and numeric pointers to the areas of the hard disk that contain the file's data. The Complete Guide to Linux System Administration

Inodes and Links inode Hold information about files
Within ext2 or ext3 file system Has associated number Controls file to which it points Does not contain file name File record the file record is an indirect pointer to the file's data, through the inode contains: File name Inode number for file You can view the inode number associated with each file by using the Is command with the -i option $ ls -i The Complete Guide to Linux System Administration

Inodes and Links (continued)
Directory record contains list of files with corresponding inode numbers Every subdirectory is just a list of file records. Link allows two or more file records to refer to same physical data stored in file system Symbolic link (also called a soft link) File that refers to another file or directory, rather than containing data itself Used when same data must be accessed from two locations in directory structure Takes only a few bytes of hard disk space The Complete Guide to Linux System Administration

For example, suppose several employees in a company want to work on the same file.
The system administrator can place the file in a directory and then create a symbolic link in each user's home directory to access the real file. If the real file is /tmp/report.doc, the symbolic links might be /home/nwells/report.doc, /home/davis/report. doc, / home/ laura/report.doc. When users make changes after opening the file in their home directory, they are all changing the same file. Symbolic links are used when the same data must be accessed from two locations in the directory structure, or by two (or more) different names. Symbolic links are commonly used in directories such as llib and /usr/lib. The Complete Guide to Linux System Administration

ln command Create symbolic link Use -s option Syntax: ln -s <existing file> <symbolic link to be created> For example, if you wanted to make a link from the /etc/profile file to your home directory under the name main_profile, use the following command: $ ln -s /etc/profile /home/nwells/main-profile In the command above, you might decide to use relative path names, depending on your current working directory. In more technical terms, a symbolic link is a file record that includes a path and file name, but not an inode number. When a user refers to a symbolic link, Linux looks at the path and file name given in the symbolic link's file record. The file record for that path and file name includes an inode, which is used to access the file data for the symbolic link. The Complete Guide to Linux System Administration

Hard link File record that includes file name and inode Just like regular file record Refers to inode that already has file record pointing to it The hard link is a second file record pointing to the same physical data A single inode can have numerous file records (hard links) pointing to it. Both symbolic and hard links are used often in a Linux file system. Whenever you use the Is -I command, any symbolic links are indicated as extra file names in the right column of the output. The Complete Guide to Linux System Administration

example An example of a symbolic link in Red Hat Linux is the view command. This output illustrates how you can use the Is -I command to show the view command: $ Is -l /bin/view lrwxrwxrwx 1 root root 2 Aug 12 13:36 /bin/view -> vi The arrow in the right column indicates that the file named view is a symbolic link to the file named vi . The letter I in the far left column of the screen output also indicates that the file is a symbolic link. The number in the second column from the left (in this case, 1) indicates the number of file records that refer to the same inode as this file record. The Complete Guide to Linux System Administration

Example 2 The zcat file name (also in Red Hat Linux) is an example of a hard link. The zcat file record refers to an inode to which two other file records also refer. The Is -l command again shows this: $ Is -l /bin/zcat -rwx-r-xr-x 3 root root Mar 25 13:28 /bin/zcat the file record holding the file name zcat refers to an inode to which two other file records also refer (for a total of three). The Complete Guide to Linux System Administration

File Types Different types of files are used to perform different functions Stat command Ties together file name with inode Shows information about inode number,the device on which the file is stored, the most recent access time, and the assigned file permissions. The Complete Guide to Linux System Administration

File Types (continued)

Accessing Removable Media
To use any file system Must be mounted Mount command Instruct Linux how to access file system Mount point Path in directory structure where you access data in file system umount command unmount media The Complete Guide to Linux System Administration

mount $ mount /mnt/cdrom The /mnt/cdrom directory is a mount point
You use the mount command to make a new file system accessible via a mount point. Using the mount command without any parameters displays a list of the currently mounted file systems. Removable disks are not detected automatically. Before trying to access a 3.5-inch disk, you can mount it using this command: $ mount /mnt/floppy The Complete Guide to Linux System Administration

unmount After you have finished copying files to and from the floppy disk, or from a CD-ROM, you should not eject the disk-you cannot eject the CD-ROM-until you first unmount the media using the umount command Before you can unmount a file system, you must change to a directory that is not in that file system; if your working directory is /mnt/ cdrom or one of its subdirectories, you cannot unmount the CD-ROM. These rwo examples show how you to unmount a CD-ROM or 3.5-inch disk: $ umount /mnt/floppy $ umount /mnt/cdrom The Complete Guide to Linux System Administration

Accessing Removable Media (continued)
fdformat command Format 3.5-inch disk /dev/fd0 Device name for 3.5-inch disk drive $ fdformat /dev/fd0 The Complete Guide to Linux System Administration

Using find find command
Helps find objects matching exact search criteria Doesn’t use prebuilt indexas as the slocate command does. More slowly than slocate. Provides many more options than slocate. Example: find /home -name "report.doc" -print The Complete Guide to Linux System Administration

find The simplest use of find is to search for files that match a specific pattern and display them onscreen. In the following example, the path where the search should begin is /home; the name of the file to search for is report. doc, and the action to take with each matching file name is to display (print) the name onscreen (displaying to the screen is the default action, so the -print option shown here is not strictly necessary. but it illustrates the format for more complex find operations): # find /home –name “report.doc" -print The Complete Guide to Linux System Administration

Find The find options let you perform complex searches for information on your Linux system. For example, using a single (complex )find command, you can do any of the following tasks: Create an archive file of all the files that have been modified in the last 24 hours. Delete all files owned by a certain user on the Linux system. Create a list of all files that are larger than a certain size. Create a list of all files that have specific access permissions. Create a list of all files that do not have a valid owner. The Complete Guide to Linux System Administration

find The following command searches the /tmp directory (and all its subdirectories) for files owned by user wilsonr that have the jpg file extension and are larger than 50 KB. All matching file names are displayed onscreen and the files are immediately deleted. # find /tmp -name "*jpg" –size 50k -user wilsonr -print -exec rm \{ \} \ ; The Complete Guide to Linux System Administration

Managing File Archives
System administrators often work with files that include: Compressed data Multiple files in archival format The Complete Guide to Linux System Administration

Compressing Files Compressing files
Useful way to use less space for rarely accessed data Makes files smaller before transmitting them over network gzip command Compress any file For example, to compress the file large. doc, use this command: $ gzip large.doc The preceding command transforms the file large.doc into a compressed file called large.doc.gz gunzip command Uncompresses file compressed using gzip $ gunzip large.doc gz The resulting file is named large.doc The Complete Guide to Linux System Administration

Using tar and cpio for Archiving Files
tar archive Single file that can contain other files and directory structure tar command Create tar archive Specify files to be included in backup archive on command line Writes data to file name or device to extract the contents of an archive file named program.tgz, use this command (note that options for the tar command do not use a hyphen): $ tar xvzf program.tgz The Complete Guide to Linux System Administration

When you use the tar command to extract the contents of a tar archive, the tar archive remains intact. When you use the gzip or gunzip command to compress or uncompress a file, the original file is altered (compressed or uncompressed), and its name is changed accordingly The Complete Guide to Linux System Administration

Using tar and cpio for Archiving Files (continued)
cpio command Copy in and out Similar to tar Reads from STDIN channel for file names Writes data back to STDOUT tar and cpio Help create incremental or multilevel backup The Complete Guide to Linux System Administration

example creating a full backup of the /home directory.
You can assume for this example that the device /dev/tape is configured as a tape drive. # tar cf /dev/tape /home If you had a small set of files to archive, you could send the archive to a 3.5-inch disk: # tar cf /dev/fd0 /boot c option of tar to create a new archive. f option (for filename) followed by the device name indicates the location where the archived data will be stored. The last parameter, /home, indicates which files are to be archived tar includes all files within that directory. The Complete Guide to Linux System Administration

The Complete Guide to Linux System Administration
A cipo command equivalent to the above tar command is: # find /home -print I cpio -0 > /dev/tape This cpio command relies on the find command to generate a list of files (one file name per line) for cpio to back up. Those file names are sent to cpio using a pipe symbol because cpio reads the file names in from STDIN. The> redirection operator sends the archived files to the device /dev/tape. The -0 option on cpio indicates that the archive is being output-that is, that data is being written out. A simpler example of cpio can archive the contents of a single directory to a local file using the Is command to generate the list of files to archive: # ls I cpio -o > /tmp/archive.cpio The Complete Guide to Linux System Administration

The v option is normally added to both tar and cpio so that the output of the command is verbose, meaning that the command prints details of what it is doing to the screen. With that option added, the last example looks like this: # ls I cpio -ov > /tmp/archive.cpio The Complete Guide to Linux System Administration

Extract files # tar xvf /dev/fdo # cpio -idv < /dev/fd0
X for extract The cpio command uses the -i option for input, again extracting the contents of the backup media into the current directory. The -d option is also added here so that cpio creates subdirectories that existed in the data as required to re-create the original data organization. When using the cpio command with the -i option, cpio reads the STDIN channel to get the archived data so the < redirection operator is used with the file name or archive device name. The Complete Guide to Linux System Administration

parameter with a value of 1: # find /home -mtime 1 –print
the following find command prints a list of all files in the /home directory (and its subdirectories) that have been modified in the last day by using the -mtime parameter with a value of 1: # find /home -mtime 1 –print # find /home -mtime 1 -print I cpio -ov > /dev/tape # tar cf /dev/tape ' find /home -mtime 1 -print' The Complete Guide to Linux System Administration

The Complete Guide to Linux System Administration

Summary User accounts form basis of file system security in Linux
Can change user that you are working as Each user can belong to multiple Linux groups Encrypted passwords are stored in /etc/shadow file Linux file security is controlled by nine permissions The Complete Guide to Linux System Administration

Summary (continued) File systems Hard and soft links
Organized collections of data Created within partitions on hard disk Hard and soft links Refer to inode Removable media must be mounted before it can be accessed Linux includes several utilities for compressing files The Complete Guide to Linux System Administration

Chapter 4: Understanding Users and File Systems

Similar presentations

Presentation on theme: "Chapter 4: Understanding Users and File Systems"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Chapter 4: Understanding Users and File Systems

Similar presentations

Presentation on theme: "Chapter 4: Understanding Users and File Systems"— Presentation transcript:

Similar presentations

About project

Feedback