Download presentation
Presentation is loading. Please wait.
1
Introduction to UNIX / Linux - 4
Dr. Jerry Shiao, Silicon Valley University Summer 2015 SILICON VALLEY UNIVERSITY CONFIDENTIAL
2
Introduction UNIX/Linux Course
Section 4 The UNIX File System File Types and Representation. File Attributes File Organization and Management. File Storage in UNIX File System. File Command and Primitives The UNIX File Security File Protection From Unauthorized Access User Login. Encrypt File. User Access Privileges. File and Directory Access Privileges Special Access Bits Summer 2015 SILICON VALLEY UNIVERSITY CONFIDENTIAL
3
Introduction UNIX/Linux Course
The UNIX File System UNIX File Concept File is sequence of Bytes. Everything (Network Card, Disk Drive, Keyboard, File, Directory) can be treated as a File. Meaning is attached to the file’s contents by the application that uses/processes the file. Types of Files Simple/ordinary File Directory Symbolic (soft) Link Special (Device) Files Block Special Files Character Special Files Named Pipe (FIFO) Socket Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
4
Introduction UNIX/Linux Course
The UNIX File System Simple / Ordinary Files Store information and data on secondary storage device. File Extensions Meanings are attached to a file’s content by the application that uses/processes the file. Compiler expects “.c” extension, Web browser expects “.html” extension, Loader expects “.o” extension. Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
5
Introduction UNIX/Linux Course
The UNIX File System Directory Names of files/directories and Inode Numbers. Array of Entries: Inode (Index Node) Number: Index into an array on disk. Disk Array Entry: Files attributes Inode for every file in UNIX Inode Table Table of Inodes in memory for all open files. File’s Inode copied from disk to Inode Table. Access File attributes from memory, not from disk. Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
6
Introduction UNIX/Linux Course
The UNIX File System Link File Created when a symbolic link is created to an existing file. Allows sharing file without duplicating the file. Alias of existing file. Device File Special File is the means of accessing hardware devices. Each hardware device associated with at least one Special File. To access hardware (device), applications accesses Device File with file operations (i.e. open/read/write). /dev Directory. Character Device File: Character-oriented devices for streaming data (i.e. keyboard, mice, console connection, virtual terminals). Block Device File: Block-oriented devices for data movement in blocks (i.e. disks, CD-ROM, Flash Drives). Pseudo Device File: Simulate physical devices. Access UNIX via network or virtual terminal in X Window System. Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
7
Introduction UNIX/Linux Course
Device Files Name Type Major Minor Description /dev/fd0 Block 2 Floppy disk. /dev/hda 3 First IDE disk. /dev/hda2 Second primary partition of first IDE disk. /dev/hdb 64 Second IDE disk. /dev/hdb3 67 Third primary partition of second IDE disk. /dev/ttyp0 Char Terminal /dev/console 5 1 Console /dev/lp1 6 Parallel printer /dev/ttyS0 4 First serial port /dev/rtc 10 135 Real-time clock /dev/null Null device Not all device files are real hardware devices. Pseudo devices (fictitious logical devices) are /dev/null, /dev/zero. Summer 2015 SILICON VALLEY UNIVERSITY CONFIDENTIAL 7 7
8
Introduction UNIX/Linux Course
Virtual File System (VFS) Inode represents an object in the file system with a unique identifier (translating filename). struct file_operations abstractions (i.e. read/write/open ) allow all I/O operations to have common interface. The indirect calls (i.e. callback functions) are APIs specific to the file system. To achieve the abstraction (i.e. “black box operation) to the user, common API to the user through glibc library and common callback function signature to the I/O functions. Summer 2015 SILICON VALLEY UNIVERSITY CONFIDENTIAL 8 8
9
Introduction UNIX/Linux Course
The UNIX File System InterProcess Communication Mechanisms: Pipes, Named Pipes (FiFO), and Sockets. Pipe Two related processes communicate with each other on same system: UNIX auto-creates stdin, stdout, stderr. Tied to terminal: stdin = keyboard, stdout/stderr = console. A pipe allows output (stdout) of a command (process) to be sent to input (stdin) of another command (process). Does not use disk, implemented in main memory. Named Pipe (FIFO) File of type Named Pipe. Process reading FIFO blocks waiting for data. Two un-related processes to communicate with each other on same system. Independently executing processes on a system. Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
10
Introduction UNIX/Linux Course
The UNIX File System Socket InterProcess Communication through Socket. Socket established on both hosts. Client / Server Model Client connects to Server to request information. Two processes communicate with same socket type and in same domain. UNIX Domain – Communicate through a common File System on same host. Address: Character string (entry in the File System). Address Family: AF_UNIX Internet Domain – Communicate through Internet on different hosts. Address: Internet Protocol (IP) address of the host and port number. Address Family: AF_INET Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
11
Introduction UNIX/Linux Course
The UNIX File System Socket Client Side Socket: System Calls socket(): Create a socket. connect(): Connect the socket to the address of the server. AF_INET: Port number on host machine. AF_UNIX: Character string (file). . . . read(): Receive data. write(): Send data. Server Client Side Socket: System Calls socket(): Create a socket. bind(): Bind a socket to an address. AF_INET: Port number on host machine. AF_UNIX: Character string (file). listen(): List for connections. . . . accept(): Accept a connection. read(): Receive data. write(): Send data. Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
12
Introduction UNIX/Linux Course
The UNIX File System File System Structure Issues: How are files … Organized from User’s View Stored on Disk Files Manipulated and Permissions Structured Hierarchy Upside-Down Tree Base: /root Specified in three ways: Absolute Path: / Relative to Present Working Directory Relative to User’s Home Directory Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
13
Introduction UNIX/Linux Course
The UNIX File System File System Structure Pathnames: Absolute and Relative Absolute pathname starting from root. cd /home/sau/buildArmLinux Relative pathname starting at Present Working Directory. cd buildArmLinux Relative pathname starting at “~” (tilda) or Home Directory. cd ~/buildArmLinux cd ~ Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
14
Introduction UNIX/Linux Course
The UNIX File System File System Structure Home and Present Working Directories $HOME, ~ (tilda), . (dot), pwd User’s Home Directory. Configured when User account created. . (dot), pwd Present Working Directory: Point where Relative Pathname is derived. Login Present Working Directory is the User’s Home Directory. . / <filename>: File in Present Working Directory. . . (dot dot) Parent directory of the Present Working Directory. .. / <filename>: File in parent directory. Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
15
Introduction UNIX/Linux Course
The UNIX File System File System Structure Executing Commands $ <filename> : Finds <filename> in $PATH or Shell Built-In. $ . / <filename>: Finds <filename> in CWD. $ / home / sau / <filename>: finds <filename> in path preceeding <filename>. Executing Shell Scripts $ <script>: Finds <script> in $PATH, uses “#!/bin/sh” as the Shell Interpreter. $ . / <script>: Finds <script> in CWD, uses “#!/bin/sh” as the Shell Interpreter. $ source <script>: Finds <script> in CWD, ignores “#!/bin/sh” and uses current Shell Interpreter. $ . <script>: Same as “source <script>”. Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
16
Introduction UNIX/Linux Course
The UNIX File System System Administration Users and Groups Specify user’s Login Shell and Home Directory. Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
17
Introduction UNIX/Linux Course
The UNIX File System /etc/passwd /etc/shadow Username to userid and groupid mapping. sau:x:500:500:Simon Au:/home/sau:/bin/bash student1:x:501:501:student1:/home/student1:/bin/bash student2:x:502:502:student2:/home/student2:/bin/bash claruspon:x:503:503:claruspon:/home/claruspon:/bin/bash cs206student1:x:504:504:cs206student1:/user/cs206student1:/bin/bash sau:$1$xklKmTjR$7cOSRZv2IidNQgeUV/8UZ1:14930:0:99999:7::: student1:$1$ElaqELFc$7/GVVYEG/YwKyVDxEyL7R.:15371:0:99999:7::: student2:$1$BUXC1RaH$7aeZSMERxGSNLVRuH9CyX.:15598:0:99999:7::: claruspon:$1$p9TJrbar$HO8iVTNieMTvGldXBJaZa1:15760:0:99999:7::: cs206student1:$1$oyuB45f9$ceSvmEmF9s4vav3eqCPAA0:15979:0:99999:7::: Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
18
Introduction UNIX/Linux Course
Linux Directory Structure /boot – Linux bootup files (i.e. Linux Kernel) /etc – Linux system configuration files. /etc/inittab – Processes started at bootup (i.e. Runlevel) /etc/fstab – File systems and mount points. /etc/passwd – Users are defined and user accounts. /bin – Linux system binaries (i.e. cat, cp, ls, mkdir, pwd, rm, rmdir) /sbin/init – Process runned during boot process. System Administration. /usr/bin – Applications for the users. /lib – The shared libraries for dynamically linked modules. /var – Data changes when the Linux system is running. /var/log – The running Linux system updated log files. /dev – Devices that are available to Linux system. Devices are treated like files and devices can be read/written as files. /mnt – Storage devices (i.e. hard disk, CD-ROMs) must be attached to some directory before accessing. Directores are the mount points. /home – Each users have own directory and only place normal users are allowed to write. /proc – Special directory containing information about the kernel. /proc/devices – List of devices configured into current kernel. vmlinux / boot etc inittab fstab passwd bin mount usr bin grep sbin init var log dev tty0 mnt cdrom home student1 lib proc devices Summer 2015 SILICON VALLEY UNIVERSITY CONFIDENTIAL 18 18
19
Introduction UNIX/Linux Course
The UNIX File System File System Structure Navigating the File System Structure Log on: System places user in home directory. Determining Absolute Pathname of Home Directory echo [ string ] string: “string” sent to the console. echo $HOME /home/sau echo $PWD Browsing File System cd [ directory ] directory: Change Present Working Directory to absolute or relative directory pathname. ls [ options ] [ pathname-list ] -F: Display “/” after directories, * after after symbolic links. -a: Display name of all files, including hidden files. -l: Display long list, including permissions, owner, group, size, time. pathname-list: List of files to display. Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
20
Introduction UNIX/Linux Course
The UNIX File System File System Structure Browsing File System cd $HOME/class pwd /home/sau/class ls -F file1 file2 file_dir/ power* power.c ls -a file1 file2 file_dir .hidden_file power power.c ls -l total 28 -rw-r--r-- 1 sau users :50 file1 -rw-r--r-- 1 sau users :50 file2 drwxr-xr-x 2 sau users :08 file_dir -rwxr-xr-x 1 sau users :37 power -rw-r--r-- 1 sau users :37 power.c ls -l .hidden_file -rw-r--r-- 1 sau users :10 .hidden_file Summer 2015 SILICON VALLEY UNIVERSITY CONFIDENTIAL
21
Introduction UNIX/Linux Course
The UNIX File System File System Structure Summary of the “ls –l” Command (Fields listed left to right). Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
22
Introduction UNIX/Linux Course
The UNIX File System File System Structure Some Important Hidden Files and Their Purpose. Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
23
Introduction UNIX/Linux Course
The UNIX File System File System Structure Creating and Removing Directories mkdir [ options ] dirnames dirnames: Create “dirname” directories. -m MODE: Create with given access permissions. -p: Create parent directories that do not exist in “dirname”. mkdir /tmp/tmp1 mkdir –p usrdir1/usrdir1_1 tmp/ tmp1/ usrdir1/ usrdir1_1/ / mkdir usrdir2 home/ sau/ usrdir2/ Current Working Directory Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
24
Introduction UNIX/Linux Course
The UNIX File System File System Structure Removing Directories rmdir [ options ] dirnames dirnames: Remove “dirname” directories. -p: Remove parent directories. rmdir /tmp/tmp1 rmdir –p usrdir1/usrdir1_1 tmp/ tmp1/ usrdir1/ usrdir1_1/ / rmdir usrdir2 home/ sau/ usrdir2/ Current Working Directory Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
25
Introduction UNIX/Linux Course
File System Structure File Attributes: Using ls command ~]$ ls Desktop Download mbox Pictures Templates Videos Documents link_mbox Music Public testTools ~]$ ls -a . .bashrc Download .gnome2_private link_mbox Pictures .Trash .. .config .gconf .gstreamer-0.10 mbox Public Videos .bash_history Desktop .gconfd .gtk-bookmarks .metacity .redhat .viminfo .bash_logout .dmrc .gnome .gtkrc-1.2-gnome2 Music Templates .xsession-errors .bash_profile Documents .gnome2 .ICEauthority .nautilus testTools .zshrc ~]$ ls -F Desktop/ Download/ mbox Pictures/ Templates/ Videos/ Documents/ Music/ Public/ testTools* ~]$ ls -l total 592 drwxr-xr-x 2 student2 student2 :26 Desktop drwxr-xr-x 2 student2 student2 :26 Documents drwxr-xr-x 2 student2 student2 :26 Download lrwxrwxrwx 1 student2 student2 :47 link_mbox -> mbox -rw student2 student2 :26 mbox rwxr-xr-x 1 root root :48 testTools Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
26
Introduction UNIX/Linux Course
File System Structure File Attributes: Using ls command $ ls –l drwxr-xr-x 2 student2 student2 :26 Desktop Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
27
Introduction UNIX/Linux Course
The UNIX File System File System Structure File Content Type. File [ option ] file-list -f FILE: Use FILE as a file of “file-list” file * file1: ASCII text file1~: ASCII text file1_link: symbolic link to `file1' file2: ASCII text file_dir: directory power: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.4, not stripped power.c: ASCII C program text Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
28
Introduction UNIX/Linux Course
The UNIX File System File Representation Inode Table Entry Block number = Disk Sector Sector = Disk No, Cylinder No, Track No, Sector No File Space allocated in clusters of two, four, or eight 512-Byte Disk Block. Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
29
Introduction UNIX/Linux Course
The UNIX File System File Representation Directory contains array of entries <inode #, filename>. Entry placed in Inode Table in RAM when file is opened. Indexing into Inode Table returns the entry of the Inode containing the block location of file on disk. Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
30
Introduction UNIX/Linux Course
The UNIX File System Standard Files and File Descriptors File Descriptor for every open file in UNIX. Three Standard Files when command executed: Stdin (0): Terminal Keyboard. Stdout (1): Monitor Screen. Stderr (2): Monitor Screen. Redirect Operations: < Input Redirect > Output and Error Redirect File Descriptor File Descriptor Table Systemwide File Table Systemwide Inode Table File Contents On Disk Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
31
Introduction UNIX/Linux Course
The UNIX File System Standard Files and File Descriptors Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
32
Introduction UNIX/Linux Course
The UNIX File Security Time Sharing System Allows Multiple Users Access. Protect Shared Hardware/Software Resources. Storage Device. I/O Devices. CPU. Main Memory. File Protection From Unauthorized Access: UNIX provides three mechanisms to protect files. User Login Name and Password. Encrypt File. Access Privileges to Users. Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
33
Introduction UNIX/Linux Course
The UNIX File Security Password-Based Protection. Password Discovered by: Telling Someone. Guessing “weak” Passwords. Brute Force Method. Change Password. passwd Changing password for sau. Old Password: New Password: Bad password: it is based on a dictionary word Bad password: too simple Reenter New Password: Password changed. Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
34
Introduction UNIX/Linux Course
The UNIX File Security Encryption-Based Protection. GNU Privacy Guard $ gpg -c minicom.log Enter passphrase:<password> Repeat passphrase: <password> $ ls … minicom.log.gpg … $ gpg minicom.log.gpg gpg: CAST5 encrypted data Enter passphrase: <password> gpg: WARNING: message was not integrity protected GNU Privacy Guard Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
35
Introduction UNIX/Linux Course
The UNIX File Security Encryption-Based Protection. ~]$ gpg --gen-key gpg (GnuPG) 1.4.7; Copyright (C) 2006 Free Software … … Please select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (5) RSA (sign only) Your selection? What keysize do you want? (2048) Please specify how long the key should be valid. Key is valid for? (0) Key does not expire at all Is this correct? (y/N) You need a user ID to identify your key; the software constructs the user ID … Real name: Simon Au address: Comment: Lecturer You selected this USER-ID: "Simon Au (Lecturer) … You need a Passphrase to protect your secret key. gpg: /home/student1/.gnupg/trustdb.gpg: trustdb created ~]$ gpg --encrypt --recipient simon minicom.log ~]$ ls envSetup.bash minicom.log.gpg test2 ~]$ gpg --output minicom_3.log – decrypt minicom.log.gpg You need a passphrase to unlock the secret key for user: "Simon Au (Lecturer) Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
36
Introduction UNIX/Linux Course
The UNIX File Security Protection Based on Access Permission Prevents users from accessing each other’s files when not logged on as the file’s owner. File Owner: Assign Access Rights to Files. Dictates how other users can access them (i.e. Read, Write, Execute). Without this protection scheme: UNIX Filesystem is easy to access, has single root, from which all files are derived. Users can access each other’s files. Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
37
Introduction UNIX/Linux Course
The UNIX File Security Access Permission Protection. Types of Users User (owner) : Group : Other User: Owner of the file. Group: Group of Users. Other: Other Users Not in Group. $ groups sau sau : video users $ groups root root : root User : Pass: UserID: GroupID: UserInfo: Home: Shell Name: Word: : : : : Group Name: Info: Group ID: Users $ more /etc/group … root:x:0: video:x:33:sau users:x:100: $ more /etc/passwd … root:x:0:0:root:/root:/bin/bash sau:x:1001:100:sau:/home/sau:/bin/bash Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
38
Introduction UNIX/Linux Course
The UNIX File Security Access Permission Protection. Types of Users (Cont) $ id sau uid = 1001 (sau) gid = 100 (users) groups = 100 (users), 33 (video) Primary Group: Files created by owner (sau) will have primary group. Supplementary Group: Access to additional resources (files). Commands: Add new user to primary ( -g ) and supplementary ( -G ) group. useradd -G <group> <new user> useradd -g <group> <new user> Add existing user to primary ( -g ) and supplementary ( -G ) group. usermod -G <group> <existing user> usermod -g <group> <existing user> Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
39
Introduction UNIX/Linux Course
The UNIX File Security Types of Access Permissions Read: Write: Execute Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
40
Introduction UNIX/Linux Course
The UNIX File Security Types of Access Permissions Read: Write: Execute File has nine types of permissions: 3 for User, 3 for Group, 3 for Others 3 Bits For File Permission of Each Type. User = 7 (Read / Write / Execute) Group = 4 (Read / NA / NA) Others = 4 (Read / NA / NA) Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
41
Introduction UNIX/Linux Course
The UNIX File Security Types of Access Permissions View Access Permission of Files / Directories ls - l [ file-list ] Display long list of files in ‘file-list’ or all files in Present Working Directory. ls – l : List all files in Present Working Directory. ls – l /etc/passwd : List file /etc/passwd. ls – l /etc : List all files in /etc. ls - ld [ directory-list ] Display long list of directories in ‘directory-list’ or all directories in Present Working Directory. ls - ld : List Present Working Directory. ls - ld /etc/passwd: List file /etc/passwd. ls –ld /etc : List directory /etc. Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
42
Introduction UNIX/Linux Course
The UNIX File Security Types of Access Permissions View Access Permissions of Files / Directories ls - l , ls - ld File Type: “d” indicates Directory, “ – “ indicates File. File Owner Access Permission. File Group Access Permission. File Other Access Permission. Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
43
Introduction UNIX/Linux Course
The UNIX File Security Types of Access Permissions View Access Permissions of Directories r: Read the contents of the directory ( use “ls” command ). w: Create, remove entries in the directory. x: Searching the directory ( use “ls -l” command with files). Group CANNOT write. Group CAN use “ls” command. Group CAN use “ls –l” command. Other CANNOT write. Other CANNOT use “ls” command. Other CANNOT use “ls –l” command. Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
44
Introduction UNIX/Linux Course
The UNIX File Security Changing File Access Privileges chmod [ options ] octal-mode file-list octal-mode: Using Octal Value to Represent Read / Write / Execute Access Permission. 7 = Read/Write/Execute, 4 = Read-Only, 6 = Read/Write. chmod [ options ] symbolic-mode file-list symbolic-mode: < who > < operator > < privilege > “=“ Operator Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
45
Introduction UNIX/Linux Course
The UNIX File Security Changing File Access Privileges Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
46
Introduction UNIX/Linux Course
The UNIX File Security Changing File Access Privileges Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
47
Introduction UNIX/Linux Course
The UNIX File Security Changing File Access Privileges $ ls -l total 60 drwxr-xr-x 2 sau users :58 file_dir $ ls -l file_dir total 0 -rw-r--r-- 1 sau users :54 temp -rw-r--r-- 1 sau users :58 temp2 $ chmod -R 711 file_dir $ chmod -R 700 file_dir/temp2 ... drwx--x--x 2 sau users :58 file_dir -rwx--x--x 1 sau users :54 temp -rwx sau users :58 temp2 $ chmod 7 example $ chmod 70 file_dir d------rwx 2 sau users :23 example d---rwx--- 2 sau users :58 file_dir Octal-mode privileges positional. Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
48
Introduction UNIX/Linux Course
The UNIX File Security Changing Directory Access Privileges Read: Allows Reading the Directory’s Contents. Write: Allows Creating / Removing Files or Directories. Execute: Searching the Directory. NOTE: Read / Write Privilege MUST Have Execute Privilege Set. Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
49
Introduction UNIX/Linux Course
The UNIX File Security Default File or Directory Access Privileges Set Access Privilege For New File or Directory. umask [ mask ] mask: Set access permissions on new files and directories EXCEPT for “mask’ bits. umask 027 (Prohibit non-group members from accessing files and directories) New Files: umask: ; w- rwx Initial File Permission: ; rw- rw- rw- Complement of mask: NOT(027) = 750 ; rwx r-x --- Resultant File Permission: 750 AND 666 = 640 ; rw- r New Directories: Initial Directory Permission: ; rwx rwx rwx Complement of umask: NOT(027) = 750; rwx r-x --- Resultant Dir Permission: AND 777 =750; rwx r-x --- Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
50
Introduction UNIX/Linux Course
The UNIX File Security Special Access Bits The Set-User-ID (SUID) Bit If the SUID Bit is set for an executable file (i.e. command or shell script), the process takes on the User privilege of the owner of the file when it executes. If the SUID Bit is NOT set for an executable file, the process takes on the privilege of the user executing the file. File /etc/passwd is owned by root. Command passwd run by users that change /etc/passwd file. Allow /etc/passwd to be changed by passwd command, but not by other users accessing /etc/passwd. ls -l /etc/passwd -rw-r--r-- 1 root root :43 /etc/passwd ls -l /usr/bin/passwd -rwsr-xr-x 1 root shadow :55 /usr/bin/passwd “s” = Execute and SUID set. “S” = SUID set. Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
51
Introduction UNIX/Linux Course
The UNIX File Security Special Access Bits The Set-Group-ID (SGID) Bit If the SGID Bit is set for an executable file, the process takes on the Group privilege of the owner of the file when it executes. If the SGID Bit is NOT set for an executable file, the process takes on the privilege of the user executing the file. ls -ld file_dir d---rws--- 2 sau users :58 file_dir The Sticky Bit If Sticky Bit is set, only the file or directory’s owner or SuperUser can rename or delete the file or directory. If Sticky Bit is NOT set, any user with write and execute permissions can rename or delete a file or directory. ls -ld /tmp drwxrwxrwt 189 root root :15 /tmp “s” = Execute and SGID Bit set. “S” = SGID Bit set. “t” = Execute and Sticky Bit set. “T” = Sticky Bit set. Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
52
Introduction UNIX/Linux Course
The UNIX File Security Special Access Bits The Set-User-ID (SUID) Bit chmod 4xxx file-list chmod u+s file-list The Set-Group-ID (SGID) Bit chmod 2xxx file-list chmod g+s file-list The Sticky Bit chmod 1xxx file-list chmod +t file-list Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
53
Introduction UNIX/Linux Course
The UNIX File Security Special Access Bits ~]$ umask 0002 -rw-rw-r-- 1 student3 student :42 sau_file ~]$ ls -ld sau drwxrwxr-x 2 student3 student :41 sau ~]$ chmod 2775 sau drwxrwsr-x 2 student3 student :41 sau ~]$ ls -l sau_file ~]$ chmod 4664 sau_file ~]$ ls -ld sau_file -rwSrw-r-- 1 student3 student :42 sau_file ~]$ Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
54
Introduction UNIX/Linux Course
The UNIX File Security Special Access Bits ~]$ ~]$ ls -ld sau drwxrwsr-x 2 student3 student :41 sau ~]$ chmod 1775 sau drwxrwsr-t 2 student3 student :41 sau Pearson Addison-Wesley. SILICON VALLEY UNIVERSITY CONFIDENTIAL
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.