Lecture 3 Directories and Permission.pdf
Document Details
Uploaded by ExceedingNoseFlute
Ross University School of Medicine
Full Transcript
TOPICS Unix Directories Files & Directories Permissions Commands: chown, chgrp & umask SUID Review of last Lecture 1 Question Tell me what the following commands do file errfl echo “TUESDAY” > fltest fold –w 1 fltest...
TOPICS Unix Directories Files & Directories Permissions Commands: chown, chgrp & umask SUID Review of last Lecture 1 Question Tell me what the following commands do file errfl echo “TUESDAY” > fltest fold –w 1 fltest echo “wednesday” > fltest fold –w 2 fltest Directories 2 Directories UNIX directories are similar to files, they both have names and contain information. Directories can contain both files and other directories. Many of the same rules and commands which apply to files also apply to directories. Directories are organized in a hierarchy. At the top of the hierarchy is the “root” directory, symbolized by “/”. Directories (con’t) 3 Directories (con’t) The actual locations and names of file and directories may differ under different implementations of Unix. However, the following system files and directories are usually present in most Unix file systems: bin: contains binary files, these are executable command and application files lib: contains system library files dev: contains device files, which are the software components of terminals, printers, disks, etc. tmp: temporary storage etc: directory is used for miscellaneous administrative files and commands. pub: is for public files 4 Directories (con’t) usr has traditionally been reserved for user directories, but on large systems it usually contains other bin, tmp, and lib directories. Creating Directories To make a directory use the mkdir command Syntax: mkdir directoryname The directory name must not exist before you use the command. 5 Accessing Directories/Files Every directory and file on the system has a pathname by which it is accessed, starting from the root directory. The names of directories and the files beneath them, combined with slash separators, constitute a pathname. For example, the pathname for the steve directory is /user/admin/steve. There are two types of pathnames: absolute and relative. An absolute pathname, also referred to as a full pathname, is the location of a filesystem object (i.e., file, directory or link) relative to the root directory. A relative pathname tells the location of a filesystem object relative to the current directory 6 Displaying Directories When you log on, UNIX places you in your home directory. The pwd command will display the full pathname of the current directory To view the contents within a directory use the ls command followed by the full pathname. Eg. ls /usr/bin ls /export/home/Comp2319 Changing Directories To change to a directory use the cd command Eg: cd ~/funxdir or cd $HOME/funxdir To get back to a parent directory, you can use the special “..” directory abbreviation. Enter: cd (puts you in your home directory) or cd.. pwd will show the pathname of your current directory e.g. /export/home/Comp2319 7 Moving Files Between Directories Use the mv command to move files between directories. Syntax: mv source-file destination-directory Example: mv list2 ~/funxdir (This moves the file and keeps its name.) We can also move a file to another directory and rename it Example: mv list2 ~/funxdir/list2bkup Copying Files to Other Directories Use the cp command to copy files to other directories Eg: cp list1 ~/funxdir To copy a file to another directory and change its name enter: cp list1 ~/funxdir/list2bkup To copy a directory and all its content to a new directory. Syntax: cp -r SourceDirectory NewDirectory 8 Renaming Directories You can rename an existing directory with the mv command. Syntax: mv oldDirectory newDirectory − The new directory name must not exist before you use the command. − The new directory need not be in the current directory. You can move a directory anywhere within a file system. Removing Directories To remove a directory use the rmdir command. Normally, you cannot remove a directory unless you first remove all its contents – that is, all the files and sub-directories that it contains. Syntax: rmdir directoryname However there is a command which will allow you to remove a directory and all it contents: rm –ri directoryname 9 File and Directory Permissions When accessing a file or directory within Unix the following two properties must be consider : 1. Ownership 2. Permissions 10 Ownership Every file or directory in a UNIX is assigned three types/classes of owners: 1. User (u) - A user is the owner of the file. By default, the person who creates the file is its owner. 2. Group(g) - Several users purposely lumped together so that they can share access to each other's files. This is usually the group the user(u) is a member of. 3. Others (o) The remainder of the authorized users of the system. Permissions(access rights) Each ownership class can be assigned three types of permissions (or access rights). − The permissions define whether certain actions can be carried out on a file or directory. − The permissions are: read (r) write (w) execute (x) 11 Permissions read (r):A user who has read permission for : a file may look at its contents or make a copy of it. a directory, enables a user to find out what files are in that directory. write (w):A user who has write permission for: a file can alter or remove the contents of that file. a directory, the user can create and delete files in that directory. Permissions execute ( x ): A user who has execute permission for: a file can cause the contents of that file to be executed (provided that it is executable). a directory, allows a user to change to that directory. 12 File and Directory Permissions Example: % ls -l -rw-r--r-- 1 Cmp2395 Comp1125 78 sep 22 10:45 list1 -rw-r--r-- the mode field indicates the types of permissions 1 indicates the number of links to the file- the inode number Cmp2395 the user id of the file owner Comp1125 the group id of the group the owner belongs to 78 the size of the file in bytes sep 22 10:45 the date and time when the file was last modify list1 the name of the files File and Directory Permissions Example: -rw-r--r-- 1 Comp2395 Comp1125 78 sep 22 10:45 list1 The first 10 characters make up the mode field. If the first character is a : "d" then the item listed is a directory; "-" then the item is a file; "l" then it is a link to another file. 13 File and Directory Permissions A closer look at the mode field. - rw- r-- r-- user group others (owner) Characters 2 through 4 refer to the user’s(owner’s) permissions Characters 5 through 7 to the group's permissions (groups are defined by the system administrator). The last three characters belong to all other users who can access the system or others permissions. Any “-” other than the first character indicates that a permission is not set. To change any or all the permissions use the chmod (change mode) command. File and Directory Permissions chmod (Change mode) Command The chmod command allows you to dictate the type of access permission that you want each file to have. It takes as arguments the permission to be change along with the filename Example: chmod u+r list1 (permission) (filename) Permissions may be specified as a symbolic value or and octal value. 14 File and Directory Permissions chmod command - using symbolic values Here the arguments supplied to chmod are symbolic specifications of the changes required, followed by one or more filenames. Syntax: chmod symbolic_specifications filename The specifications consist of : Class of user whose permission is being changed (u,g or o) How permissions are to be changed (-, + or =) Which permission(s) to change add or remove (r,w or x) File and Directory Permissions chmod command - using symbolic values cont. Class of user whose permission is being changed: u for user (owner), g for group, o for others, , a (all) has the same effect as ugo or some combination thereof (ug, go, uo). 15 File and Directory Permissions chmod command con’t How the permissions are to be changed : + adds a permission - removes a permission = sets the specified permissions, removing all others.(i.e set the permissions exactly like this.) File and Directory Permissions chmod command - using symbolic values cont. Which permission(s) to add or remove: r for read, w for write x for execute 16 File and Directory Permissions chmod command - using symbolic values cont. Examples 1. chmod a-rwx practice chmod a= practice does the same thing Remove all permissions for all users: 2. chmod ugo+rw practice Allow read and write permission for all users: 3. chmod go-w practice To remove write permission for your group and other users: File and Directory Permissions chmod command con’t You can prevent yourself from accessing a directory. Recall that when the execute permission for a directory is set, access is permitted. (i.e. changing to that directory is allowed). For example Make a directory called sport in your current directory If we do a ls –l from your current directory you should see something like this: drwxr-xr-x 2 Comp2497 Comp1125 12 Sept 25 8:45 sport 17 File and Directory Permissions chmod command con’t Now enter the commands: chmod u-x sport cd sport What happens? chmod u+x sport Now enter the commands: chmod u-w sport cd sport cat > notes what happens? File and Directory Permissions chmod command - using octal values chmod will also accept a permission setting expressed as a 3-digit octal number. Syntax chmod Octal_specifications filename The octal specifications are derived by calculating the octal equivalent of the symbolic permissions. 18 Octal representation is found by adding the numbers associated with the four basic permissions i.e read = 4; write = 2; execute = 1; no permission = 0. For example File and Directory Permissions chmod command con’t SYMBOLIC BINARY OCTAL --- 000 0 --x 001 1 -w- 010 2 -wx 011 3 r-- 100 4 r-x 101 5 rw- 110 6 rwx 111 7 19 File and Directory Permissions chmod command con’t 0 = no permissions whatsoever; this person cannot read, write, or execute the file 1 = execute only 2 = write only 3 = write and execute (1+2) 4 = read only 5 = read and execute (4+1) 6 = read and write (4+2) 7 = read and write and execute (4+2+1) File and Directory Permissions chmod command con’t Examples: To allow read and write permissions for all users: chmod 666 practice To remove write permission for your group and other users: chmod 644 practice 20 The umask Command When you create a file or a directory, the system gives it a default setting. This default setting is based on the umask value, which is normally set by the system administrator To see you default setting enter the command: umask The umask Command Initially, the umask is 000, giving a directory 777 (rwxrwxrwx) permissions as the default. All execute permissions(x) are removed from the directory permissions to give the file permissions In general, to create permissions for a directory the umask value is subtracted from 777 777 (Directory) -022 (umask value) ------ 755 Result: drwxr-xr-x 21 The umask Command (con’t) To create permissions on files the umask value is subtracted from 777, then all execute permissions are remove, 777 (default directory permission) -022 (umask value) ------ 755(directory)= rwx r-x r-x Removing execute permission gives -rw-r--r-- = 644 (file permission) The umask Command (con’t) Essentially, umask determines which permissions are NOT allowed; bits in the umask that are set(=1) correspond to permission bit that are not set(=0) and vice versa. This is the opposite of chmod. For example The command: umask 026 gives: permissions for the user are 0 = 000 binary read allowed, write allowed, execute allowed 22 The umask Command (con’t) permissions for the group are 2 = 010 binary read allowed, write NOT allowed, execute allowed permissions for others are 6 = 110 binary read NOT allowed, write NOT allowed, execute allowed The umask Command (con’t) If the umask is 026, a new directory will have permissions: rwxr-x--x If the umask is 026, a new file will have permissions: rw- r-- --- (the execute permissions are not turned on automatically for files) 23 Example 1 Set you umask value to 014 by entering the command: umask 014 Question: What are the permissions when a file is created? Ans: -rw-rw--w- What are the permissions when a directory is created. Ans: drwxrw--wx Example 2 A file, when created has permissions rw--w-r-- What are the possible umask values ? rw- -w- r-- 000 100 010 = 042 001 101 011 = 153 000 101 011 = 053 Which of the above umask values, would allow a newly created directory to be accessible by the user, group, or others? Ans: All 24 Example 3 A directory, when created has permissions drw--wxr-x What is the umask value? When a file is created, what permissions would group and others have? Example 4 What are the possible umask values? drw- -wx r-x 001 100 010 = 142 When a file is created, what permissions would group and others have? group: write permission others: read permissions 25 Example 5 If the umask is set to 034 would “others” have write permission to a file when created? Can the “group” view the contents of the file? Ans: -rw-r---w- Others would have write permission Example 6 Which of the following is correct? 1. rwx-wxrwx is equivalent to octal value 637 2. rwxrw-r-x is equivalent to octal value 765 3. rwxr-x-wx is equivalent to octal value 755 4. rw-rwx-wx is equivalent to octal value 675 26 Example 6 If the umask value is set to 041, what permissions would be given when a file and a directory are created? 1. File: 626; directory: 736 2. File: 636; directory: 736 3. File: 736; directory: 626 4. Directory: 625; file: 736 File and Directory Permissions We can also change the ownership of a file or directory using the chown command Command: chown “userid” filename Example: chown Comp112560 list2 Command: chown “userid:groupid” filename Example: chown Comp112560:staff testfile 27 File and Directory Permissions We can also change the group for which a file or directory is associated with Command: chgrp “groupid” filename Enter the command groups to see which you are associated with. Command: chgrp Comp1125 practice File and Directory Permissions chgrp -R dit123. change the ownership of this directory to group ‘dit123' and everything inside of it (-R = recursive). The person issuing this command must own all the files and must be a member of the group to which they are trying to change to or the command it will fail. 28 File and Directory Permissions SUID (Set owner User ID up on execution) (bit/attribute) on a file There are some programs that can only be executed by the owner SUID (Set owner User ID up on execution) is a special type of file permissions given to a file. When set SUID gives temporary permissions to a user to run a program with the permissions of the file owner rather than the user who is running it. File and Directory Permissions SUID cont. Example 1 Suppose user Kofi runs the command “view memo.txt”, and the permissions on the view command and the file memo.txt are as follows: -rwx--x--x 1 root bin 4515 Aug 28 13:08 view -rw------- 1 root bin 218 Aug 28 13:08 memo.txt Kofi has permission to run view, but not permission to read memo.txt. So when this view program attempts to read() the file a permission denied error will occur. 29 File and Directory Permissions cont. Suppose we set the SUID bit for the view program i.e: -rws--x--x 1 root bin 4515 Aug 14 13:08 view Now, when Kofi runs this program, the access to memo.txt is permitted. When view attempts to read() the file, the system doesn't think Kofi is attempting to read, it thinks root is the user. So access is allowed. File and Directory Permissions cont. Example2: passwd command The passwd command allows us to change our password. passwd command will try to edit some system config files (e.g. /etc/shadow) that can only be opened or viewed by the root user. The passwd command is owned by root. Type % ls –l /usr/bin/passwd -r-sr-sr-x 1 root sys 45348 Jun 24 2014 /usr/bin/passwd So the passwd command has the SUID bit set. This gives normal users, root user permissions so the necessary files can be updated. 30 File and Directory Permissions cont. To see another commands with the SUID bit(s) set, type: % ls -l /usr/bin | grep r-s or % ls –l /usr/bin | grep rws File and Directory Permissions cont. How to set SUID for a file? a) Symbolic way : % chmod u+s myfile.txt The s stands for SUID bit b) Octal way % chmod 4750 myfile.txt The 4 indicates that the SUID bit is set, for the user. 31 Questions… Questions? End of Lecture 32