Lecture 3 Directories and Permission.pdf

Full Transcript

TOPICS
 Unix Directories
 Files & Directories Permissions
 Commands: chown, chgrp & umask
 SUID

Review of last Lecture

1
Question
Tell me what the following commands do

file errfl
echo “TUESDAY” > fltest
fold –w 1 fltest
echo “wednesday” > fltest
fold –w 2 fltest

Directories

2
 Directories
UNIX directories are similar to files, they both have
names and contain information.
 Directories can contain both files and other
directories.
 Many of the same rules and commands which
apply to files also apply to directories.
 Directories are organized in a hierarchy.

At the top of the hierarchy is the “root”
directory, symbolized by “/”.

Directories (con’t)

3
 Directories (con’t)
The actual locations and names of file and directories
may differ under different implementations of Unix.
However, the following system files and directories are
usually present in most Unix file systems:

 bin: contains binary files, these are
executable command and application files
 lib: contains system library files

 dev: contains device files, which are the
software components of terminals, printers,
disks, etc.
 tmp: temporary storage
 etc: directory is used for miscellaneous
administrative files and commands.
 pub: is for public files

4
 Directories (con’t)

 usr has traditionally been reserved for user
directories, but on large systems it usually
contains other bin, tmp, and lib directories.

Creating Directories
 To make a directory use the mkdir command
Syntax:
mkdir directoryname

The directory name must not exist before you
use the command.

5
 Accessing Directories/Files
 Every directory and file on the system has a
pathname by which it is accessed, starting from
the root directory.
 The names of directories and the files beneath
them, combined with slash separators, constitute
a pathname. For example, the pathname for the
steve directory is /user/admin/steve.
 There are two types of pathnames: absolute and
relative.

 An absolute pathname, also referred to as a
full pathname, is the location of a filesystem
object (i.e., file, directory or link) relative to
the root directory.
 A relative pathname tells the location of a
filesystem object relative to the current
directory

6
 Displaying Directories
 When you log on, UNIX places you in your
home directory.
 The pwd command will display the full
pathname of the current directory
 To view the contents within a directory use
the ls command followed by the full
pathname.
Eg. ls /usr/bin
ls /export/home/Comp2319

Changing Directories
 To change to a directory use the cd command
Eg: cd ~/funxdir or
cd $HOME/funxdir
 To get back to a parent directory, you can use
the special “..” directory abbreviation.
Enter: cd (puts you in your home directory)
or cd..
pwd will show the pathname of your current
directory e.g. /export/home/Comp2319

7
 Moving Files Between Directories

 Use the mv command to move files between
directories.
Syntax:
mv source-file destination-directory
Example: mv list2 ~/funxdir
(This moves the file and keeps its name.)
 We can also move a file to another directory and
rename it
Example: mv list2 ~/funxdir/list2bkup

Copying Files to Other Directories
 Use the cp command to copy files to other directories
Eg: cp list1 ~/funxdir
 To copy a file to another directory and change its
name enter:
cp list1 ~/funxdir/list2bkup
 To copy a directory and all its content to a new
directory.
Syntax: cp -r SourceDirectory NewDirectory

8
 Renaming Directories
 You can rename an existing directory with the
mv command.
Syntax:
mv oldDirectory newDirectory
− The new directory name must not exist before
you use the command.
− The new directory need not be in the current
directory. You can move a directory anywhere
within a file system.

Removing Directories
 To remove a directory use the rmdir command.
 Normally, you cannot remove a directory unless
you first remove all its contents – that is, all the
files and sub-directories that it contains.
Syntax: rmdir directoryname
 However there is a command which will allow
you to remove a directory and all it contents:
rm –ri directoryname

9
File and Directory Permissions

When accessing a file or directory within
Unix the following two properties must be
consider :
1. Ownership

2. Permissions

10
Ownership
Every file or directory in a UNIX is assigned three
types/classes of owners:
1. User (u) - A user is the owner of the file. By
default, the person who creates the file is its
owner.
2. Group(g) - Several users purposely lumped
together so that they can share access to each
other's files. This is usually the group the user(u)
is a member of.
3. Others (o) The remainder of the authorized users
of the system.

Permissions(access rights)
Each ownership class can be assigned three types of
permissions (or access rights).
− The permissions define whether certain actions
can be carried out on a file or directory.
− The permissions are:

read (r)
write (w)
execute (x)

11
Permissions
 read (r):A user who has read permission for :
a file may look at its contents or make a copy of it.
a directory, enables a user to find out what files are
in that directory.

 write (w):A user who has write permission for:
a file can alter or remove the contents of that file.
a directory, the user can create and delete files in
that directory.

Permissions
 execute ( x ): A user who has execute permission
for:
a file can cause the contents of that file to be executed
(provided that it is executable).
a directory, allows a user to change to that directory.

12
 File and Directory Permissions
Example: % ls -l
-rw-r--r-- 1 Cmp2395 Comp1125 78 sep 22 10:45 list1

-rw-r--r-- the mode field indicates the types of permissions
1 indicates the number of links to the file- the inode number
Cmp2395 the user id of the file owner
Comp1125 the group id of the group the owner belongs to
78 the size of the file in bytes
sep 22 10:45 the date and time when the file was last modify
list1 the name of the files

File and Directory Permissions
Example:
-rw-r--r-- 1 Comp2395 Comp1125 78 sep 22 10:45 list1

The first 10 characters make up the mode field.
 If the first character is a :

"d" then the item listed is a directory;
"-" then the item is a file;
"l" then it is a link to another file.

13
 File and Directory Permissions
A closer look at the mode field.
- rw- r-- r--
user group others
(owner)
 Characters 2 through 4 refer to the user’s(owner’s) permissions
 Characters 5 through 7 to the group's permissions (groups are
defined by the system administrator).
 The last three characters belong to all other users who can
access the system or others permissions.
 Any “-” other than the first character indicates that a
permission is not set.
To change any or all the permissions use the chmod (change mode)
command.

File and Directory Permissions
chmod (Change mode) Command

The chmod command allows you to dictate the type of
access permission that you want each file to have.

It takes as arguments the permission to be change along
with the filename
Example: chmod u+r list1
(permission) (filename)

Permissions may be specified as a symbolic value or
and octal value.

14
 File and Directory Permissions
chmod command - using symbolic values

Here the arguments supplied to chmod are symbolic
specifications of the changes required, followed by one
or more filenames.
Syntax:
chmod symbolic_specifications filename
The specifications consist of :
Class of user whose permission is being changed (u,g or o)
How permissions are to be changed (-, + or =)
Which permission(s) to change add or remove (r,w or x)

File and Directory Permissions
chmod command - using symbolic values cont.

 Class of user whose permission is being
changed:
u for user (owner),
g for group,
o for others, ,
a (all) has the same effect as ugo
or some combination thereof (ug, go, uo).

15
 File and Directory Permissions
chmod command con’t

 How the permissions are to be changed :

+ adds a permission
- removes a permission
= sets the specified permissions, removing
all others.(i.e set the permissions exactly
like this.)

File and Directory Permissions
chmod command - using symbolic values cont.

 Which permission(s) to add or remove:
r for read,
w for write
x for execute

16
 File and Directory Permissions
chmod command - using symbolic values cont.

Examples
1. chmod a-rwx practice
chmod a= practice does the same thing
Remove all permissions for all users:
2. chmod ugo+rw practice
Allow read and write permission for all users:
3. chmod go-w practice
To remove write permission for your group and other
users:

File and Directory Permissions
chmod command con’t
You can prevent yourself from accessing a directory.
Recall that when the execute permission for a directory
is set, access is permitted. (i.e. changing to that
directory is allowed).
For example
 Make a directory called sport in your current directory

 If we do a ls –l from your current directory you should
see something like this:
drwxr-xr-x 2 Comp2497 Comp1125 12 Sept 25 8:45 sport

17
File and Directory Permissions
chmod command con’t
Now enter the commands:
chmod u-x sport
cd sport What happens?
chmod u+x sport

Now enter the commands:
chmod u-w sport
cd sport
cat > notes what happens?

File and Directory Permissions
chmod command - using octal values

chmod will also accept a permission setting expressed
as a 3-digit octal number.
Syntax
chmod Octal_specifications filename

The octal specifications are derived by calculating the
octal equivalent of the symbolic permissions.

18
Octal representation is found by adding the numbers
associated with the four basic permissions i.e read = 4;
write = 2; execute = 1; no permission = 0.

For example

File and Directory Permissions
chmod command con’t
SYMBOLIC BINARY OCTAL
--- 000 0
--x 001 1
-w- 010 2
-wx 011 3
r-- 100 4
r-x 101 5
rw- 110 6
rwx 111 7

19
File and Directory Permissions
chmod command con’t
 0 = no permissions whatsoever; this person cannot
read, write, or execute the file
 1 = execute only
 2 = write only
 3 = write and execute (1+2)
 4 = read only
 5 = read and execute (4+1)
 6 = read and write (4+2)
 7 = read and write and execute (4+2+1)

File and Directory Permissions
chmod command con’t
Examples:
 To allow read and write permissions for all
users:
chmod 666 practice
 To remove write permission for your group
and other users:
chmod 644 practice

20
 The umask Command
When you create a file or a directory, the system
gives it a default setting.
 This default setting is based on the umask
value, which is normally set by the system
administrator
 To see you default setting enter the command:

umask

The umask Command
 Initially, the umask is 000, giving a directory 777
(rwxrwxrwx) permissions as the default.
 All execute permissions(x) are removed from the
directory permissions to give the file permissions
 In general, to create permissions for a directory the
umask value is subtracted from 777
777 (Directory)
-022 (umask value)
------
755 Result: drwxr-xr-x

21
The umask Command (con’t)
 To create permissions on files the umask value
is subtracted from 777, then all execute
permissions are remove,
 777 (default directory permission)
-022 (umask value)
------
755(directory)= rwx r-x r-x
Removing execute permission gives
-rw-r--r-- = 644 (file permission)

The umask Command (con’t)
Essentially, umask determines which permissions are
NOT allowed; bits in the umask that are set(=1)
correspond to permission bit that are not set(=0) and
vice versa. This is the opposite of chmod.

For example
The command: umask 026 gives:
 permissions for the user are 0 = 000 binary

read allowed, write allowed, execute allowed

22
 The umask Command (con’t)

permissions for the group are 2 = 010 binary
 read allowed, write NOT allowed, execute
allowed

 permissions for others are 6 = 110 binary
read NOT allowed, write NOT allowed,
execute allowed

The umask Command (con’t)

 If the umask is 026, a new directory will have
permissions: rwxr-x--x

 If the umask is 026, a new file will have
permissions: rw- r-- ---
(the execute permissions are not turned on
automatically for files)

23
Example 1
 Set you umask value to 014 by entering the
command: umask 014

 Question: What are the permissions when a
file is created? Ans: -rw-rw--w-

 What are the permissions when a directory is
created. Ans: drwxrw--wx

Example 2
A file, when created has permissions rw--w-r--
What are the possible umask values ?
rw- -w- r--
000 100 010 = 042
001 101 011 = 153
000 101 011 = 053
 Which of the above umask values, would allow
a newly created directory to be accessible by
the user, group, or others? Ans: All

24
Example 3
A directory, when created has permissions
drw--wxr-x
 What is the umask value?

 When a file is created, what permissions
would group and others have?

Example 4
What are the possible umask values?
 drw- -wx r-x
001 100 010 = 142

 When a file is created, what permissions
would group and others have?
 group: write permission
 others: read permissions

25
Example 5

 If the umask is set to 034 would “others”
have write permission to a file when created?
Can the “group” view the contents of the file?

 Ans: -rw-r---w-
 Others would have write permission

Example 6
 Which of the following is correct?
1. rwx-wxrwx is equivalent to octal value 637
2. rwxrw-r-x is equivalent to octal value 765
3. rwxr-x-wx is equivalent to octal value 755
4. rw-rwx-wx is equivalent to octal value 675

26
 Example 6
 If the umask value is set to 041, what
permissions would be given when a file and a
directory are created?
1. File: 626; directory: 736
2. File: 636; directory: 736
3. File: 736; directory: 626
4. Directory: 625; file: 736

File and Directory Permissions
We can also change the ownership of a file or
directory using the chown command
 Command: chown “userid” filename
Example: chown Comp112560 list2

 Command: chown “userid:groupid” filename
Example: chown Comp112560:staff testfile

27
 File and Directory Permissions
 We can also change the group for which a file or
directory is associated with
 Command: chgrp “groupid” filename

Enter the command groups to see which you
are associated with.

Command: chgrp Comp1125 practice

File and Directory Permissions
 chgrp -R dit123.
change the ownership of this directory to group
‘dit123' and everything inside of it (-R = recursive).

The person issuing this command must own all the files
and must be a member of the group to which they are
trying to change to or the command it will fail.

28
File and Directory Permissions
SUID (Set owner User ID up on execution)
(bit/attribute) on a file
There are some programs that can only be executed by
the owner

SUID (Set owner User ID up on execution) is a special
type of file permissions given to a file. When set SUID
gives temporary permissions to a user to run a program
with the permissions of the file owner rather than the
user who is running it.

File and Directory Permissions SUID cont.
Example 1
Suppose user Kofi runs the command “view memo.txt”,
and the permissions on the view command and the file
memo.txt are as follows:
 -rwx--x--x 1 root bin 4515 Aug 28 13:08 view

 -rw------- 1 root bin 218 Aug 28 13:08 memo.txt

 Kofi has permission to run view, but not permission
to read memo.txt. So when this view program
attempts to read() the file a permission denied error
will occur.

29
 File and Directory Permissions cont.
Suppose we set the SUID bit for the view
program i.e:
-rws--x--x 1 root bin 4515 Aug 14 13:08 view
 Now, when Kofi runs this program, the access
to memo.txt is permitted.
 When view attempts to read() the file, the
system doesn't think Kofi is attempting to
read, it thinks root is the user. So access is
allowed.

File and Directory Permissions cont.
Example2: passwd command
 The passwd command allows us to change our
password. passwd command will try to edit some
system config files (e.g. /etc/shadow) that can only be
opened or viewed by the root user.
 The passwd command is owned by root. Type

% ls –l /usr/bin/passwd
-r-sr-sr-x 1 root sys 45348 Jun 24 2014 /usr/bin/passwd
 So the passwd command has the SUID bit set. This
gives normal users, root user permissions so the
necessary files can be updated.

30
File and Directory Permissions cont.
 To see another commands with the SUID
bit(s) set, type:
% ls -l /usr/bin | grep r-s
or
% ls –l /usr/bin | grep rws

File and Directory Permissions cont.
 How to set SUID for a file?
a) Symbolic way :
% chmod u+s myfile.txt
The s stands for SUID bit
b) Octal way
% chmod 4750 myfile.txt
The 4 indicates that the SUID bit is set, for
the user.

31
Questions…

Questions?

End of Lecture

32