unixFiles

Slide1 : UNIX Files and Security Software Tools


File Systems : File Systems What is a file system? A means of organizing information on the computer. A file system is a logical view, not necessarily a physical view. What does the file system provide: ways to create, move, and remove files ways to order files security Examples of file systems: DOS, Macintosh, CD-ROM, UNIX, NFS (networked file system)


UNIX File Systems : Hierarchical Organization Root of tree is at top denoted by ‘/’ Kinds of files: Directory files (the branches in the tree) Regular files (leaves in the tree) UNIX File Systems


Home and Working Directories : Home and Working Directories Home directory The directory you are in when you first login in This is your space; you control security Place to put your personalized .startup files Your working directory after typing cd with no arguments Working directory Can access files in your working directory by simply typing the filename To access files in other directories, must use a pathname pwd command prints the working directory cd command changes the working directory


Directory Shorthands : Directory Shorthands “.” is the directory itself “..” is the parent directory In most shells “~” means your home directory) ~user means user’s home directory, so: $ more ~jbond/.plan looks at the file .plan in /homes/jbond, which is jbond’s home directory.


Special Directories : Special Directories “/” (pronounced “slash” and also called “the “root”) is the ancestor of all files in the file system /bin and /usr/bin contain UNIX utilities (e.g., cat) /dev contains files which describe “devices” such as terminals and printers /etc has administrative programs like password files /tmp is for temporary files; periodically deleted Every directory has at least two entries: “.” is the directory itself, and “..” is the directory’s parent


Naming Files : Naming Files Files in the same directory can’t have the same name Case sensitive: secret and Secret are different Files are sometimes named with an extension (e.g., bond.cpp, 007.jpg) to show the file’s content. You cannot create a file named “.” or “..” “Invisible” files and directories (those that don’t appear using ls) have a period as the first character (e.g., .plan). Some programs use invisible files to store information.


Pathnames : Pathnames Simple filenames Can only be used if files are in working directory Relative pathname A string of directory references, beginning with the working directory. Examples: ./secret1 ../007/names top10/LG7soBad Absolute pathname A pathname beginning at the root. e.g.,: /homes/jbond/.plan /etc/passwd


Directory Commands : Directory Commands mkdir makes a new directory (if you have permission to do so). With a simple pathname, mkdir makes a new directory in your working directory. $ pwd /homes/jbond/111 $ ls -l total 6 -rw-r--r-- 1 jbond cs 154 Feb 4 15:00 letter3 -rw-r--r-- 1 jbond cs 64 Feb 4 15:00 names drwxr-xr-x 2 jbond cs 512 Feb 4 15:00 secret/ $ mkdir newdir $ ls -l total 8 -rw-r--r-- 1 jbond cs 154 Feb 4 15:00 letter3 -rw-r--r-- 1 jbond cs 64 Feb 4 15:00 names drwxr-xr-x 2 jbond cs 512 Feb 4 15:26 newdir/ drwxr-xr-x 2 jbond cs 512 Feb 4 15:00 secret/


Directory Commands : Directory Commands rmdir deletes a directory (if you have permission). $ rmdir newdir $ ls -l total 6 -rw-r--r-- 1 jbond cs 154 Feb 4 15:00 letter3 -rw-r--r-- 1 jbond cs 64 Feb 4 15:00 names drwxr-xr-x 2 jbond cs 512 Feb 4 15:00 secret/ $ rmdir /usr rmdir: directory "/usr": Search or write permission needed


Directory Commands : Directory Commands mv can be used to move a file to another directory. $ ls letter3 names newdir/ secret/ $ mv letter3 secret $ ls names newdir/ secret/ $ ls secret letter3 mv can be used to move a directory into a directory. $ ls names newdir/ secret/ $ mv newdir secret $ ls names secret/ $ ls secret letter3 newdir/


Directory Commands : Directory Commands You can also move several files at once using mv $ ls letter1 letter2 names secret/ $ mv letter* secret $ ls names secret/ $ ls secret letter1 letter2


Security and Access Permissions : Security and Access Permissions There are three types of users: The owner of the file (user) The group of the file (group) Anyone else (other) There are three types of permission (independent of each other): Read permission Write permission Execute permission


Security and Access Permissions : Use ls -l to see file permissions -rw-r--r-- 1 jbond cs 154 Feb 4 15:00 letter3 There are four sets of items in the permissions: -rw-r--r-- The type is: “-” regular files, “d” directories , “l” symbolic links. The next nine characters indicate if the file is readable, writable, or executable for the file owner, the file group, or other users, respectively. Security and Access Permissions Permissions User Group Byte size Last modification Name #links user group other type


Security and Access Permissions : Security and Access Permissions Examples: $ ls -l total 34 -r-xr-xr-x 1 jbond cs 9388 Feb 4 16:31 cat* -rw-r--r-- 1 jbond cs 154 Feb 4 15:00 letter1 -rw------- 1 jbond cs 64 Feb 4 15:00 names drwxr-xr-x 2 jbond cs 512 Feb 4 15:41 newdir/ drwxr-xr-x 2 jbond cs 512 Feb 4 16:38 secret/ d--------- 2 jbond cs 512 Feb 4 16:39 secret1/ dr--r--r-- 2 jbond cs 512 Feb 4 16:39 secret2/ d--x--x--x 2 jbond cs 512 Feb 4 16:38 secret3/


Directory Permissions : Directory Permissions Can use ls -ld to lists a directory’s information (instead of its contents): $ ls -l secret total 4 -rw-r--r-- 1 jbond cs 154 Feb 4 16:38 letter1 -rw-r--r-- 1 jbond cs 34 Feb 4 15:00 letter4 $ ls -ld secret drwxr-xr-x 2 jbond cs 512 Feb 4 16:38 secret/


Directory Permissions : Directory Permissions Directory read permission means that you can see what files are in the directory. Directory write permission means that you can add/remove/rename files in the directory. Directory execute permission means that you can search the directory (i.e., you can use the directory name when accessing files inside it).


Directory Permissions : Directory Permissions $ ls -ld secret* drwxr-xr-x 2 jbond cs 512 Feb 4 16:38 secret/ d--------- 2 jbond cs 512 Feb 4 16:39 secret1/ dr--r--r-- 2 jbond cs 512 Feb 4 16:39 secret2/ d--x--x--x 2 jbond cs 512 Feb 4 16:38 secret3/ $ ls -l secret* secret: total 2 -rw-r--r-- 1 jbond cs 1054 Feb 4 16:38 letter1 secret1 unreadable ls: secret2/letter1: Permission denied secret2: total 0 secret3 unreadable


Directory Permissions : Directory Permissions Directory execute permission means that you can do ls and cp on individual files in the directory. $ ls -l secret*/letter1 -rw-r--r-- 1 jbond cs 154 Feb 4 16:38 secret/letter1 -rw-r--r-- 1 jbond cs 154 Feb 4 16:39 secret3/letter1 Real-life Example: What if you want your friend to get a file and no one else? Solution: Set the directory execute permission to “on” and read permission to “off” (like directory secret3), and the file read permission to “on”. Tell your friend the filename (the complete path). This allows your friend to access the file by typing the exact filename. Others will not know that the file exists. drwxr-xr-x secret/ d--------- secret1/ dr--r--r-- secret2/ d--x--x--x secret3/


Changing Permissions : Changing Permissions The chmod command is used to modify permissions. chmod can only be used by the owner of a file/dir. The arguments are: chmod [ugoa] [+-=] [rwx] [file/dir] In other words: Optionally, one of the characters: u (user/owner), g (group), o (other), or a (all). Optionally, one of the characters: + (add permission), - (remove permission), or = (set permission). Any combination of the characters r (read), w (write), or x (execute).


Permission Example : Permission Example To let everybody read or write the file letter1 $ chmod a+rw letter1 $ ls -l letter1 -rw-rw-rw- 1 jbond cs 154 Feb 4 15:00 letter1 To allow user to execute file letter1 $ chmod u+x letter1 $ ls -l letter1 -rwxrw-rw- 1 jbond cs 154 Feb 4 15:00 letter1* To not let “other” to read or write file letter1 $ chmod o-rw letter1 $ ls -l letter1 -rwxrw---- 1 jbond cs 154 Feb 4 15:00 letter1* To let “group” only read the file letter1 $ chmod g=r letter1 $ ls -l letter1 -rwxr----- 1 jbond cs 154 Feb 4 15:00 letter1*


Permission Shortcut : Permission Shortcut chmod allows you to use 3 decimal digits to set the permissions, where user is the 1st digit, group is the 2nd digit, and other is the 3rd digit. Each of these decimal digits represents a 3-digit binary number for read permission (1st binary digit), write permission (2nd binary digit), and execute permission (3rd binary digit). For example, with the file letter1, to allow user to read, write, and execute (binary 111 = decimal 7), group to read and write (110=6), other to read only (100=4): $ chmod 764 letter1 $ ls -l letter1 -rwxrw-r-- 1 jbond cs 154 Feb 4 15:00 letter1 As another example, with the file letter1, to allow user to execute only (001=1), group to write and execute (011=3), other to read and execute (101=5): $ chmod 135 letter1 $ ls -l letter1 ---x-wxr-x 1 jbond cs 154 Feb 4 15:00 letter1