Saturday, April 23, 2011

The File System and Security


  • As with most modern operating systems, Unix maintains files in a directory structure call the Unix file system.
  • The main directory is called the root directory and is indicated by a single forward slash character: /
  • A series of sub-directories can then appear below the root directory.
  • Some of the main sub-directories found in more versions of Unix are seen below:
    etc - Administrative programs and configuration files
    dev - Devices drivers (pointers) such as disk drives, keyboard, mouse, etc.
    mnt - Mounting point for additional devices such as cdrom or remote systems
    var - Temporary administrative space for logging and other system information
    home - Home directories for users (in this example, holowcza, norman and smith are users)
    usr - Standard programs and code libraries
    /usr/sbin - Administrative programs
    /usr/bin - Standard executable programs
    /usr/lib - Code libraries
    /usr/local/bin - Additional programs
  • Files can be executable programs and scripts, text files (letters, lists, etc.), binary files such as images and links to other files and directories.
  • Directories are nested into a tree structure starting with the "root" directory /
  • Each directory name is separated by the / (foreslash) character:
    /home/holowcza/public_html
  • Each user on the system has an assigned username
  • THis username is associated with a home directory where all of the user's files are stored.
  • To see the name of your home directory, use the pwd command right after you log in.
  • To see what files you have in your directory, use the ls command.
  • To create a file, use a text editor such as pico or emacs
  • To create a subdirectory, use the mkdir command.
  • To change to another directory, use the cd command.
  • Special Note About File Names: Unix in general does not work well with file names that have spaces in them.
    It is strongly recommended that you do not create files with spaces in their names.

Security

  • Recall that each user has a username (with uid) and group (with gid).
  • This information is associated with every file and directory on the system.

File Permissions

  • Each file in UNIX has 3 sets of permissions (called the file mode):
    1. Owner: Read, write and execute permissions for the owner of the file.
    2. Group: Read, write and execute permissions for other members of the same group.
    3. Other (or World): Read, write and execute permissions for everyone else in the world.
  • The 3 permissions are:
    1. Read: The owner, group or world can read this file - Denoted as r
    2. Write: The owner, group or world can write to this file (modify it) - Denoted as w
    3. Execute: The owner, group or world can execute this file as a program - Denoted as x
  • A set of permissions looks like the following (try using the UNIX command ls -l to see the permissions):
    -rw-r--r--     my_report.txt
              -rw-rw----     group_project.txt
              -r-x------     example_program
    
  • The file my_report.txt can be read and written by the owner and read by anyone else in the group or in the world.
  • The file group_report.txt can be read and written by the owner and by the group. Anyone outside of the group can not do anything with this file.
  • The file example_program can be read and executed by the owner only. Compiled programs (e.g. from "C" source) and shell scripts are marked with the x permission.

Directory Permissions

  • Work the same way as file permissions: 3 sets with 3 types of permission. The meaning is slightly different:
    1. Read permissions on a directory affect all files within the directory.
    2. Write permissions on a directory mean files can be created in the directory.
    3. Execute permission on a directory means that the contents of the directory can be searched using the ls command.
    -rw-r--r--     my_report.txt
              -rw-rw----     group_project.txt
              -r-x------     example_program
              drwxr-x---     my_subdir
    
  • For the subdirectory my_subdir :
    1. The owner can read any file in my_subdir provided the individual file permission is set.
    2. The owner can write (create) files into the directory.
    3. The owner can list the files in the directory (the execute permission).
    4. Others in the group can read files and can list the files in my_subdir but can't create any new files.
  • Most user's home directories are created with: drwxr-xr-x permissions on it. What does this mean ?
    d means it is a directory
    rwx means the owner can read, write and search the directory
    r-x means others in the group can read files and search the directory
    r-x means others in the world can read files and search the directory

No comments:

Post a Comment