1.) Practice with basic filesystem commands [Top]
Be careful in this exercise. Running as root (the Unix administrative account) means that you can easily damage your system, so we ask that you log out of your root account and log in as your own user account instead.
To logout, type
If you are unsure of how to proceed ask your instructor or assistants for help before continuing.
The first command that we are going to use is man, this is short for "man"ual. Read about each command to see the range of options that exist.
Many of the basic commands we'll be practicing are built in as part of your shell environment (that is you won't find a binary/program file for cd). To read about commands like cp, cd, ls, mv, rm in more detail you can just type:
And, for a command like ls you can type:
$ man builtin
And, even for a built-in command you can just type "man commandName", or something like:
$ man ls
and this will open the "builtin" man page for you.
$ man cd
If you have problems exiting from "man" press the "q" key. Also, you can use the keyboard arrows to move around in the descriptions.
As we move around directories an extremely useful command is pwd, which return the working directory name you are in. So, if you get lost just type:
We'll do this from time to time as we use directory commands.
Simplified Map of Unix Directory Tree
/ ("root directory") /etc (contains configuration files) /etc/rc.d (contains system startup scripts) /root (user root's home directory) /tmp (place to store TeMPorary files) /usr (contains the majority of user utilities, applications, home directories) /usr/home (home directories for users on the system*) /usr/local/etc (contains third-party configuration files and startup scripts*) /var (multi-purpose log, temporary, transient, and spool files location) *Different from Linux
For details on the (almost) complete directory tree under Unix/Lunx type "
cd Change Directory ls LiSt files mkdir MaKe DIRectory mv MoVe files pwd Print Working Directory rm ReMove files rmdir ReMove DIRectory touch Update date on file/Create new empty file if none exists
Note: There are some special files on UNIX, which are
'.'- "this" directory (the one you are "in" as reported by the
'..'- the parent directory, i.e.: the one above
Now we are ready to practice a bit with the commands:
What's going on here? If you don't understand, ask.
$ cd /
$ ls -la
$ cd /tmp
$ cd ..
$ cd tmp
What's happening now? If prompted to overwrite, respond "y". Note that "inst" is the name of the user account you created in the first exercise.
$ cd (take you back to your home directory)
$ touch text.txt
$ cp text.txt new.txt
$ mv text.txt new.txt
Now watch what happens if you try to copy a file on itself.
The tab key makes life much easier. Now type:
$ cp new.txt /home/inst/.
$ cd ../../home/inst
$ cd (to return to our home directory)
$ cp new.txt new.txt.bak
Finally, we are going to remove the directory that contains the two archives.
$ mkdir tmp
$ mv new.* tmp/.
You can force this using a command like this:
$ cd tmp
$ rm *
$ cd ..
$ rmdir tmp
The use of "rm -rf" is very dangerous!, and, naturally, very useful. For example, if you are "root" and you type "rm -rf /*" this would be the end of your server. This commands says "remove, forcibly and recursively, everything" - Or, if you start in the root directory (/), remove all files and directories without asking on the entire server. If you want to use "rm -rf *" always take a deep breath and check where you are first (really, do this!):
$ rm -rf tmp
First this says in what directory you are. If you are mistaken, then you have the opportunity to not remove files that you might really need.
2.) File and directory permissions* [Top]
*Reference: Shah, Steve, "Linux Administration: A Beginner's Guide", 2nd. ed., Osborne press, New York, NY.
If you look at files in a directory using "ls -al" you will see the permissions for each file and directories. Here is an example:
drwxrwxr-x 3 hervey hervey 4096 Feb 25 09:49 directory -rwxr--r-- 12 hervey hervey 4096 Feb 16 05:02 file
The left column is important. You can view it like this:
Type User Group World Links owner group size date hour name d rwx rwx r-x 3 hervey hervey 4096 Feb 25 09:49 directory - rwx r r 12 hervey hervey 4096 Feb 16 05:02 file
So, the directory has r (read), w (write), x (execute) access for the user and group. For world it has r (read) and x (execute) access. The file has read/write/execute access for the world and read only access for everyone else (group and world).
To change permissions you use the "chmod" command. chmod uses a base eight (octal) system to configure permsissions. Or, you can use an alternate form to specify permissions by column (user/group/world) at a time.
Permissions have values like this:
Letter Permission Value R read 4 W write 2 X execute 1
Thus you can give permissions to a file using the sum of the values for each permssion you wish to give for each column. Here is an example:
Letter Permission Value --- none 0 r-- read only 4 rw- read and write 6 rwx read, write, and execute 7 r-x read and execute 5 --x Execute 1
This is just one column. Thus, to give all the combinations you have a table like this:
Permissions Numeric Description equivalent -rw------- 600 Owner has read & execute permission. -rw-r--r-- 644 Owner has read & execute. Group and world has read permission. -rw-rw-rw- 666 Everyone (owner, group, world) has read & write permission (dangerous?) -rwx------ 700 Onwer has read, write, & execute permission. -rwxr-xr-x 755 Owner has read, write, & execute permission. Rest of the world has read & execute permission (typical for web pages or 644). -rwxrwxrwx 777 Everyone has full access (read, write, execute). -rwx--x--x 711 Owner has read, write, execute permission. Group and world have execute permission. drwx------ 700 Owner only has access to this directory. Directories require execute permission to access. drwxr-xr-x 755 Owner has full access to directory. Everyone else can see the directory. drwx--x--x 711 Everyone can list files in the directory, but group and world need to know a filename to do this.
Now lets practice changing permissions to see how this really works. As a normal user (i.e. don't login as root) do the following:
In spite of the fact that the file does not have write permission for the owner, the owner can still change the file's permissions so that they can make it possible to write to it:
$ cd (what does the "cd" command do when you do this?)
$ echo "test file" > read.txt
$ chmod 444 read.txt
Or, you can do this by using this form of chmod:
$ chmod 744 read.txt
The forms of chmod, to add permissions, if you don't use octal numbers are:
$ chmod u+w read.txt
$ chmod u+r, chmod u+w, chmod u+x
$ chmod g+r, chmod g+w, chmod g+x
$ chmod a+r, chmod a+w, chmod a+x
Note that "a+r" is for world access. The "a" is for "all", "u" is for "user", and "g" is for "group".
Now, change the file so that the owner cannot read it, but they can write to the file...
Or, you can do something like:
$ chmod u-r read.txt
You probably noticed that you can use the "-" (minus) sign to remove permissions from a file.
$ chmod 344 read.txt
A UNIX Permissions "Gotcha"
If a directory has the World or Group write flag set, and contains a file that is only writeable by the owner, then a member of either the Group or World (everyone) can still make changes to the file. Here's an example of how (become root to do this):
You will receive the following prompt:
# mkdir /tmp/test
# echo "example text" > /tmp/test/example.txt
# chmod 644 /tmp/test/example.txt
# chmod a+w /tmp/test
# su - userid
$ cp /tmp/test/example.txt .
$ echo "add more text to file" >> example.txt
$ mv example.txt /tmp/test/example.txt
If you press "y" and ENTER, then your version of the file will now overwrite the read only version of the file owned by root in the /tmp/test directory. This is because write permission has been enabled for World on the /tmp/test directory. Thus, you have permission to mv (i.e. rename) a file of the same name to this directory. This result may seem surprising. If you do:override rw-r--r-- root/wheel for /tmp/test/example.txt? (y/n [n])
You will see that your userid now owns the file. The root user no longer owns the file. So, using this trick is pretty obvious, unless, of course, you set things back to the way they were using the
$ ls -al /tmp/test