Module Linux essentials - Module 16 introduce special permissions, links and file locations. After studying this chapter students should be able to: Working with system files and libraries, understanding symbolic links.
Module 16 Special Permissions, Links and File Locations This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Exam Objective 5.4 Special Directories and Files Objective Summary – – Working with system files and libraries Understanding symbolic links This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 setuid Permission This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 The setuid Permission • • The setuid permission is set on certain system utilities so that an ordinary user can execute the program as if it was run by the root user This allows an a normal user to perform common system administration tasks without having to gain direct access to the root account An excellent example of the setuid permission in action is the /usr/bin/passwd command When a user executes the passwd command successfully, the command is able to update the /etc/shadow file to set a new password for the user This file can’t be accessed normally by no-root users This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Files with setuid • A file that has setuid permission properly set will have a lowercase "s" in the “user owner” execute position, indicating both setuid and execute permission for the user owner are set: -rwsr-xr-x • A file which has setuid permission, but lacks execute permission for the user owner will show an uppercase "S" to highlight that the permission is not effective: -rwSr-xr-x This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Using chmod with setuid • • The chmod command can be used to set or remove the setuid permission, using either a symbolic or numeric method Setting setuid where nnn is original permission mode: – • chmod u+s file or chmod 4nnn file Removing setuid where original mode is 4nnn: – chmod u-s file or chmod 0nnn file This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 setgid Permission This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 The setgid Permission on a File • • The setgid permission used on a file is similar to setuid except that it uses group permissions When a user executes a file that is setgid, the system runs the command as if the user were a member of the group that owns the executable, usually granting access to additional files An example of setgid permission on a file is the /usr/bin/wall command The wall command sends messages to other user’s terminals Since this executable is owned by the "tty" group, when it is run it grants the user access to the files owned by the "tty" group, which effectively allows the user to write a message to any "tty" or terminal on the system This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 The setgid Permission on a Directory • • • Using setgid permission on a directory is used by administrators to make it easier for users who are in a group to be able to share files with other users in the same group When setgid permission is set on a directory, any files created in that directory are automatically group owned by the group that owns the directory When a new subdirectory are created in a directory that has setgid, the new subdirectory will also have setgid permission and be group owned by the group that owns the parent directory This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Files with setgid • A file that has setuid permission properly set will have a lowercase "s" in the group owner execute column, indicating both setgid and execute permission for the user owner is set: -r-xr-sr-x • A file which has setgid permission, but lacks execute permission for the group owner will show as an uppercase "S" to highlight that the permission is not effective: -r-xr-Sr-x This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Organizing within the FHS • Although the Filesystem Hierarchy Standard (FHS) is helpful for a detailed understanding of the layout of the directories used by most Linux distributions, the following describes the layout of directories in more general terms: – – – – – User home directories Binary directories Software application directories Library directories Variable data directories This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 User Home Directories • • • The /home directory typically contains a separate directory for each user with an account on the system except for the root user The /root directory is the preferred optional location for the home directory of the root user Without administrator intervention, users can only create files in their home directory, the /tmp directory and the /var/tmp directory This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Binary Directories This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 User Binary Directories • • • • Binary directories contain the programs (not necessarily actually all binary files) that users and administrators execute to start processes or applications running Those whose name is "bin" are intended for ordinary users and include: /bin, /usr/bin and /usr/local/bin Third-party applications may also store their executables in /usr/local/application/bin or /opt/application/bin Users may have their own "bin" in their home directory, like /home/bob/bin This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 System Binary Directories • • • The system binary directories contain programs or applications that are intended for the administrator (the root user) System binary directories will have a "sbin" name and include: /sbin, /usr/sbin and /usr/local/sbin Third-party administrative applications may also store their executables in /usr/local/application/sbin or /opt/application/sbin This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 PATH and Binary Directories • • • • In order to be able to execute a command contained in one of the "bin" or "sbin" directories by typing the command name only, the directory containing the command needs to be contained in the list of directories set in the PATH variable The PATH variable contents can be viewed by using the echo $PATH command The PATH variable is usually customized by modifying the ~/.bash_profile file To execute a command in a directory not in PATH, type the absolute or relative path to the command This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Application Directories This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Software Application Directories • • • Unlike Windows, applications are not usually installed in a single directory like C:\Program Files By querying the software application package, the file locations will be listed: – dpkg -L application (Debian-derived distributions) – rpm -ql application (RPM based distributions) The executable program files may go in /usr/bin if they originated from the distribution, otherwise they may go in /usr/local/bin or /opt/application/bin This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Software Application Directories • • The application's data may go into a subdirectory of /usr/share, /usr/lib, /opt/application or /var/lib The documentation for the application will normally go in a subdirectory of /usr/share/doc, /usr/share/man, or /usr/share/info if it originated from the distribution or else in /usr/local/share/man, /usr/local/share/doc, /usr/local/share/info or a subdirectory of /opt/application This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Library Directories This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Library Directories • • • • Libraries are files that contain code with is shared between multiple programs Using libraries saves disk space and memory as multiple programs can share them and don't need a separate copy Library file names typically end in ".so" to indicate that they are "shared objects“ It is common for a 64 bit system to have both 64 bit and 32 bit versions of libraries This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Library Directories • • • • Library directories will normally have a path that ends in "lib“ The libraries to support the essential binaries found in /bin and /sbin are located in /lib in /lib64 To support the /usr/bin and /usr/sbin executables, the /usr/lib and /usr/lib64 libraries are used For supporting applications not part of the of the distribution the /usr/local/lib and /opt/application/lib libraries are used This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Variable Data Directories This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Variable Data Directories • • • • The /var directory and many of its subdirectories contain files whose contents change frequently If your system is used as a mail server, then /var/mail or /var/spool/mail will hold the messages If your system is used as a print server, the the /var/spool/cups directory is used to hold the print jobs Depending on the activity of your system and what level of detail it is logging, then the log files in the /var/log directory might hold a large amount of data This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 Variable Data Directories • • • While the log files found in /var/log may be extremely helpful for troubleshooting problems, they might become a problem themselves if they fill up the filesystem Having services like mail and printing available may be useful, but if they cause your system to crash, then that can be a problem Mounting /var on a separate partition is often done as a precaution to prevent activity under /var from filling up the root filesystem and crashing the system This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses ©Copyright Network Development Group 2013 ... ls -li file. * 278772 -rw-rw-r sysadmin sysadmin Oct 25 15:53 file. hard.1 278772 -rw-rw-r sysadmin sysadmin Oct 25 15:53 file. original • Notice that the inode is the same for both files and. .. set: -r-xr-sr-x • A file which has setgid permission, but lacks execute permission for the group owner will show as an uppercase "S" to highlight that the permission is not effective: -r-xr-Sr-x... Development Group 2013 Understanding the Filesystem • • • To understand how links work, it is helpful to understand how the filesystem keeps track of files For every file that is created, there