Embed Size (px)
Citation preview
11 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
Week 4 AgendaWeek 4 Agenda
UNIX Directory StructureUNIX Directory Structure
Absolute pathnameAbsolute pathname
Relative pathnameRelative pathname
PermissionsPermissions
chmod (symbolic/absolute)chmod (symbolic/absolute)
22 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
UNIX Directory StructureUNIX Directory Structure
The UNIX system is structured The UNIX system is structured hierarchically (upside down tree-like).hierarchically (upside down tree-like).
You can have any number of files and You can have any number of files and subdirectories under it organized in any subdirectories under it organized in any way. This structure leads to a parent-child way. This structure leads to a parent-child relationship between a directory and its relationship between a directory and its sub-directories.sub-directories.
http://cs.senecac.on.ca/%7Efac/int120/labs/unixnotes.html
33 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
UNIX Directory StructureUNIX Directory Structure
The file system structure starts with one The file system structure starts with one main directory, called the root directory.main directory, called the root directory.
From the root. At the end of each path is From the root. At the end of each path is an ordinary file or a directory file. an ordinary file or a directory file.
http://cs.senecac.on.ca/%7Efac/int120/labs/unixnotes.html
44 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
Ordinary file VS Directory FileOrdinary file VS Directory File
Ordinary files (files) are at the end of paths Ordinary files (files) are at the end of paths and cannot support other paths whileand cannot support other paths while
Directory files (directories) are the points Directory files (directories) are the points that other paths can branch from. that other paths can branch from. Directories directly connected by a path Directories directly connected by a path called parents (closer to the root) and called parents (closer to the root) and children (farther from the root)children (farther from the root)
http://cs.senecac.on.ca/%7Efac/int120/labs/unixnotes.html
55 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
//Root directoryRoot directory – – the ancestor of all directories and the start of all absolute pathnames.
~~ or or $HOME$HOME
Home directoryHome directory - - the working directory when you first login
Different DirectoriesDifferent Directories
http://cs.senecac.on.ca/%7Efac/int120/labs/unixnotes.html
66 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
Different DirectoriesDifferent Directories
..Current working directoryCurrent working directory – t – the directory under which you are working
. .. .Parent directoryParent directory – t – the directory above the working directory
http://cs.senecac.on.ca/%7Efac/int120/labs/unixnotes.html
77 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
Pathname – Absolute VS RelativePathname – Absolute VS Relative
Absolute pathnameAbsolute pathname – A pathname that – A pathname that starts with root directory. It locates a file starts with root directory. It locates a file without regard to the working directory.without regard to the working directory.
Relative pathnameRelative pathname – A pathname that – A pathname that starts from the working directory.starts from the working directory.
88 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
s im p son s flin s ton es
cartoon s ac tion _ h eros
th e_ p en g u in
th e_ joker
b ad _ g u ys
/(roo t)
Your working directory is the_joker and home directory is action_herosYour working directory is the_joker and home directory is action_heros1. Copy flinstones to your working directory by using relative pathname1. Copy flinstones to your working directory by using relative pathname2. Copy flinstones to your working directory by using absolute pathname2. Copy flinstones to your working directory by using absolute pathname3. Delete simpsons by using relative pathname3. Delete simpsons by using relative pathname4. Rename cartoons to animation by using absolute pathname4. Rename cartoons to animation by using absolute pathname
Pathname – ExamplePathname – Example
99 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
Pathname – ExamplePathname – Example/ (root)
JLoBTaylor
BenAffleck
MattDamon
VCerfPuffy
EMendes
GPaltrowBerners_LeeLTorvalds
KThompson
DRitchie
directory file
Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005 1010
PermissionsPermissions- objectives- objectives1. How do you find out what
permissions are on a file?
2. How do you change permissions
3. Directory Permissions
4. Default Permissions
5. What permissions do you need to do the following tasks...?
1111 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
Key Concepts – File Permissions
• UNIX security for users and for the system is based on who has access to files and directories • Setting “permissions” on a file controls who can read, write to or execute a file.• Use the ls -l command to see the permissions on a file
1212 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
Your grocery lists andyour Top Secret Buried Treasure maps
should probably have different permissions!
Warning!
1313 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
The output of the ls - l command will look
like this:
total 66
-r-xr-x- - - 1 ling.zhu users 30 Mar26 19:49 colours
drwxr-xr-x 4 ling.zhu sys 512 Apr 1 17:41 comfind
Key Concepts - File Permissions
1414 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
It is10 characters long.example:[ling.zhu@zenit ling.zhu]>$ ls -l -r-xr-x- - - 1 ling.zhu users 54 Sep 26 19:49 lab2
Permissions Field
The Permission Field
- the first field in the long listing entry
1515 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
-r-xr-x- - - 1 ling.zhu users 30 Mar26 19:49 colours
drwxr-xr-x 4 ling.zhu sys 512 Apr 1 17:41 comfind
file type
- r-x r-x - - -
The Permission Field- The first character position
1616 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
The first character position represents the file type:- a normal filed a directoryl a soft or symbolic link s a socketc a character-special deviceb a block-special device
The Permission Field
1717 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
-r-xr-x- - - 1 ling.zhu staff 30 Mar26 19:49 colours
drwxr-xr-x 4 ling.zhu sys 512 Apr 1 17:41 comfind
- r-x r-x - - -
The next 9 characters in the Permissions Field are read as groups of 3
The Permission Field
1818 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
Each set of three characters is read the same way:
r
w
x
an “r” in the first position gives read permission for the file
a “w” in the second position gives write permission for the file
an “x” in the third position gives execute permission for the file
The next 9 characters in the Permissions Field are read as groups of 3
The Permission Field
1919 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
Similarly for each set of three characters....
-
-
-
a “-” in the first position means no read permission for the file
a “-” in the second position means no write permission for the file
a “-” in the third position means no execute permission for the file
2020 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
Warning!
For normal files execute permission means it is executable!
In DOS a file would have to have the proper extension in the filename to be executable. (.com, .exe , .bat)
2121 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
- r-x r-x - - -
user
The user that is the owner of a file is found in field 3 of the ls -l output.
In this case ling.zhu has read and execute permission, no write permission
-r-xr-x- - - 1 ling.zhu users 30 Mar26 19:49 colours
The first set of three characters - indicates the permissions for the user who owns the file.
2222 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
UNIX,
If you created it.... you own it!
Remember!
2323 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
- r-x r-x - - -group
The group that the file belongs to is found in field 4 of the ls -l output. In this case users have read & execute but no write permissions
-r-xr-x- - - 1 ling.zhu users 30 Mar26 19:49 colours
The second set of three characters - indicates the permissions for the members of the file’s group.
2424 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
- r-x r-x - - -others
-r-xr-x- - - 1 ling.zhu users 30 Mar26 19:49 colours
In this case others have no read, no write & no execute permissions...
The third set of three characters - indicates the permissions for all others on the system.
2525 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
-r-xr-x- - - 1 ling.zhu users 30 Mar26 19:49 colours
drwxr-xr-x 4 ling.zhu sys 512 Apr 1 17:41 comfind
- r-x r-x - - -file type
usergroup others
Key Concepts - File Permissions
2626 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
chmod
Name: What it does
chmod changes permissions (or access mode) of one or more files
chmod -R changes permissions recursively for a directory, all of its files and subdirectories
2727 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
1. add / remove permissions implicitly - symbolic method
2. set permissions explicitly
- absolute or octal method
2 ways to specify permissions
with the chmod command
2828 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
You need to provide 3 pieces of information:
1. WHO are you changing permissions for?
2. what OPERATION do you want to do?
3. WHAT are the permissions you want to
add/remove?
To add/remove permission
implicitly (symbolic method)
2929 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
1. WHO are you changing permissions for?
u for the user
g for the group
o for all others
a for all three
To add/remove permission
implicitly (symbolic method)
you need to provide 3 pieces of information:you need to provide 3 pieces of information:
3030 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
2. what OPERATION do you want to do?
+ (plus sign) add the permission
- (minus sign) remove the permission
= (equal sign) set it to indicated mode
To add/remove permission
implicitly (symbolic method)
you need to provide 3 pieces of information:you need to provide 3 pieces of information:
3131 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
3. WHAT are the permissions you want to add/remove?
r read
w write
x execute
To add/remove permission
implicitly (symbolic method)
you need to provide 3 pieces of information:you need to provide 3 pieces of information:
3232 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
-r-xr-x- - - 1 ling.zhu users 30 Mar26 19:49 colours
drwxr-xr-x 4 ling.zhu sys 512 Apr 1 17:41 comfind
- r-x r-x - - -file type
usergroup others
To add/remove permission
implicitly (symbolic method)
you need to provide 3 pieces of information:you need to provide 3 pieces of information:
3333 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
- r-x r-x - - -
file typeuser group others
To add write permission for user...
1. who? u (user)
2. what operation? + (add)
3. what permission? w (write)
To add/remove permission
implicitly (symbolic method)
you need to provide 3 pieces of information:you need to provide 3 pieces of information:
3434 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
- r-x r-x - - -
file typeuser group others
To add write permission for user for the file called colours the command would be:
chmod u+w colours
-r-xr-x- - - 1 ling.zhu users 30 Mar26 19:49 colours
To add/remove permission
implicitly (symbolic method)
you need to provide 3 pieces of information:you need to provide 3 pieces of information:
3535 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
- rwx r-x - - -file type
user group others
The chmod u+w colours command results in the following permissions for the file colours:
-rwxr-x- - - 1 ling.zhu users 30 Mar26 19:49 colours
To add/remove permission
implicitly (symbolic method)
you need to provide 3 pieces of information:you need to provide 3 pieces of information:
3636 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
- rwx r-x - - -
file typeuser group others
To remove write permission for user, and add write permission for the group for the file called colours the command would be:
chmod u-w,g+w colours
-rwxr-x- - - 1 ling.zhu users 30 Mar26 19:49 colours
To add/remove permission
implicitly (symbolic method)
you need to provide 3 pieces of information:you need to provide 3 pieces of information:
3737 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
- r-x rwx - - -file type
user group others
The chmod u-w,g+w colours command results in the following permissions for the file colours:
-r-xrwx- - - 1 ling.zhu users 30 Mar26 19:49 colours
To add/remove permission
implicitly (symbolic method)
you need to provide 3 pieces of information:you need to provide 3 pieces of information:
3838 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
Using Implicit or Symbolic Permissions!
To get the permissions exactly as you want them you may have to use a series of addition and removal commands....
you can combine them all on one line, just make sure there are no spaces between them!
3939 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
There are 2 ways to specify permissions with the chmod command:
1. add / remove permissions implicitly
2. set permissions explicitly
Key Concepts - File Permissions
4040 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
Assign individual permission letters “point values”
r = 4
w = 2
x = 1
deny all = 0
Setting permissionsexplicitly = octal = absolute
4141 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
2. Setting permissions explicitly: r = 4 w = 2 x = 1
rwx = 4 + 2 + 1 = 7 read,write,execute
rw- = 4 + 2 + 0 = 6 read, write
r-x = 4 + 0 + 1 = 5 read, execute
r-- = 4 + 0 + 0 = 4 read only
-wx = 0 + 2 + 1 = 3 write, execute
-w- = 0 + 2 + 0 = 2 write only
--x = 0 + 0 + 1 = 1 execute only
--- = 0 + 0 + 0 = 0 no permission
4242 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
chmod 777 colours
- rwx rwx rwx
-rwxr-x- - - 1 ling.zhu users 30 Mar26 19:49 colours
rwx=4+2+1=7 rwx=4+2+1=7 rwx=4+2+1=7
-rwxrwxrwx 1 ling.zhu users 30 Mar26 19:49 colours
Setting permissionsexplicitly = octal = absolute
4343 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
chmod 640 colours
- rw- r-- ---
-rwxr-x- - - 1 ling.zhu users 30 Mar26 19:49 colours
rw-= 4+2+0=6 r--=4+0+0=4 ---= 0+0+0=0
-rw-r----- 1 ling.zhu users 30 Mar26 19:49 colours
Setting permissionsexplicitly = octal = absolute
4444 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
Using Explicit or Octal Permissions !
allows you need to specify the exact permissions you want... regardless of the current permissions
4545 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
Directory PermissionsDirectory permissions are much the same as filesDirectory permissions are much the same as files
the owner of a directory decides who has the owner of a directory decides who has access to its filesaccess to its filesdirectory permissions are assigned using the directory permissions are assigned using the same letters as for filessame letters as for files
but the meaning of the letters r,w,x are but the meaning of the letters r,w,x are different.....different.....
4646 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
ReadRead permission for a directory means you are permission for a directory means you are allowed to list the files in the directory with allowed to list the files in the directory with lsls
WriteWrite permission for a directory means you can permission for a directory means you can create or remove files in itcreate or remove files in it
ExecuteExecute permission for a directory means you permission for a directory means you can make it your working directory or can make it your working directory or pass pass throughthrough it in a path it in a path
Read & executeRead & execute = “ = “searchsearch” permissions are ” permissions are required to get a required to get a long listinglong listing..
Directory Permissions
4747 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
Question:Question:What permission do you need for a What permission do you need for a
directory in order to remove a file directory in order to remove a file under it?under it?
Directory Permissions
rw-rw- ??
-wx-wx ??
4848 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
Warning!
For directories, you need “execute” permission to search them!
... without “search” permission in a directory you need to know the exact name of a file to read it
4949 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
Question
What is the minimum permission needed to view hiding.html under public_html/sub1/subsub1/week4 ?
5050 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
Two approaches to file security:
1. Permit wide access to your files and just turn off permissions for specific files and directories when more security is needed.
2. Permit limited access to your files and turn on permissions for specific files as
needed. It’s YOUR choice!
Setting Default Permissions for New Files
5151 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
Name: What it does
umask umask nnn
displays file creation mask set file creation mask to octal value nnn
umask
5252 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
Setting Default Permissions for New Files
The umask command allows you to control access to new files and directories
umask acts like chmod in reverse - each digit in umask tells what default permission to turn off
5353 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
default permissions for files are:
rw-rw-rw- read, write for everyone
no execute until you debug code
default permissions for directories are:
rwxrwxrwx read,write and execute so that the directory can be accessed
Setting Default Permissions for New Files
5454 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
default permissions for files are:
file default rw-rw-rw-
umask of 27 0 2 7
results in rw-r----- permission 640
turn off write for group turn off all for others
Setting Default Permissions for New Files
5555 Week 4 - Jan 31, 2005Week 4 - Jan 31, 2005
default permissions for directories are:
directory default rwx rwx rwx
umask of 27 0 2 7
results in rwxr-x--- permission 750
turn off write for group turn off all for others
Setting Default Permissions for New Files
