Tải bản đầy đủ

Module Linux essentials - Module 16: Special permissions, links and file locations

Module 16
Special Permissions, Links
and File Locations

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Exam Objective
5.4 Special Directories and Files
Objective Summary



Working with system files and libraries
Understanding symbolic links

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.



setuid Permission

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


The setuid Permission




The setuid permission is set on certain system utilities so
that an ordinary user can execute the program as if it
was run by the root user. This allows an a normal user
to perform common system administration tasks without
having to do gain direct access to the root account.
An excellent example of the setuid permission in action
is the /usr/bin/passwd command. When a user
executes the passwd command successfully, the
command is able to update the /etc/shadow file to set
a new password for the user. This file can’t be accessed
normally by no-root users.
This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Files with setuid


A file that has setuid permission properly set will have a
lowercase "s" in the “user owner” execute position,
indicating both setuid and execute permission for the user
owner are set:
-rwsr-xr-x



A file which has setuid permission, but lacks execute
permission for the user owner will show an uppercase "S"
to highlight that the permission is not effective:


-rwSr-xr-x
This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Using chmod with setuid




The chmod command can be used to set or remove the
setuid permission, using either a symbolic or numeric
method
Setting setuid where nnn is original permission mode:




chmod u+s file or chmod 4nnn file

Removing setuid where original mode is 4nnn:


chmod u-s file or chmod 0nnn file

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


setgid Permission

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


The setgid Permission on a File




The setgid permission used on a file is similar to setuid
except that it uses group permissions. When a user
executes a file that is setgid, the system runs the
command as if the user were a member of the group that
owns the executable, usually granting access to
additional files.
An example of setgid permission on a file is the
/usr/bin/wall command. The wall command
sends messages to other user’s terminals. Since this
executable is owned by the "tty" group, when it is run it
grants the user access to the files owned by the "tty"
group, which effectively allows the user to write a
message to any "tty" or terminal on the system.
This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


The setgid Permission on a
Directory






Using setgid permission on a directory is used by
administrators to make it easier for users who are in a
group to be able to share files with other users in the
same group.
When setgid permission is set on a directory, any files
created in that directory are automatically group owned
by the group that owns the directory.
When a new subdirectory are created in a directory that
has setgid, the new subdirectory will also have setgid
permission and be group owned by the group that owns
the parent directory.
This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Files with setgid


A file that has setuid permission properly set will have a
lowercase "s" in the group owner execute column,
indicating both setgid and execute permission for the user
owner is set:
-r-xr-sr-x



A file which has setgid permission, but lacks execute
permission for the group owner will show as an
uppercase "S" to highlight that the permission is not
effective:
-r-xr-Sr-x
This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Using chmod with setgid




The chmod command can be used to set or remove the
setgid permission using either a symbolic or numeric
method
Setting setgid where nnn is original permission mode:




chmod g+s file or chmod 2nnn file

Removing setgid where original mode is 2nnn:


chmod g-s file or chmod 0nnn file

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Working with Sticky Bit

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


The sticky bit Permission






The sticky bit permission is used to prevent others
from deleting files that they do not own in a directory
that is shared with others.
Normally, if a user has write permission on a directory,
then that user can delete any file in that directory,
including files that user does not own, regardless of the
permissions of the file.
The classic example of a directory that normally has
the sticky bit permission is the /tmp directory. This
directory is standard on all Linux systems and provides
a place were all users can store files. With sticky bit
set, one user can't delete another user's /tmp files.
This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Directories with the sticky bit set








When the sticky bit permission is set, the letter "t" will
appear in the execute column for the others: drwxrwxrwt
Unlike setuid and setgid, where a capital letter indicated a
problem that would prevent those permissions from
working, the presence of an uppercase letter "T" does
not always mean that the sticky bit permission is not set
correctly: drwxrwx--T
If either the group owner or others have execute
permission, then it is possible for the sticky bit permission
to work for those accounts.
If only the user owner has execute permission, then it is
not possible for the sticky bit permission to work:
This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
drwx------T
©Copyright Network Development Group 2013.


Using chmod with sticky bit




The chmod command can be used to set or remove the
sticky bit permission using either a symbolic or numeric
method.
Setting sticky bit where nnn is original permission mode:




chmod o+t dir or chmod 1nnn dir

Removing sticky bit where original mode is 1nnn:


chmod o-t dir or chmod 0nnn dir

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Hard and Symbolic Links

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Hard Links and Symbolic Links




Both hard and soft (also called symbolic) links are
useful for providing alternative names for files and
directories.
Instead of having to type a long and difficult path to a
file like:
/usr/share/doc/package/data/2013/october/10/valu
able-information.txt



…a link name for the same file may be simply:
~/valuable.txt



Each technique of linking (hard and soft) has
advantages and disadvantages
This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Hard Links vs. Symbolic Links
SymLink1

Originalfile

inode

inode

Data Blocks

Data Blocks

HardLink1

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Understanding the Filesystem






To understand how links work, it is helpful to
understand how the filesystem keeps track of files.
For every file that is created, there is one block of data
called an inode table that stores the meta-information
of the file, such as permissions, ownerships,
timestamps and pointers to where the file’s contents
are stored.
The inode table includes almost all information about
a file except the file name.

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.










Understanding the
Filesystem(cont)
Each inode table is associated with a unique inode
number.
The ls -i command will display the inode number for
each file.
The directory stores the names of all the files within the
directory and their associated inode number.
When access is attempted on a file, the system reads
the directory data to find the file name and then
retrieves its data by looking up the data blocks
referenced in its inode.

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Hard Link Example




Suppose that the /etc/passwd file has an inode
number of 123
The /etc directory would store a table with file names
and inode numbers like:
passwd

123

shadow

175

group

144

gshadow

897

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Hard Link Example(cont)


A file called /etc/mypasswd that is hard linked to
/etc/passwd would also reference inode 123:
passwd

123

mypasswd 123
shadow

175

group

144

gshadow

897

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Hard Links




Every file has at least one hard link to it (for the original
file name).
The link count number appears between the permissions
and the user owner in a detailed listing:
$ echo data > file.original
$ ls -li file.*

278772 -rw-rw-r--. 1 sysadmin sysadmin 5 Oct 25 15:42
file.original


The link count will increase by one for each hard link that
is added and decrease by one for each hard link that is
removed.
This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Creating Hard Links


To create hard links, the ln command is used with the
first argument being an existing file name and the
second argument being the new file name to link to it:
$ ln file.original file.hard.1
$ ls -li file.*

278772 -rw-rw-r--. 2 sysadmin sysadmin 5 Oct 25 15:53
file.hard.1
278772 -rw-rw-r--. 2 sysadmin sysadmin 5 Oct 25 15:53
file.original


Notice that the inode is the same for both files and they
both have a link count of 2.

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Soft Links






A soft (symbolic) link is a file that points to another file
name.
Soft links have a file type of "l“.
Soft links are similar to shortcuts in Windows.
Several soft links already exist on the system
including /etc/grub.conf:
$ ls -l /etc/grub.conf
lrwxrwxrwx. 1 root root 22 Feb 15 2011 /etc/grub.conf ->
../boot/grub/grub.conf

This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses.
©Copyright Network Development Group 2013.


Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay

×