Special Directories and Files
Special Directories and Files
Special Directories and Files
Objective Description
Special directories and files on a Linux system including special
permissions.
Special Permissions
Setuid Permissions
● This permission is set on system utilities so they can be run by normal users, but executed
with the permissions of root.
● Gives access to system files that a normal user doesn’t have access to.
● For example, the user sysadmin attempts to view the contents of the /etc/shadow file:
● How is a regular user able to modify the /etc/shadow file when executing the passwd
command?
● An uppercase S means that only the setuid is set and not the user execute permission.
-rwSr-xr-x 1 root root 31768 Jan 28 2010 /usr/bin/passwd
Setuid Permissions
● Special permissions can be set with the chmod command, using either the symbolic and octal
methods.
● To add the setuid permission numerically, add 4000 to the file's existing permissions (assume
the file below originally had 775 for its permission):
chmod 4775 file
● To remove the setuid permission numerically, subtract 4000 from the file's existing
permissions: chmod 0775 file
Setgid Permissions On a File
● The setgid permission is similar to setuid, but for group permissions.
● There are two types of setgid permissions; setgid on files and setgid on directories
● Setgid on a file allows user to run executable binary file by providing temporary group access.
○ Represented by s in group permissions: -rwxr-sr-x
○ Consider the usr/bin/wall command file group ownership:
-rwxr-sr-x. 1 root tty 10996 Jul 19 2011 /usr/bin/wall
○ This executable file is owned by the tty group, when a user executes this command
they will be able to access files that are group owned by the tty group.
Setgid Permissions On a Directory
● Setgid on a directory causes files created in the directory to automatically be owned by the
group that owns the directory.
● Remember: Normally, new files are group owned by the primary group of the user who
created the file.
● If a directory is setgid, any directories created within that directory will inherit the setgid
permission.
● To view permissions information on a directory use ls -ld filename.
● There are two ways the setuid permission can be set:
○ A lowercase s (drwxrwsrwx) means that both setgid and group execute permissions are
set.
○ An uppercase S (drwxrwSr-x)means that only setgid and not group execute permission
is set
Setgid Permissions On a Directory
● To add the setgid permission on a directory symbolically use:
● To add the setgid permission numerically, add 2000 to the file's existing permissions (assume
the file below originally had 775 for its permission):
● To remove the setgid permission numerically, subtract 2000 from the file's existing
permissions:
chmod 0775 <file|directory>
Sticky Bit Permission
● The sticky bit permission allows for files in a directory to be shared but only
owner of file or root can delete.
● Without this permission, users would be able to delete any files in this
directory, including those that belong to other users.
● To add sticky bit permission numerically, add 1000 to the directory’s existing permissions
(assume the directory below originally had 775 for its permission):
● To remove the setgid permission numerically, subtract 1000 from the directory’s existing
permissions:
chmod 0775 <directory>
Links
Hard Links and Symbolic Links
● There are files that reside deep in the file system and have long
pathnames.
/usr/share/doc/superbigsoftwarepackage/data/2013/october/tenth/valuable-
information.txt
● Some files cannot be copied into another directory because other users
update the file.
● You can create a file that will be linked to the one that is "deeply buried"
and place the link in your directory.
Creating Hard Links
● Every file on a partition has a unique identification number called an inode number.
sysadmin@localhost:~$ ls -i /tmp/file.txt
215220874 /tmp/file.txt
● Hard links are two file names that point to the same inode. Take the passwd and mypasswd
file names:
File Name Inode
Number
Passwd
123
Mypasswd
123
● You can access the file data using either name because they have the same inode number.
Creating Hard Links
● You can view the link count number of a file by executing the ls -li command:
● When a hard link is created, the link count will increase by one:
sysadmin@localhost:~$ ls -l /etc/grub.conf
sysadmin@localhost:~$ ls -l mypasswd
○ Hard Link Advantage: If there are multiple files with the same hard link, deleting any
four of these files would not result in deleting the actual file contents. With a soft link; if
the original file is removed, then any files linked to it, will fail.
○ Soft Link Advantage: Soft links can link to any file because it uses a pathname. Hard
links cannot be created that attempt to cross file systems because each file system has a
unique set of inodes.
○ A directory can be categorized as either shareable or not, meaning if the directory could be shared on a
network and used by multiple machines.
○ The directory is put into a category of having either static files (file contents won't change) or variable
files (file contents can change).
○ User home directory: The /home directory will typically have a directory underneath it for each user
account (i.e., /home/bob).
○ Binary directories: Contain programs that users and admins execute to start processes or applications.
○ Software application directories: Applications in Linux may have their files in multiple directories
spread throughout the the Linux filesystem.
○ Library directories: Libraries are files which contain code that is shared between multiple programs.
Most library file names will end in a file extension of .so, which means shared object.
○ Variable data directories: The /var directory and many of its subdirectories can contain data that will
change frequently (i.e., /var/mail and /var/log).