Special Directories and Files

Download as pptx, pdf, or txt
Download as pptx, pdf, or txt
You are on page 1of 20

Module 18

Special Directories and Files


Exam Objective
5.4 Special Directories and Files

Objective Description
Special directories and files on a Linux system including special
permissions.
Special Permissions
Setuid Permissions
● This permission is set on system utilities so they can be run by normal users, but executed
with the permissions of root.

● Gives access to system files that a normal user doesn’t have access to.

● For example, the user sysadmin attempts to view the contents of the /etc/shadow file:

sysadmin@localhost:~$ more /etc/shadow

/etc/shadow: Permission denied

● How is a regular user able to modify the /etc/shadow file when executing the passwd
command?

● The passwd command has the special setuid permission:


sysadmin@localhost:~$ ls -l /usr/bin/passwd

-rwsr-xr-x 1 root root 31768 Jan 28 2010 /usr/bin/passwd


Setuid Permissions
● The setuid permission is represented by an s character in user execute permissions.

-rwsr-xr-x 1 root root 31768 Jan 28 2010 /usr/bin/passwd

● An uppercase S means that only the setuid is set and not the user execute permission.
-rwSr-xr-x 1 root root 31768 Jan 28 2010 /usr/bin/passwd
Setuid Permissions
● Special permissions can be set with the chmod command, using either the symbolic and octal
methods.

● To add the setuid permission symbolically, run:

chmod u+s file

● To add the setuid permission numerically, add 4000 to the file's existing permissions (assume
the file below originally had 775 for its permission):
chmod 4775 file

● To remove the setuid permission symbolically, run: chmod u-s file

● To remove the setuid permission numerically, subtract 4000 from the file's existing
permissions: chmod 0775 file
Setgid Permissions On a File
● The setgid permission is similar to setuid, but for group permissions.

● There are two types of setgid permissions; setgid on files and setgid on directories

● Setgid on a file allows user to run executable binary file by providing temporary group access.
○ Represented by s in group permissions: -rwxr-sr-x
○ Consider the usr/bin/wall command file group ownership:
-rwxr-sr-x. 1 root tty 10996 Jul 19 2011 /usr/bin/wall

○ This executable file is owned by the tty group, when a user executes this command
they will be able to access files that are group owned by the tty group.
Setgid Permissions On a Directory
● Setgid on a directory causes files created in the directory to automatically be owned by the
group that owns the directory.

● Remember: Normally, new files are group owned by the primary group of the user who
created the file.

● If a directory is setgid, any directories created within that directory will inherit the setgid
permission.
● To view permissions information on a directory use ls -ld filename.
● There are two ways the setuid permission can be set:

○ A lowercase s (drwxrwsrwx) means that both setgid and group execute permissions are
set.

○ An uppercase S (drwxrwSr-x)means that only setgid and not group execute permission
is set
Setgid Permissions On a Directory
● To add the setgid permission on a directory symbolically use:

chmod g+s <file|directory>

● To add the setgid permission numerically, add 2000 to the file's existing permissions (assume
the file below originally had 775 for its permission):

chmod 2775 <file|directory>

● To remove the setgid permission symbolically:


chmod g-s <file|directory>

● To remove the setgid permission numerically, subtract 2000 from the file's existing
permissions:
chmod 0775 <file|directory>
Sticky Bit Permission
● The sticky bit permission allows for files in a directory to be shared but only
owner of file or root can delete.

● Without this permission, users would be able to delete any files in this
directory, including those that belong to other users.

● Sticky bit permission is displayed as a t in the execute part of other’s


permissions: drwxrwxrwt
○ Lowercase t means both sticky bit and execute is set.
○ Uppercase T means only sticky bit is set.
Sticky Bit Permission
● To add the sticky bit permission symbolically use:

chmod o+t <directory>

● To add sticky bit permission numerically, add 1000 to the directory’s existing permissions
(assume the directory below originally had 775 for its permission):

chmod 1775 <file|directory>

● To remove sticky bit permission symbolically:


chmod o-t <directory>

● To remove the setgid permission numerically, subtract 1000 from the directory’s existing
permissions:
chmod 0775 <directory>
Links
Hard Links and Symbolic Links
● There are files that reside deep in the file system and have long
pathnames.

/usr/share/doc/superbigsoftwarepackage/data/2013/october/tenth/valuable-
information.txt

● Some files cannot be copied into another directory because other users
update the file.
● You can create a file that will be linked to the one that is "deeply buried"
and place the link in your directory.
Creating Hard Links
● Every file on a partition has a unique identification number called an inode number.

● To display the inode number of a file, use the ls -i command.

sysadmin@localhost:~$ ls -i /tmp/file.txt

215220874 /tmp/file.txt

● Hard links are two file names that point to the same inode. Take the passwd and mypasswd
file names:
File Name Inode
Number
Passwd
123
Mypasswd
123

● You can access the file data using either name because they have the same inode number.
Creating Hard Links
● You can view the link count number of a file by executing the ls -li command:

sysadmin@localhost:~$ ls -li file.*

278772 -rw-rw-r--. 1 sysadmin sysadmin 5 Oct 25 15:42 file.original

● To create a hard link, use the ln command with two arguments:


ln target link_name

● When a hard link is created, the link count will increase by one:

sysadmin@localhost:~$ ln file.original file.hard.1

sysadmin@localhost:~$ ls -li file.*

278772 -rw-rw-r--. 2 sysadmin sysadmin 5 Oct 25 15:53 file.hard.1


278772 -rw-rw-r--. 2 sysadmin sysadmin 5 Oct 25 15:53 file.original
Creating a Symbolic Link
● A symbolic link, also called a soft link, is a file that points to another file. Take the /etc
directory for example:

sysadmin@localhost:~$ ls -l /etc/grub.conf

lrwxrwxrwx. 1 root root 22 Feb 15 2011 /etc/grub.conf -> ../boot/grub/grub.conf

● In the above example, the file /etc/grub.conf "points to"


the ../boot/grub/grub.conf file.
● To create a symbolic link, use the -s option with the ln command:

sysadmin@localhost:~$ ln -s /etc/passwd mypasswd

sysadmin@localhost:~$ ls -l mypasswd

lrwxrwxrwx. 1 sysadmin sysadmin 11 Oct 31 13:17 mypasswd -> /etc/passwd


Comparing Hard and Symbolic Links
● Although they have the same result, each produces different results and have
advantages and disadvantages.

● Hard Links vs Soft Links Advantages

○ Hard Link Advantage: If there are multiple files with the same hard link, deleting any
four of these files would not result in deleting the actual file contents. With a soft link; if
the original file is removed, then any files linked to it, will fail.

○ Soft Link Advantage: Soft links are easier to see.

○ Soft Link Advantage: Soft links can link to any file because it uses a pathname. Hard
links cannot be created that attempt to cross file systems because each file system has a
unique set of inodes.

○ Soft Link Advantage: Soft links can link to a directory.


File Locations
Filesystem Hierarchy Standard
● The Filesystem Hierarchy Standard (FHS) is a set of guidelines for Linux directories and their
contents.

● The FHS standard categorizes each system directory in a couple of ways:

○ A directory can be categorized as either shareable or not, meaning if the directory could be shared on a
network and used by multiple machines.

○ The directory is put into a category of having either static files (file contents won't change) or variable
files (file contents can change).

Not Shareable Shareable

Variable /var/lock /var/mail

Static /etc /opt


Organization Within the Filesystem
● The following provides a generalized description of the layout of directories as they actually
exist on a typical Linux distribution.

○ User home directory: The /home directory will typically have a directory underneath it for each user
account (i.e., /home/bob).

○ Binary directories: Contain programs that users and admins execute to start processes or applications.

○ Software application directories: Applications in Linux may have their files in multiple directories
spread throughout the the Linux filesystem.

○ Library directories: Libraries are files which contain code that is shared between multiple programs.
Most library file names will end in a file extension of .so, which means shared object.

○ Variable data directories: The /var directory and many of its subdirectories can contain data that will
change frequently (i.e., /var/mail and /var/log).

You might also like