Home > Articles

  • Print
  • + Share This
This chapter is from the book

Finding Your Way

Now that you are familiar with the graphical and console working environments in SLES, you might still find yourself somewhat lost within the environment itself. This section provides an introduction to the filesystem layout and offers an insight into filesystem permissions and potential navigation pitfalls.

System Filesystem

During the system startup process, the Linux kernel loads modules required to access the hard disks into memory. With these modules, physical connections to the hard disk partitions can be established.

Under Microsoft Windows and other operating systems, the filesystem is accessed through drive letters assigned to each individual partition. Linux, on the other hand, provides access to all partitions through a single, virtual directory structure. Accessing separate partitions is a matter of navigating to the correct directory.

The process of associating a partition to a directory within the filesystem is known as "mounting." During system initialization, the partition containing the core operating-system files is mounted to the root (/) of the directory tree. This partition is known as the system or "root" partition.

After root has been successfully mounted, remaining partitions are then mounted to specific directories within the root directory structure. The /etc/fstab file is used as a configuration file, which determines where each partition will be mounted. Directories used for mounting filesystems are known as "mount points."

Table 3.11 lists the main directories found after a SLES installation and briefly describes their purposes.

Table 3.11 Root Filesystem Components

Directory

Contents and Purpose

/bin

Commands used by all users.

/boot

Boot-specific files, including the Linux kernel and GRUB configuration files.

/dev

Device files representing possible hardware components.

/etc

Host-specific configuration files.

/home

Home directory for local user accounts.

/lib

Shared library and kernel module directory.

/media

Default mount directory structure for removable media such as CD-ROMs.

/mnt

Default mount point for temporarily mounted network file- systems.

/opt

Optional directory for use by additional software packages. Novell OES components can be found in this directory structure.

/proc

Virtual filesystem used for querying the Linux kernel.

/root

Home directory of the root user.

/sbin

System binaries typically used only by root.

/srv

Data directories used by such things as web and FTP servers.

/sys

Virtual filesystem of Linux system structure—new version of the /proc filesystem.

/tmp

System-wide temporary directory.

/usr

Shareable, read-only data.

/var

Variable-length files such as log files, databases, printer spools, and so on.


Upon opening a shell terminal, you are normally presented with a command prompt while residing within your user’s home directory. This can be confirmed by using the Print Working Directory (pwd) command, as shown in Figure 3.9.

Figure 3.9

Figure 3.9 Displaying the current path using pwd.

Navigation through the filesystem is similar to other operating systems. There are a few shortcuts you should be aware of. Table 3.12 describes these useful shortcuts and provides examples for using them.

Table 3.12 Navigation Shortcuts

Shortcut

Description

.

Represents the current directory. An example of using this character would be when copying files to the current directory:

 # cp /etc/passwd .

..

Represents the parent directory. Examples of this include changing to the parent or a sibling directory:

# cd .. 
# cd ../sibling_directory

.<filename>

Filenames beginning with a period are hidden files and should not be confused with representing the current directory. To execute a script in the current directory, the current directory is explicitly identified as follows:

# ./test_script

~~jdoe

Represents the current user's home directory. Using the tilde (~) metacharacter, you can change to the current user's home directory using the following syntax:

 # cd ~ 

A valid user name can also be appended to the ~ character to represent a specific user's home directory.

 # cp /etc/passwd ~jdoe/passwd.old

-

Represents the last working directory. You can easily change to the last valid working directory using the following command:

 # cd -

In addition to knowing the shortcuts, knowing basic navigation tools is also important to successfully navigate the filesystem. Although Table 3.13 is not a comprehensive list of commands, it identifies the major navigation-related commands used in Linux.

Table 3.13 Basic Navigation Commands

Command

Description

pwd

Prints the current working directory.

cd

Used to change the current working directory to another directory within the filesystem. When changing directories, the absolute path to the new directory (beginning with a leading slash—/) or a relative path can be used.

ls

List directory contents.

ll

Actually a command alias to the ls command. This command provides a long listing of directory contents— including the filesize, ownership, and permission information.

mkdir

Used to create a new directory.

rmdir

Used to remove empty directories.

cp

Used to copy files from one location to another.

mv

Used to move or rename files.

rm

Used to remove or delete files from the filesystem.


Filesystem Permissions

With knowledge of the filesystem layout and the commands required to navigate that filesystem, there is only one thing that could possibly stop you—permissions.

Permissions on files and directories in Linux can be viewed using a long file listing (ls –l). The output of this command will look similar to Figure 3.10.

Figure 3.10

Figure 3.10 Output of ls –l.

Long file listings display the permissions on a file or directory on the far left side of each entry. This field is known as the "mode" of the file and consists of ten specific bits. The first bit is used to indicate the type of file being viewed. Possible file type values are listed in Table 3.14.

Table 3.14 Possible File Types

Type Designation

Description

-

Normal file

d

Directory

l

Symbolic link

c

Character device

b

Block device

p

Named pipe

s

Socket


The remaining nine bits represent the permissions on the specified file, as shown in Figure 3.11. These bits are logically divided into three groups of three bits each. The first set of three bits represents the permissions that the owner of the file has. (The owner is displayed as the third field in a long directory listing with ls.)

Figure 3.11

Figure 3.11 Layout of file mode.

The second set of three bits represents the permissions assigned to the group owner of the specified file. (The group owner is displayed as the fourth field in a long directory listing with ls.) All members of the specified group receive the designated rights to the file.

The final set of three bits represents permissions that all other users receive to the specified file.

Each of these sets of three bits all represent the same set of three rights—read, write, and execute. These permissions behave differently based on whether they are set on a file or a directory. Table 3.15 describes the difference in these permissions.

Table 3.15 Permission Differences Between Files and Directories

Permission

Meaning on Files

Meaning on Directories

r (read)

The ability to read or view the specified file.

The ability to view contents within a directory. This ability requires the execute permission to be set as well.

w (write)

The ability to modify or write to the specified file.

The ability to create and delete files within a directory. This ability requires the execute permission to be set as well.

x (execute)

The ability to execute the file (required for script and binary program execution).

The ability to work within a specified directory.


Setting Permissions and Ownership

The chown utility can be used to change the owner and group owner of files and directories. When using chown, specify the new user and group owners followed by the file or directory. The user and group names are separated with a period. Here’s an example of this:

chown jdoe.users /tmp/tmpfile

In order to change permissions on a file or directory, you must use the chmod utility. The chmod utility can be used to change permissions using two different methods. The first method is through using a symbolic representation of permission assignments. This requires identifying which set of permissions you are changing; what permissions you are assigning; and an operator that determines whether rights are being added or subtracted. Table 3.16 lists possible values for these three fields.

Table 3.16 Common Symbolic Parameters for chmod

Category

Operator

Permissions

u (user)

+ (add permissions)

r (read)

g (group)

- (subtract permissions)

w (write)

o (other)

= (set permissions equal to designated values)

x (execute)

a (all)

 

 


Using the symbolic method, multiple permissions can be set by separating each setting with a comma. The following example demonstrates this:

chown u+a,o+r /tmp/tmpfile

The second method of changing permissions with chmod is through using an octal number representation of the desired permissions. This is routinely seen and important to understand.

In an octal interpretation of permissions, each right is assigned a number. The read permission is assigned a value of 4, write is assigned a value of 2, and execute is assigned a value of 1. These numeric assignments are used for all three sets of permissions as shown in Figure 3.12.

Figure 3.12

Figure 3.12 Octal representation of file mode.

To assign permissions using the octal method, add up the value of each set permission bit in each category (user, group, and other). Each category will range from 0 to 7. After each category has been calculated, use chmod as follows:

chmod 750 /tmp/testfs.sh

In the preceding example, all permissions (rwx) are assigned to the user category, read and execute (r-x) are assigned to the group, and no permissions (---) are assigned to the other category.

Special Permissions

In addition to the normal permissions, there are three special permissions that you might encounter. These permissions are as follows:

  • Set User ID (SUID)—The SUID bit is used on executables to modify the permissions allowed to the running process. When an executable with the SUID bit is executed, the running process inherits the permissions of the owner of the executable—rather than the permissions of the user who launched the program. This is useful when a running process should have more rights than a normal user is typically provided.

  • Set Group ID (SGID)—The SGID bit performs two functions. The first is similar to the SUID bit. An executable with the SGID bit set inherits the permissions of the group owner when running—rather than the group permissions of the user who started the process.

  • The second function the SGID bit performs is only valid on directories. With the SGID bit set on a directory, all newly created files within that directory automatically receive the same group owner as the group owner of the directory. This overrides the default assignment of each file receiving a group owner set to the individual user’s primary group.

  • Sticky Bit—The Sticky Bit is only valid on directories. When the Sticky Bit is set on a directory, users are only allowed to delete files that they own. Without this setting, users are allowed to delete files owned by other users as long as they have the write (w) permission on the directory.

Special permissions are stored as part of the regular mode of the file, but there is no room for three more permission bits for these permissions. Because of this, special permissions are actually included within the execute (x) bit of user, group, and other permissions. Figures 3.13 and 3.14 demonstrate how these permissions are displayed when the corresponding execute bit is set and not set, respectively.

Figure 3.13

Figure 3.13 Special permissions that appear when the execute bit is set.

Figure 3.14

Figure 3.14 Special permissions that appear when the execute bit is not set.

Even though special permissions are displayed as part of the normal mode of the file, setting special permissions is done through the use of one more permissions category with the octal mode of chmod. With this category, SUID is assigned a value of 4, SGID a value of 2, and the Sticky Bit a value of 1. You can set these permissions as follows:

chmod 3775 /data/sales
  • + Share This
  • 🔖 Save To Your Account