Linux Basics/Filesystem, permissions
Jump to navigation Jump to search
Filesystem[edit | edit source]
- Linux system basically:
- System partition
- Swap partition which is useful when you run out of physical memory, the unused program files get to this partitions.
- We can add swap space as file to the system on the go. The size of these files doesn't change, so there won't be any fragmentation.
- We can install Linux on standalone file system, if we install it as a server. The reason is to increase security, for e.g. if the logfiles fill the system, and it's on separate partition, the system won't stop.
- We usually put the following directories on separate partitions: /home /var /tmp /boot /usr
- We divide the mediums (HDD, SSD) to partitions where we create the filesystem.
- Partition table specifies the method of storing partitions. Linux uses "DOS" partition table by default because of compatibility reasons.
- DOS partition table allows only 4 primary partitions, the others can be in an extended partition. The extended partition can be divided to more parts, we call these logical partitions.
- GPT partition table allows unlimited partitions. This is used more common.
Permissions[edit | edit source]
- The DAC word stands for Discretionary Access Control. This allows the identified users to access to objects based on their properties. The access can only be set for the owner and only for group.
- We also call these as UNIX permissions.
- MAC or Mandatory Access Control is also known. We create access rules for objects which applies to every user (even root).
- The third one is Role-based Accesss Control or RBAC. The superuser creates several roles. With the given permissions, we can get access to particular objects.
- We differentiate three permissions:
- Read (r)
- Write (w)
- Execute (x)
- Permissions can be given to three types of users:
- User belonging into a group
- Everyone else
- With chmod command we can set the permissions, where sometimes we relate to the owners, groups and everyone else, based on this table:
- Example: output of ls -l in HOME folder:
-rw-r--r-- 1 joska joska 3184 dec 13 18.37 .bashrc
|Type||Owner's permissions||Group permissions||Others|
Type can be:
|D||Solaris gate(communication between processes)|
|c||character device (tty or printer)|
|b||block device (disk or CD-ROM)|
|l||symbolic link (symlink)|
|= or p||FIFO (System V, Linux)|
- We can use the command for assigning a file's or directory's owner and group.
chown joska.joska filename chown joska:joska filename chown joska. filename chown joska: filename
- It can be used for setting permissions.
- We can add/take permissions by two methods. First one is with numbers, second one is with letters.
- We give with the letters who we want to add or take permissions. Then +/- depending what we want to modify (+: add, -:remove). Then finally what we want to change. The user types are stackable, so we can write like ug or uo or ugo. the latter one is equal to "a". The permissions can be stacked too.
- We want to give the user writing permission to forest.txt file:
chmod u+w forest.txt
- We want to give the group and owner every permission:
chmod ug+rwx forest.txt
- We can give it with numbers as well:
chmod 770 forest.txt
- Explanation of the "770":
|owner / user (u)||group (g)||others (o)|
4 means read, 2 means write, and 1 means execute.
The setuid, setgid, sticky bits:
- SETUID: We can set which user's permission can the program run, but this has security risk, so we use only if the problem can be solved by this.
- SETGID: Setting this the program can run with the group's permissions where the owner has the file, and we can set it in directories, so every file is in the particular group's ownership.
- STICKY: Turning on sticky bit indicates to the operating system that it should keep the file in the memory after execution so it can start up faster later.
- We can turn on sticky bit in the case of directories too. Anyone can add files in this folder marked with sticky bit (although their other permissions have to comply), but everyone can delete its own..