Module 18
Special Directories and Files
Exam Objective 5.4 Special Directories and Files
Objective Description
Special directories and files on a Linux system including special permissions.
Special Permissions
Setuid Permissions
¡ñ This permission is set on system utilities so they can be run by normal users, but executed with the permissions of root.
¡ñ Gives access to system files that a normal user doesn¡¯t have access to.
¡ñ For example, the user sysadmin attempts to view the contents of the /etc/shadow file:
sysadmin@localhost:~$ more /etc/shadow /etc/shadow: Permission denied
¡ñ How is a regular user able to modify the /etc/shadow file when executing the passwd command?
¡ñ The command has the special setuid permission:
passwd
sysadmin@localhost:~$ ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 31768 Jan 28 2010 /usr/bin/passwd
Setuid Permissions
¡ñ The setuid permission is represented by an s character in user execute permissions. -rwsr-xr-x 1 root root 31768 Jan 28 2010 /usr/bin/passwd
¡ñ An uppercase S means that only the setuid is set and not the user execute permission. -rwSr-xr-x 1 root root 31768 Jan 28 2010 /usr/bin/passwd
Setuid Permissions
¡ñ Special permissions can be set with the chmod command, using either the symbolic and octal methods.
¡ñ To add the setuid permission symbolically, run: chmod u+s file
¡ñ To add the setuid permission numerically, add 4000 to the file’s existing permissions (assume the file below originally had 775 for its permission):
chmod 4775 file
¡ñ To remove the setuid permission symbolically, run: chmod u-s file
¡ñ To remove the setuid permission numerically, subtract 4000 from the file’s existing permissions: chmod 0775 file
Setgid Permissions On a File
¡ñ The setgid permission is similar to setuid, but for group permissions.
¡ñ There are two types of setgid permissions; setgid on files and setgid on directories
¡ñ Setgid on a file allows user to run executable binary file by providing temporary group access.
¡ð Represented by s in group permissions: -rwxr-sr-x
¡ð Consider the usr/bin/wall command file group ownership:
-rwxr-sr- 10996 Jul 19 2011 /usr/bin/wall
¡ð This executable file is owned by the tty group, when a user executes this command they will be able to access files that are group owned by the tty group.
x. 1 root
tty
Setgid Permissions On a Directory
¡ñ Setgid on a directory causes files created in the directory to automatically be owned by the group that owns the directory.
¡ñ Remember: Normally, new files are group owned by the primary group of the user who created the file.
¡ñ If a directory is setgid, any directories created within that directory will inherit the setgid permission.
¡ñ To view permissions information on a directory use ls -ld filename.
¡ñ There are two ways the setuid permission can be set:
¡ð A lowercase s (drwxrwsrwx) means that both setgid and group execute permissions are set.
¡ð An uppercase S (drwxrwSr-x)means that only setgid and not group execute permission is set
Setgid Permissions On a Directory
¡ñ To add the setgid permission on a directory symbolically use: chmod g+s
¡ñ To add the setgid permission numerically, add 2000 to the file’s existing permissions (assume the file below originally had 775 for its permission):
chmod 2775
¡ñ To remove the setgid permission symbolically: chmod g-s
¡ñ To remove the setgid permission numerically, subtract 2000 from the file’s existing permissions:
chmod 0775
Sticky Bit Permission
¡ñ The sticky bit permission allows for files in a directory to be shared but only owner of file or root can delete.
¡ñ Without this permission, users would be able to delete any files in this directory, including those that belong to other users.
¡ñ Sticky bit permission is displayed as a t in the execute part of other¡¯s permissions:
¡ð Lowercase t means both sticky bit and execute is set.
¡ð Uppercase T means only sticky bit is set.
drwxrwxrw
t
Sticky Bit Permission
¡ñ To add the sticky bit permission symbolically use: chmod o+t
¡ñ To add sticky bit permission numerically, add 1000 to the directory¡¯s existing permissions (assume the directory below originally had 775 for its permission):
chmod 1775
¡ñ To remove sticky bit permission symbolically: chmod o-t
¡ñ To remove the setgid permission numerically, subtract 1000 from the directory¡¯s existing permissions:
chmod 0775
Links
Hard Links and Symbolic Links
¡ñ There are files that reside deep in the file system and have long pathnames.
/usr/share/doc/superbigsoftwarepackage/data/2013/october/tenth/valuable- information.txt
¡ñ Some files cannot be copied into another directory because other users update the file.
¡ñ You can create a file that will be linked to the one that is “deeply buried” and place the link in your directory.
Creating Hard Links
¡ñ Every file on a partition has a unique identification number called an inode number.
¡ñ To display the inode number of a file, use the ls -i command.
sysadmin@localhost:~$ ls -i /tmp/file.txt 215220874 /tmp/file.txt
¡ñ Hard links are two file names that point to the same inode. Take the passwd and mypasswd file names:
File Name Inode Number
Passwd
123
Mypasswd
123
¡ñ You can access the file data using either name because they have the same inode number.
Creating Hard Links
¡ñ You can view the link count number of a file by executing the ls -li command:
sysadmin@localhost:~$ ls -li file.*
278772 -rw-rw-r–. 1 sysadmin sysadmin 5 Oct 25 15:42 file.original
¡ñ To create a hard link, use the ln command with two arguments: ln target link_name
¡ñ When a hard link is created, the link count will increase by one:
sysadmin@localhost:~$ ln file.original file.hard.1 sysadmin@localhost:~$ ls -li file.*
278772 -rw-rw-r–. 2 sysadmin sysadmin 5 Oct 25 15:53 file.hard.1 278772 -rw-rw-r–. 2 sysadmin sysadmin 5 Oct 25 15:53 file.original
Creating a Symbolic Link
¡ñ A symbolic link, also called a soft link, is a file that points to another file. Take the /etc directory for example:
sysadmin@localhost:~$ ls -l /etc/grub.conf
lrwxrwxrwx. 1 root root 22 Feb 15 2011 /etc/grub.conf -> ../boot/grub/grub.conf
¡ñ In the above example, the file /etc/grub.conf “points to” the ../boot/grub/grub.conf file.
¡ñ To create a symbolic link, use the -s option with the ln command:
sysadmin@localhost:~$ ln -s /etc/passwd mypasswd
sysadmin@localhost:~$ ls -l mypasswd
lrwxrwxrwx. 1 sysadmin sysadmin 11 Oct 31 13:17 mypasswd -> /etc/passwd
Comparing Hard and Symbolic Links
¡ñ Although they have the same result, each produces different results and have advantages and disadvantages.
¡ñ Hard Links vs Soft Links Advantages
¡ð Hard Link Advantage: If there are multiple files with the same hard link, deleting any four of these files would not result in deleting the actual file contents. With a soft link; if the original file is removed, then any files linked to it, will fail.
¡ð Soft Link Advantage: Soft links are easier to see.
¡ð Soft Link Advantage: Soft links can link to any file because it uses a pathname. Hard links cannot be created that attempt to cross file systems because each file system has a unique set of inodes.
¡ð Soft Link Advantage: Soft links can link to a directory.
File Locations
Filesystem Hierarchy Standard
¡ñ The Filesystem Hierarchy Standard (FHS) is a set of guidelines for Linux directories and their contents.
¡ñ The FHS standard categorizes each system directory in a couple of ways:
¡ð A directory can be categorized as either shareable or not, meaning if the directory could be shared on a
network and used by multiple machines.
¡ð The directory is put into a category of having either static files (file contents won’t change) or variable files (file contents can change).
Not Shareable Variable /var/lock
Static /etc
Shareable
/var/mail
/opt
Organization Within the Filesystem
¡ñ The following provides a generalized description of the layout of directories as they actually exist on a typical Linux distribution.
¡ð User home directory: The /home directory will typically have a directory underneath it for each user account (i.e., /home/bob).
¡ð Binary directories: Contain programs that users and admins execute to start processes or applications.
¡ð Software application directories: Applications in Linux may have their files in multiple directories
spread throughout the the Linux filesystem.
¡ð Library directories: Libraries are files which contain code that is shared between multiple programs.
Most library file names will end in a file extension of .so, which means shared object.
¡ð Variable data directories: The /var directory and many of its subdirectories can contain data that will change frequently (i.e., /var/mail and /var/log).