440 likes | 452 Views
CIT 500: IT Fundamentals. Users and Filesystems. Topics. Users User accounts Groups Passwords Filesystems Partitions Filesystems and files File permissions. User Accounts. Each user has their own User ID (UID) Group ID (GID) Password Home directory Access to files is determined by
E N D
CIT 500: IT Fundamentals Users and Filesystems
Topics • Users • User accounts • Groups • Passwords • Filesystems • Partitions • Filesystems and files • File permissions
User Accounts Each user has their own • User ID (UID) • Group ID (GID) • Password • Home directory Access to files is determined by • User identity: UID + GIDs • File permissions
User Types Regular users • Humans with accounts on system. • May log in via network or on console. Special users • Non-human users for specific programs, i.e. http. • Used for file permission purposes. Superuser • Admin user with UID 0 has special permissions. • Username is typically root.
/etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh waldenj:x:100:100:James Walden, faculty:/home/waldenj:/bin/bash smith:x:101:101:John Smith, student:/home/smithj:/bin/bash
Groups Users belong to one or more groups. • User always has a primary group. • User can access files accessible to any of the groups to which the user belongs. Groups contain zero or more users. • Created by the system administrator. • Some groups exist for programs like special users. • Other groups exist for human users.
/etc/group root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4: tty:x:5: disk:x:6: lp:x:7: waldenj:x:100: smithj:x:101: faculty:x:waldenj student:x:smithj
Passwords Passwords • Most common type of authentication. • Authentication binds a person to an identity. • Use passwd command to change. Attacks against passwords • Reading passwords from disk storage. • Intercepting passwords via wiretapping. • Guessing passwords.
Protecting Passwords Against disk storage attacks • Store password in secure file, /etc/shadow. • Store one-way hash of password, not password itself. • Compare hash of password entered by user with hash of password stored on disk to login. Against wiretapping • Do not send passwords over email. • Use encrypted protocols like ssh to login. Against guessing • Do not use dictionary words, birthdates, names. • Choose a long password.
User Information Commands > whoami waldenj > id uid=102(waldenj) gid=102(waldenj) groups=102(waldenj),101(faculty) > who waldenj pts/3 Sep 3 14:06 (10.10.10.18) wardj pts/5 Sep 3 11:27 (10.10.10.51) cunninghams pts/6 Sep 3 15:14 (10.10.10.11) > w 15:16:59 up 105 days, 1:06, 8 users, load average: 0.02, 0.04, 0.01 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT waldenj pts/3 10.10.10.18 14:06 0.00s 0.03s 0.01s w wardj pts/5 10.10.10.51 11:27 18:20m 0.01s 0.01s -bash cunningh pts/6 10.10.10.11 15:14 0.00s 0.01s 0.00s vi highlow.rb
Partitions and the MBR 4 primary partitions. One can be used as an extended partition, which is a link to an Extended boot record on the 1st sector of that partition. Each logical partition is described by its own EBR, which links to the next EBR.
Extended Partitions and EBRs There is only one extended partition. • It is one of the primary partitions. • It contains one or more logical partitions. • It should contain all disk space not used by the other primary partitions. EBRs contain two entries. • The first entry describes a logical partition. • The second entry points to the next EBR if there are more logical partitions after the current one.
Why Partition? • Separate OS from user files, to allow user backups + OS upgrades w/o problems. • Have a faster swap area for virtual memory. • Improve performance by keeping filesystem tables small and keeping frequently used together files close together on the disk. • Limit the effect of disk full issues, often caused by log or cache files. • Multi-boot systems with multiple OSes.
Filesystems • Filesystems are a method for organizing and storing data. Filesystems typically • Divide storage into blocks. • Provide tree-structured organization. • Filesystems • ext3fs: used on most Linux systems. • FAT: used on MS-DOS systems + flash memory. • ISO9660: used by CD-ROM and DVD-ROMs. • NTFS: used by MS Windows NT, XP, Vista.
Blocks Filesystems divide storage into uniform blocks • Blocks contain one or more disk sectors. • Filesystem tracks which blocks are used, free. Blocks store • File data • File metadata • Directories • Filesystem metadata
Paths Absolute Paths • Specify path to file from root of the tree. • Always begin with /. • ex: /bin/ls, /home/b/smithj/cit500/hw/a1.rtf Relative Paths • Specify path from current dir to file. • Never begin with /. • ex: ls, a1.rtf, ../../cit501/syl.pdf, cit500/hw/a1.rtf, ~/cit500/hw/a1.rtf, ~smithj/hw/a1.rtf
Files A described storage unit. • Description includes name(s) + other metadata. • Storage is a sequence of bytes. Metadata includes • File ownership. • File access permissions. • Timestamps (creation, modification, access.) • Location of blocks containing file data.
File Types Types indicate application to use JPEG, TIFF, PNG, GIF – image file types AVI, FLV, MKV, MPEG – video file types How do you determine the type of a file? MIME types – email attachments and web files. Magic numbers – first few bytes of a file. Suffixes – of filename, set by user so unreliable.
MIME Types Multipurpose Internet Mail Extensions • Used for e-mail attachments. • Used for all web documents. Identified by Content-Type: header. • text/plain: regular e-mail • text/html: HTML markup • multipart/mixed: text/plain + attachments • image/jpeg: JPEG image attachment • Many other formats
File Command Identifies some file types by file metadata Directories, device files, socket files, etc. Identifies most file types by magic number • Examine first few bytes of file. • Lookup in dictionary of magic numbers to types. • Returns type of file. Magic numbers are human-specified numerical constants in programs.
Directories Special file type that maps names to inodes. Names are the filenames you see with ls. Every name is a link to the inode. Inodes are disk structures that store file metadata. Every directory contains two directories . references the current directory. .. references the directory above the current directory in the filesystem tree.
Hard and Soft Links Hard Links • Maps name to inode. • Can only refer to files on same filesystem. • Diff names in diff dirs can map to same inode. • File is not deleted until all hard links deleted. Symbolic links • File that refers to another file or directory. • Contains pathname for file data. • Can point to files on other filesystems.
Hard and Soft Links Creating a hard link ln /bin/ls myls ln: creating hard link `myls' => `/bin/ls': Invalid cross-device link ln .bashrc myconfig Creating a symbolic link ln –s /bin/ls myls ln –s .bashrc myconfig
Access Control: Permissions Read • You can read the file with cat, more, etc. Write • You can modify the file with vi, OpenOffice, etc. Execute • You can run the file if it’s a program.
Access Control: Directories • Read • You can list directory contents with ls, etc. • Write • You can create new files with touch, etc. • You can delete files with rm, etc. • Execute • You can cd to the directory.
Access Control Commands Changing File Access Privileges chmod [options] octal-mode file chmod [options] symbolic file
Setting Default Permissions umask mask The access permission value on executable file or directory is computed by: file permission = 777 – mask Current Value of the mask: $ umask 777 $
Special Access Bits The Set-User-ID (SUID) Bit • Command runs with privileges of file owner when. • chmod 4xxx file-list • chmod u+s file-list The Set-Group-ID (SGID) Bit • Command runs with privileges of group owner. • chmod 2xxx file-list • chmod g+s file-list The Sticky Bit • Prevents non-owners from removing/renaming files in dir. • chmod 1xxx file-list • chmod +t file-list
Special Bits Examples SetUID Bit > ls -l /etc/passwd /usr/bin/passwd -rw-r--r-- 1 root root 1335 2005 /etc/passwd -rwsr-xr-x 1 root root 25464 2005 /usr/bin/passwd SetGID Bit > ls –l /usr/bin/wall -rwxr-sr-x 1 root tty 9784 2005 /usr/bin/wall Sticky Bit > ls -ld /var/tmp drwxrwxrwt 13 root root 4096 2005 /var/tmp
Archiving Files Archiving files stores multiple files in a single file. • Useful for transferring files across the network. • Useful for storing rarely needed files for future use. Most archives are compressed to save space/time. • Compression encodes the same information using fewer bits to save space. • Run Length Encoding (RLE) is a simple compression algorithm where repeated sequences are encoded as the sequence followed by a repetition count.
Tar Tar (Tape ARchive) is std UNIX archive format. • Originally and still used to save data to tape. • Also used to create archive files on disk. Stores directories, file data, and metadata. • Includes ownership + permissions. • Does not include extended attributes and ACLs that are supported by advanced filesystems.
Compression Common compression tools compress: obsolete, files have .Z suffix gzip: old, .gz suffix, offers ~61% bin, ~75% text bzip2: std, .bz2 suffix, offers ~64% bin, ~80% text 7zip: newer, .7z suffix, offers ~73% bin, ~81% text nanozip: newest, best compression, beta version
References • Syed Mansoor Sarwar, Robert Koretsky, Syed Ageel Sarwar, UNIX: The Textbook, 2nd edition, Addison-Wesley, 2004. • Nicholas Wells, The Complete Guide to Linux System Administration, Thomson Course Technology, 2005.