CIT 500: IT Fundamentals

Users and Filesystems

1

Topics

1. Users1. User accounts2. Groups3. Passwords

2. Filesystems1. Partitions2. Filesystems and files3. File permissions

2

User Accounts

Each user has their own– User ID (UID)– Group ID (GID)– Password– Home directory

Access to files is determined by– User identity: UID + GIDs– File permissions

3

User Types

Regular users– Humans with accounts on system.– May log in via network or on console.

Special users– Non-human users for specific programs, i.e. http.– Used for file permission purposes.

Superuser– Admin user with UID 0 has special permissions.– Username is typically root.

4

/etc/passwdroot:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shwaldenj:x:100:100:James Walden, faculty:/home/waldenj:/bin/bashsmith:x:101:101:John Smith, student:/home/smithj:/bin/bash

5

Groups

Users belong to one or more groups.– User always has a primary group.– User can access files accessible to any of the

groups to which the user belongs.

Groups contain zero or more users.– Created by the system administrator.– Some groups exist for programs like special users.– Other groups exist for human users.

6

/etc/grouproot:x:0:

daemon:x:1:

bin:x:2:

sys:x:3:

adm:x:4:

tty:x:5:

disk:x:6:

lp:x:7:

waldenj:x:100:

smithj:x:101:

faculty:x:waldenj

student:x:smithj

7

Passwords

Passwords– Most common type of authentication.– Authentication binds a person to an identity.– Use passwd command to change.

Attacks against passwords– Reading passwords from disk storage.– Intercepting passwords via wiretapping.– Guessing passwords.

8

Protecting Passwords

Against disk storage attacks– Store password in secure file, /etc/shadow.– Store one-way hash of password, not password itself.– Compare hash of password entered by user with hash of

password stored on disk to login.

Against wiretapping– Do not send passwords over email.– Use encrypted protocols like ssh to login.

Against guessing– Do not use dictionary words, birthdates, names.– Choose a long password.

9

User Information Commands> whoamiwaldenj> iduid=102(waldenj) gid=102(waldenj) groups=102(waldenj),101(faculty)> whowaldenj pts/3 Sep 3 14:06 (10.10.10.18)wardj pts/5 Sep 3 11:27 (10.10.10.51)cunninghams pts/6 Sep 3 15:14 (10.10.10.11)> w 15:16:59 up 105 days, 1:06, 8 users, load average: 0.02, 0.04, 0.01USER TTY FROM LOGIN@ IDLE JCPU PCPU WHATwaldenj pts/3 10.10.10.18 14:06 0.00s 0.03s 0.01s wwardj pts/5 10.10.10.51 11:27 18:20m 0.01s 0.01s -bashcunningh pts/6 10.10.10.11 15:14 0.00s 0.01s 0.00s vi highlow.rb

10

Partitions and the MBR4 primary partitions.

One can be used as an extended partition, which is a link to an Extended boot record on the 1st sector of that partition.

Each logical partition is described by its own EBR, which links to the next EBR.

11

Extended Partitions and EBRsThere is only one extended partition.– It is one of the primary partitions.– It contains one or more logical partitions.– It should contain all disk space not used by the

other primary partitions.

EBRs contain two entries.– The first entry describes a logical partition.– The second entry points to the next EBR if there

are more logical partitions after the current one.

12

Why Partition?

1. Separate OS from user files, to allow user backups + OS upgrades w/o problems.

2. Have a faster swap area for virtual memory.3. Improve performance by keeping filesystem tables

small and keeping frequently used together files close together on the disk.

4. Limit the effect of disk full issues, often caused by log or cache files.

5. Multi-boot systems with multiple OSes.

13

Filesystems

• Filesystems are a method for organizing and storing data. Filesystems typically– Divide storage into blocks.– Provide tree-structured organization.

• Filesystems– ext3fs: used on most Linux systems.– FAT: used on MS-DOS systems + flash memory.– ISO9660: used by CD-ROM and DVD-ROMs.– NTFS: used by MS Windows NT, XP, Vista.

14

Blocks

Filesystems divide storage into uniform blocks– Blocks contain one or more disk sectors.– Filesystem tracks which blocks are used, free.

Blocks store– File data– File metadata– Directories– Filesystem metadata

15

UNIX File System Structure

Slide #16

Paths

Absolute Paths– Specify path to file from root of the tree.– Always begin with /.– ex: /bin/ls, /home/b/smithj/cit500/hw/a1.rtf

Relative Paths– Specify path from current dir to file.– Never begin with /.– ex: ls, a1.rtf, ../../cit501/syl.pdf, cit500/hw/a1.rtf,

~/cit500/hw/a1.rtf, ~smithj/hw/a1.rtf17

Files

A described storage unit.– Description includes name(s) + other metadata.– Storage is a sequence of bytes.

Metadata includes– File ownership.– File access permissions.– Timestamps (creation, modification, access.)– Location of blocks containing file data.

18

File Types

Types indicate application to useJPEG, TIFF, PNG, GIF – image file typesAVI, FLV, MKV, MPEG – video file types

How do you determine the type of a file?MIME types – email attachments and web files.Magic numbers – first few bytes of a file.Suffixes – of filename, set by user so unreliable.

19

MIME Types

Multipurpose Internet Mail Extensions– Used for e-mail attachments.– Used for all web documents.

Identified by Content-Type: header.– text/plain: regular e-mail– text/html: HTML markup– multipart/mixed: text/plain + attachments– image/jpeg: JPEG image attachment– Many other formats

20

File Command

Identifies some file types by file metadataDirectories, device files, socket files, etc.

Identifies most file types by magic number1.Examine first few bytes of file.2.Lookup in dictionary of magic numbers to types.3.Returns type of file.

Magic numbers are human-specified numerical constants in programs.

21

Directories

Special file type that maps names to inodes.Names are the filenames you see with ls.Every name is a link to the inode.Inodes are disk structures that store file metadata.

Every directory contains two directories. references the current directory... references the directory above the current

directory in the filesystem tree.

22

File Storage in UNIX

Slide #23

Inode Block Addressing

Slide #24

Hard and Soft Links

Hard Links– Maps name to inode.– Can only refer to files on same filesystem.– Diff names in diff dirs can map to same inode.– File is not deleted until all hard links deleted.

Symbolic links– File that refers to another file or directory.– Contains pathname for file data.– Can point to files on other filesystems.

25

Hard and Soft Links

Creating a hard linkln /bin/ls myls

ln: creating hard link `myls' => `/bin/ls': Invalid cross-device link

ln .bashrc myconfig

Creating a symbolic linkln –s /bin/ls myls

ln –s .bashrc myconfig

26

Access Control: PermissionsRead– You can read the file with cat, more, etc.

Write– You can modify the file with vi, OpenOffice, etc.

Execute– You can run the file if it’s a program.

27

Three Sets of Permissions

Slide #28

Access Control: Directories• Read– You can list directory contents with ls, etc.

• Write– You can create new files with touch, etc.– You can delete files with rm, etc.

• Execute– You can cd to the directory.

29

Octal Codes for Permissions

Slide #30

Access Control Interpretation

Slide #31

Access Control Commands

Changing File Access Privilegeschmod [options] octal-mode filechmod [options] symbolic file

Slide #32

Examples of chmod

Slide #33

More chmod Examples

Slide #34

More chmod Examples

Slide #35

More chmod Examples

Slide #36

umask mask The access permission value on executable

file or directory is computed by:file permission = 777 –

mask

Current Value of the mask:$ umask

777

$

Setting Default Permissions

37

Special Access Bits

The Set-User-ID (SUID) Bit– Command runs with privileges of file owner when.– chmod 4xxx file-list– chmod u+s file-list

The Set-Group-ID (SGID) Bit– Command runs with privileges of group owner.– chmod 2xxx file-list– chmod g+s file-list

The Sticky Bit– Prevents non-owners from removing/renaming files in dir.– chmod 1xxx file-list– chmod +t file-list

38

Special Bits ExamplesSetUID Bit> ls -l /etc/passwd /usr/bin/passwd

-rw-r--r-- 1 root root 1335 2005 /etc/passwd

-rwsr-xr-x 1 root root 25464 2005 /usr/bin/passwd

SetGID Bit> ls –l /usr/bin/wall

-rwxr-sr-x 1 root tty 9784 2005 /usr/bin/wall

Sticky Bit> ls -ld /var/tmp

drwxrwxrwt 13 root root 4096 2005 /var/tmp

39

Archiving Files

Archiving files stores multiple files in a single file.– Useful for transferring files across the network.– Useful for storing rarely needed files for future use.

Most archives are compressed to save space/time.– Compression encodes the same information using fewer

bits to save space.– Run Length Encoding (RLE) is a simple compression

algorithm where repeated sequences are encoded as the sequence followed by a repetition count.

40

Tar

Tar (Tape ARchive) is std UNIX archive format.– Originally and still used to save data to tape.– Also used to create archive files on disk.

Stores directories, file data, and metadata.– Includes ownership + permissions.– Does not include extended attributes and ACLs

that are supported by advanced filesystems.

41

Compression

Common compression toolscompress: obsolete, files have .Z suffixgzip: old, .gz suffix, offers ~61% bin, ~75% textbzip2: std, .bz2 suffix, offers ~64% bin, ~80% text7zip: newer, .7z suffix, offers ~73% bin, ~81% textnanozip: newest, best compression, beta version

42

References

1. Syed Mansoor Sarwar, Robert Koretsky, Syed Ageel Sarwar, UNIX: The Textbook, 2nd edition, Addison-Wesley, 2004.

2. Nicholas Wells, The Complete Guide to Linux System Administration, Thomson Course Technology, 2005.

43