Friday, February 12, 2010

UNIX Files and Directory Permission :-

There are three types of permission in Linux & Unix like OS.

1. read
2. write
3. execute

Each file belongs to a specific user and group. Access to the files is controlled by user, group, and other. The term, other, is used to refer to someone who is not the user(owner) of the file, nor is the person a member of the group the file belongs to. To check the permission of file just run the ls -l command for directories ls -ld.

                              
                                              Figure - 1
        


Set user ID, set group ID, sticky bit:-
               In addition to the basic permissions discussed above, there are also three bits of information defined for files in unix:

              * SUID or setuid:- change user ID on execution. If setuid bit is set, when the file will be executed by a user, the process will have the same rights as the owner of the file being executed.

             * SGID or setgid:- change group ID on execution. Same as above, but inherits rights of the group of the owner of the file on execution. For directories it also may mean that when a new file is created in the directory it will inherit the group of the directory (and not of the user who created the file).

             * Sticky bit.:- It was used to trigger process to "stick" in memory after it is finished, now this usage is obsolete. Currently its use is system dependent and it is mostly used to suppress deletion of the files that belong to other users in the folder where you have "write" access to.


Umask (user file-creation mode mask):-

              The umask (user file-creation mode mask) is a four-digit octal number that UNIX uses to determine the permission for newly created file & directory the fist digit is for Set user ID, set group ID, sticky bit and the reset three digit for basic permission (rwx) . the default umask value on all unix system is 0022 to check the umask value run the umask command on terminal or console.

                                                                Figure - 2                         
                            
           To set custom umask value for a particular user edit .bash_profile inside the user home directory add a line at end of file umask [value] for all user add it on /etc/profile.


                                                                Figure - 3              
  Set (suid, sgid and sticky bit) in Umask Value:- 


                   
                                                               Figure - 4                       

Set Permission Manually:-
             To set permission manually use the chmod command. The chmod command (abbreviated from change mode) is a shell command and C language function in Unix and Unix-like environments. When executed, it can change file and directories permissions and special modes.


                                               Figure - 5                                        
there are two way to change permission using chmod  symbolic notation and  three-digit octal number.

                                                       Figure - 6 


you can also use the option mention on  Figure - 5 before [references] on  symbolic notation.
                             ex-  $chmod -R a+rwx  test

                                              Figure - 7                                                      


On  three-digit octal number the first digit for user, second digit for group  and third digit for other.On the   first example of  Figure - 7  the octal digit  777 means.
                                                    r    w     x   
                                             7 = 4 + 2 + 1      for user all permission rwx
                                             7 = 4 + 2 + 1      for group all permission rwx
                                             7 = 4 + 2 + 1      for other all permission rwx


like that on second example the octal digit is 771 means.


                                                    r    w     x   
                                             7 = 4 + 2 + 1      for user   read,write and execute permission
                                             7 = 4 + 2 + 1      for group read,write and execute permission 
                                             1 = - + - + 1       for other execute permission   

for sticky bit, sgid and suid add the octal digit on begging of  three-digit octal number. Find the octal digit for sticky bit, sgid and suid  on  Figure - 4.  On  the third example of   Figure - 7  the value is 4777  the  4 is for sticky bit and reset three digit 777 for read,write and execute permission to all.


         
UNIX ACL (Access Control Lists):-

             The main advantage of ACL (Access Control Lists) is that they can provide more  control over permissions.  UNIX provides read, write, and execute permissions for three user :  user (owner), group, and other (everybody). In this model group cannot contain other groups and there is only a single owner of the file. An ACL enabling you to add permission for a particular user that overwrite traditional model. It also enables you to define default permissions for user and group categories. There are two command to play around ACL(Access Control Lists)   getfacl  and  setfacl.

                        
 getfacl:-  
getfacl displays the file name, owner, the group, and the Access Control List (ACL). If a 
directory has a default ACL, get-facl also displays the default ACL. Non-directories can not have 
default ACLs. If getfacl is used on a file system that does not support ACLs, getfacl  displays the access permissions defined by the traditional file mode  permission bits. By default  on all unix system acl is not active, so  to active acl you need to change the /etc/fstab file just add acl after file system on the partition you  want. below i add acl on / 

      
# / was on /dev/sdb5 during installation 
         partition       mount      type                  option                                           dump     pass
        /dev/sdb5      /              ext3,acl       relatime,errors=remount-ro               0           1

command  syntax :- 

                                   $getfacl   [option]   [file or directory name]

       
   Example:  output  getfacl

             
                                                                Figure - 8

                    
      setfacl :- 
                setfacl sets Access Control Lists (ACLs) of files and directories. On the command line, a sequence of commands is followed by a sequence of files.  
     
     command  syntax :-
                                                  
                 $setfacl  [option]  [ -m | x ]  u:[username]:[permission]  [filename and directory] 
               
                 
                           -m  (--modify)  -  modify the  ACL of a file or directory.
                            -x  (--remove)  -    remove ACL enries.
                   
         
       Example:-
                          
                  $setfacl   -m u:test:rwx    test  [ to set read, write and execute to user test  ]
                    $setfacl   -x u:test:r--        test    [ to remove, write and execute for user test ]
                 $setfacl   -d -m u:test:rw-   acl    [ to set read, write for user test to directory acl ] 
                $setfacl   -d -x u:test:r--     acl    [ to remove  write permission  for user test  from directory acl ] 

Ones you conftable  with all above command's  and technique's   you should able to do all type of  advance and   basic  authenticatication on UNIX.  See the man page of all command for more option's.



Wednesday, February 10, 2010

The 15 Most Basic UNIX commands


  1. man - show manual and uses of command, uses man [command]   hit q to exit the man page. example:- man useradd 
  2. pwd - to show present working directory.
  3. useradd - to add a user, uses useradd [option] [uesrname] to assign different home directory other then /home use -d option, to add the user to a group use -g option, use -s to assign shell.  example:-useradd -d /opt/tset(home dir location) -g game(group name)  -s /bin/bash(shell name)  test(username)
  4. passwd - to set  or change password of user, uses passwd  [username]. example passwd test to set password for test user. 
  5. mkdir - to create directory, uses mkdir  [directory name]. example mkdir test  to create the test directory, mkdir  /opt/james/old/test to create the test directory inside /opt/james/old. 
  6. cd - change directory,  uses cd [location to change]example:- cd /temp
  7. ls - listing  directory, uses ls [option]  [location] . example:-  ls /etc, use ls  -l  /etc to see more detail, ls -a /etc  to see hidden file.
  8. cp - copy a file or directory,  uses cp [source]  [dest] example:-  cp /opt/a.txt  /etc/  to copy a.txt file for /opt to /etc,  if you want to copy a directory use the -R option for recursive:  cp -R /opt/Test /etc/os/  copy the Test folder from /opt to /etc. 
  9. mv - move or rename a file or directory, uses mv [source]  [dest]. example mv /usr/local/a.sh      /etc/  to move the file a.sh from /usr/local to /etc,  mv test.txt  a.txt  to rename  test.txt file to a.txt.
  10. rm - remove a file or directory,  uses rm  [file or directory name]. example: rm a.txt  to remove a.txt file  to remove a directory you may need the -R option, you can also use the -f (forcefully) option which don't ask conformation  for  each file:-  rm -Rf /dir  but don't use -f option every time.
  11. cat - to read the content inside a file, uses cat  [file name or location]. example cat a.txt  to read the a.txt file content, cat /opt/test/test.txt  to read  test.txt from /opt/test location.  
  12. tar - tape archiver, tar takes a bunch of files, and munges them into one .tar file, uses tar [option]      file.tar  [location of file or folder].  example:- tar test.tar /opt/test to tar the test folder for untar use untar file.tar  
  13. find - lists files and directories recursively with matching string, uses find [location] -name [string]. example find /opt/ -name test to list all file and directory matching string test inside /opt
  14. tail - prints the last few lines of a file, this is handy for checking log files, uses tail [option]  [file name or location]. example tail -5 ab.txt to print last five line of ab.txt file, tail -f /var/log/mail to see last 10 line of mail log file. 
  15. vi - text editor, there are several text editors such as emacs, and nano, but vi is usually installed on any server so its a good one to learn. To edit a file type vi file to edit a line press Esc i then to save changes and exit use Esc wq, or to quit without saving use Esc q!. There are a million other commands, but that will enable you to edit files at a basic level.
Once you learn these commands, and are comfortable with them, you should work all basic work on all Linux & Unix like Os .