This section introduces the Linux File System and why you have to be aware of how it works.
Files and Directories
Linux, like all other computer operating systems, maintains files within directories, but the hierachy is probably more
structured than other operating systems and is rigidly enforced.
Files and directories can be categorised as static or dynamic. The contents of static files and directories
rarely change, except when patching or installing the operating system or applications. Executable files, libraries, and
system start-up utilities are all considered to be static. Dynamic files and directories change frequently. They are
stored in a separate portion of the file system. Configuration, temporary, and user files are all considered to be
General definitions for these directories are:
||Operating System user commands.
||Operating System boot files (including kernel).
||System configuration files, such as fstab.
||Library files and directories.
||Operating System procedure files.
||Minimum commands needed to boot the system and mount other file systems.
||Operating System temporary files.
||Shareable operating system commands, libraries and documentation.
||Dynamic information such as logs and spooler files.
Files and Directory Security
With Linux, all directories and the files within them have three levels of operation and three levels of access:
The default depends on other environment variables but starts off as Read and Write for Owner and possibly Read for the Group.
This means that the security flags for a folder or file must be set correctly before you will be allowed to access them. If
you use the ls -l command you will see a list of files for the current directory, where each line begins with a
collection of -, d, l, r, x or w values, which are the security rules for each file. Apart from the first character, the others
are arranged in group of three pertaining to the owner, the group and everyone else.
-rwxrw-r-- 1 wally users 175 November 25 2004 example.txt
Changing Permissions on Folders and Files
- the first "-" indicates that it is a file; if this value was a "d" then it would be a directory (or folder)
- the next three characters "rwx" indicate that the owner, i.e. the name shown just to the right (wally), has read, write and execute/search privileges on the file
- the next three characters "rw-" indicate that the group, i.e. the name shown to the right of owner (users) has read and write privileges only on the file
- the last three characters "r--" indicate that everyone else has read only privileges
- the next value (number 1 in the above example) is the number of files - more meaningful for folders
- the next value (wally in this example) is the owner of the file as previously mentioned
- the next value (users in this example) is the group associated with the file
- the next value (175 in this example) is the size of the file in bytes
- the next value (November 25 2004 in this example) is the last modified date
- the last value (example.txt in this example) is the directory (folder) or file name
In order for users to gain access to various folders and files not created by them, it will be necessary to log on as that
user to change the permissions or simply use the root user to change them. For this you can use the chmod command, which takes
a little bit of understanding irrespective of how you use it. Probably the best way to understand it is to follow through some
command sequences using the above example.txt file.
So in summary,
- the first character indicates "who"
- Let's say we wanted to give the group execute access then we could type
chmod g+x example.txt
this says to add (+) execute (x) to the group (g) for file example.txt
- Let's try again, this time we want to remove read access from everyone else, in which case we would type
chmod o-r example.txt
this says to remove (-) read (r) from other (o) for file example.txt
- Or irrespective of what the value is at present, give read, write and execute access to the owner we could use
chmod u=rwx example.txt
- Finally to give each level the same value, we could use
chmod a=rw example.txt
where u is the owner, g is the group, o is everyone else and a is used for all,
- the second character is "the action required"
where + says add, - says remove and = says make it,
- the next group of characters can be one or more of the following,
r for read access, w for write access and x for execute/search,
- the last value is the file name or wild card name to which this applies.
There will be those out there who may prefer to use a different method which is considered to be obsolete but is still
supported, in which case it might be worth understanding that variant too. Here the various combinations of security options
are represented by a binary value made up as follows:
0400 (= u=r) Read by owner
0200 (= u=w) Write by owner
0100 (= u=x) Execute (search in directory) by owner
0040 (= g=r) Read by group
0020 (= g=w) Write by group
0010 (= g=x) Execute/search by group
0004 (= o=r) Read by others
0002 (= o=w) Write by others
0001 (= o=x) Execute/search by others
Simply add the values in each column to get the required value, for example Read by owner and Write by Owner = 4 + 2 in the
second column above, while Read by others and Execute/search by others = 4 + 1 in the fourth column. The total value for the
second, third and fourth columns is then used to express the required value, i.e. 605 in this example. If we wanted to repeat
the previous steps we type the following:
- Instead of chmod g+x example.txt we could use chmod 774 example.txt
- this effectively sets all of the values for file example.txt in one hit, so it is important to get it right.
- Similarly, instead of chmod o-r example.txt we could use chmod 760 example.txt
- Again, instead of chmod u=rwx example.txt we could use chmod 764 example.txt
- Finally, instead of chmod a=rw example.txt we could use chmod 666 example.txt
There MUST be an easier way!
Now that you know about all of the gory details, you need to know that there is an easier way. Probably the easier way to
manipulate files and folders is to use Konqueror, which is a file browser installed with KDE, and can be run from the menu
within KDE (Debian Menu > Apps > System > Konqueror. This can be run from any user, but you may need to enter the root
password to use the program. When the program runs you will be greeted by a screen with a single icon labelled Desktop.
If you click on one of the icons there using the right mouse button you will see "Properties" at the bottom of
the menu. If you select this using the left mouse button another window will appear. The General tab is displayed which
shows the file or folder name, it's size and location etc. If you click on the Permissions tab, you will see a matrix of
boxes, some of which will have x's in them corresponding to the rwx values for each level as previously discussed. If you
have the necessary permissions you can simply click on a box to turn the option on or off, and click on OK when you have
finished. There are some boxes there you probably don't understand at present, so don't fiddle with them until you do.
You have been warned! One extra box that is worth explaining though is the box at the bottom labelled "Apply changes
to all subdirectories and their contents" - this does exactly what it says and can be very useful.
More to it than Meets the Eye!
As well as this structured approach to file and folder access, Linux holds a few Aces up its sleeve, in that some folders are
restricted to root only, irrespective of what security options they have set, and these cannot be changed. Moreover some of
the more powerful commands are stored in such directories so that they can only be accessed by the root user. This means that
there are going to be times when you have to log in as the root user to execute such commands etc, for example anything stored
in an sbin directory is restricted to the root user irrespective of where it lives, although they can be executed by other
users using a pseudo login which requires the root password to be used as with kuser and konqueror above, but even then they
will not necessarily have full rights.
The next aspect we need to understand are the Text Editors.
Disclaimer: Amiga Auckland have prepared the above information for the use of its members based on our experiences
and as such is subject to revision at any time. Amiga Auckland cannot guarantee any of the information and cannot be held
accountable for any issues that may result from using it.