Exercises: Unix Bootcamp: AfNOG 2009 Cairo, Egypt
UNIX basic commands and filesystem

May 10, 2009

 
Exercises

  1. Practice with basic filesystem and user commands
  2. File and directory permissions

Note: The "#" and "$" characters before commands represents your system prompt and is not part of the command itself. "#" indicates a command issued as root while "$" indicates a command issued as a normal user.

 

1.) Practice with basic filesystem commands [Top]

Be careful in this exercise. Running as root (the Unix administrative account) means that you can easily damage your system, so we ask that you log out of your root account and log in as your own user account instead.

To logout, type

# exit

If you are unsure of how to proceed ask your instructor or assistants for help before continuing.

The first command that we are going to use is man, this is short for "man"ual. Read about each command to see the range of options that exist.

Many of the basic commands we'll be practicing are built in as part of your shell environment (that is you won't find a binary/program file for cd). To read about commands like cp, cd, ls, mv, rm in more detail you can just type:

$ man builtin
And, for a command like ls you can type:
$ man ls
And, even for a built-in command you can just type "man commandName", or something like:
$ man cd
and this will open the "builtin" man page for you.

If you have problems exiting from "man" press the "q" key. Also, you can use the keyboard arrows to move around in the descriptions.

As we move around directories an extremely useful command is pwd, which return the working directory name you are in. So, if you get lost just type:

$ pwd

We'll do this from time to time as we use directory commands.

Simplified Map of Unix Directory Tree 


/                  ("root directory")
/etc               (contains configuration files)
/etc/rc.d          (contains system startup scripts)
/root              (user root's home directory)
/tmp               (place to store TeMPorary files)
/usr               (contains the majority of user utilities, applications, home directories)
/usr/home          (home directories for users on the system*)
/usr/local/etc     (contains third-party configuration files and startup scripts*)
/var               (multi-purpose log, temporary, transient, and spool files location)

*Different from Linux

For details on the (almost) complete directory tree under Unix/Lunx type "man hier"

Command Glossary 


cd                 Change Directory
ls                 LiSt files
mkdir              MaKe DIRectory
mv                 MoVe files
pwd                Print Working Directory
rm                 ReMove files
rmdir              ReMove DIRectory
touch              Update date on file/Create new empty file if none exists

Note: There are some special files on UNIX, which are '.' and '..':

Now we are ready to practice a bit with the commands:

$ cd /
$ pwd
$ ls
$ ls -la
$ cd /tmp
$ cd ..
$ pwd
$ cd tmp
What's going on here? If you don't understand, ask.

$ cd       (take you back to your home directory)
$ pwd
$ touch text.txt
$ cp text.txt new.txt
$ mv text.txt new.txt
What's happening now? If prompted to overwrite, respond "y". Note that "inst" is the name of the user account you created in the first exercise.

Now watch what happens if you try to copy a file on itself.

$ cp new.txt /home/inst/.
$ cd ../../home/inst
$ pwd       (where are you now?)
$ cd       (to return to our home directory)
$ cp new.txt new.txt.bak
The tab key makes life much easier. Now type:
$ cd
$ mkdir tmp
$ mv new.* tmp/.
$ ls
Finally, we are going to remove the directory that contains the two archives.
$ cd tmp
$ ls
$ rm *
$ cd ..
$ rmdir tmp
You can force this using a command like this:
$ rm -rf tmp
The use of "rm -rf" is very dangerous!, and, naturally, very useful. For example, if you are "root" and you type "rm -rf /*" this would be the end of your server. This commands says "remove, forcibly and recursively, everything" - Or, if you start in the root directory (/), remove all files and directories without asking on the entire server. If you want to use "rm -rf *" always take a deep breath and check where you are first (really, do this!):
$ pwd
First this says in what directory you are. If you are mistaken, then you have the opportunity to not remove files that you might really need.

 

2.) File and directory permissions* [Top]

*Reference: Shah, Steve, "Linux Administration: A Beginner's Guide", 2nd. ed., Osborne press, New York, NY.

If you look at files in a directory using "ls -al" you will see the permissions for each file and directories. Here is an example: 

drwxrwxr-x    3 hervey   hervey       4096 Feb 25 09:49 directory
-rwxr--r--   12 hervey   hervey       4096 Feb 16 05:02 file

The left column is important. You can view it like this: 

Type User    Group World Links  owner  group  size   date   hour  name
d    rwx     rwx   r-x   3      hervey hervey 4096   Feb 25 09:49 directory
-    rwx     r     r     12     hervey hervey 4096   Feb 16 05:02 file

So, the directory has r (read), w (write), x (execute) access for the user and group. For world it has r (read) and x (execute) access. The file has read/write/execute access for the world and read only access for everyone else (group and world).

To change permissions you use the "chmod" command. chmod uses a base eight (octal) system to configure permsissions. Or, you can use an alternate form to specify permissions by column (user/group/world) at a time.

Permissions have values like this: 

Letter  Permission   Value

R       read         4
W       write        2
X       execute      1

Thus you can give permissions to a file using the sum of the values for each permssion you wish to give for each column. Here is an example: 

Letter  Permission                   Value

---     none                         0
r--     read only                    4
rw-     read and write               6
rwx     read, write, and execute     7
r-x     read and execute             5
--x     Execute                      1

This is just one column. Thus, to give all the combinations you have a table like this: 

Permissions  Numeric      Description
             equivalent  

-rw-------   600          Owner has read & execute permission.
-rw-r--r--   644          Owner has read & execute.
                          Group and world has read permission.
-rw-rw-rw-   666          Everyone (owner, group, world) has read & write
                          permission (dangerous?)
-rwx------   700          Onwer has read, write, & execute permission.
-rwxr-xr-x   755          Owner has read, write, & execute permission.
                          Rest of the world has read & execute permission
                          (typical for web pages or 644).
-rwxrwxrwx   777          Everyone has full access (read, write, execute).
-rwx--x--x   711          Owner has read, write, execute permission.
                          Group and world have execute permission.
drwx------   700          Owner only has access to this directory.
                          Directories require execute permission to access.
drwxr-xr-x   755          Owner has full access to directory. Everyone else
                          can see the directory.
drwx--x--x   711          Everyone can list files in the directory, but group
                          and world need to know a filename to do this.

Now lets practice changing permissions to see how this really works. As a normal user (i.e. don't login as root) do the following:

$ cd (what does the "cd" command do when you do this?)
$ echo "test file" > read.txt
$ chmod 444 read.txt
In spite of the fact that the file does not have write permission for the owner, the owner can still change the file's permissions so that they can make it possible to write to it:
$ chmod 744 read.txt
Or, you can do this by using this form of chmod:
$ chmod u+w read.txt
The forms of chmod, to add permissions, if you don't use octal numbers are:

$ chmod u+r, chmod u+w, chmod u+x
$ chmod g+r, chmod g+w, chmod g+x
$ chmod a+r, chmod a+w, chmod a+x

Note that "a+r" is for world access. The "a" is for "all", "u" is for "user", and "g" is for "group".

Now, change the file so that the owner cannot read it, but they can write to the file. Prove that this really happened:

$ chmod u-r read.txt
$ cat read.txt
What happened. Now do this:
$ chmod 444 read.txt
$ cat read.txt
You probably noticed that you can use the "-" (minus) sign to remove permissions from a file.

A UNIX Permissions "Gotcha"

If a directory has the World or Group write flag set, and contains a file that is only writeable by the owner, then a member of either the Group or World (everyone) can still make changes to the file. Here's an example of how (become root to do this):

# mkdir /tmp/test
# echo "example text" > /tmp/test/example.txt
# chmod 644 /tmp/test/example.txt
# chmod a+w /tmp/test
# su - userid
$ cp /tmp/test/example.txt .
$ echo "add more text to file" >> example.txt
$ mv example.txt /tmp/test/example.txt
You will receive the following prompt: 
override rw-r--r--  root/wheel for /tmp/test/example.txt? (y/n [n])
If you press "y" and ENTER, then your version of the file will now overwrite the read only version of the file owned by root in the /tmp/test directory. This is because write permission has been enabled for World on the /tmp/test directory. Thus, you have permission to mv (i.e. rename) a file of the same name to this directory. This result may seem surprising. If you do:
$ ls -al /tmp/test
You will see that your userid now owns the file. The root user no longer owns the file. So, using this trick is pretty obvious, unless, of course, you set things back to the way they were using the chown command.

[Return to Top]

Last modified: Sat May 9 18:46:17 EEST 2009