Bài giảng Quản trị Linux: Basic system administration - Đặng Thanh Bình

Bài giảng Quản trị Linux: Basic system administration. Chương này trình bày những nội dung chính sau: File and directory management, linking files, file and directory permissions, sudoers. Mời các bạn cùng tham khảo để biết thêm các nội dung chi tiết.

Đặng Thanh Bình

Basic System Administration

Contents

• File and Directory management

– ls, cd, pwd, mkdir, mv cp, rm, rmdir, locate, find, grep

– touch, cat

– Recursive and interactive modes

– PATH variable, which command

• Linking Files

• File and directory permissions

• sudoers

FILE AND DIRECTORY MANAGEMENT

The Linux Directory Structure

• Directory: Used to organize other files into a logical tree structure

– Stored in a filesystem of a specific partition in the hard disk

• Root: The top level directory

– Referred to using the / character

• Forms root of a hierarchical tree

The Linux Directory Structure

• The Windows file system structure

File Types

• 4 basic file types

– Normal files (program, text, library, …)

– Directory

– Special files (device, socket, pipe, …)

– Symbolic links (symlinks)

• Absolute pathname: starts with “/”

• Relative pathname: DOES not start with a

“/”

• Special pathnames:

• – parent directory

• – current directory

Changing Directories

• Home directory: unique to each user

– ~ metacharacter used to refer to home directory

• pwd (print working directory) command: displays current directory in the directory tree

• cd (change directory) command: change the current directory in the directory tree

– Argument specifies the destination directory

– cd: go to user’s home directory

– cd PATHNAME

Listing Files

• ls command: List the files in a directory

• May pass an argument indicating the directory to be listed

– –F option: Argument to indicate file types

– –l option: Argument to list long file listings

Long listing for each file

components

• File type character

• List of permissions (mode

Listing Files

Listing Files

Creating Files

• touch command: creat an empty file

– touch FILENAME

– touch FILE1 FILE2

• cat command: display and/or edit file content

– -n option: displays line number and contents

– cat FILENAME

– cat > FILENAME (use Ctrl-D to finish)

Viewing Text Files

• tac command: displays contents of a text file

in reverse order

• head command: view first ten lines of a file

• tail command: view last ten lines of a file

• For head and tail commands

– Line count includes blank lines

– Can provide numeric option to specify the number of lines to be displayed (e.g., head -2 filename)

Viewing Text Files

• more command: displays text files

page-by-page

– Pressing Spacebar displays the next page

– Pressing Enter displays the next line

• less command: same as more command,

but can also use cursor to scroll

• Interaction with more and less:

– pressing h key gets Help screen

– pressing q key quits more and less commands

Viewing Text Files

• more and less can be used with output of

other commands

• If output is too large to fit on terminal screen, use “|” metacharacter and more or less command

– e.g., ls -l | more

Displaying the Contents of Binary Files

• strings command: searches for and displays text characters in a binary file

– Might indicate purpose of binary file

• od command: displays contents of file in

octal format (numeric base 8 format)

– -x option displays contents of the file in hexadecimal format (numeric base 16 format)

Managing Files and Directories

• mkdir command: creates new directories

– Arguments specify directory’s absolute or relative pathname

• mv command: moves files

– Minimum of two arguments:

• Source file/directory (may specify multiple sources)

• Target file/directory – Pathnames can be absolute or relative

– For multiple files, can use wildcards in pathname – Also used to rename files or directories

Managing Files and Directories

• cp command: copies files

– Same arguments as the mv command – Also used to make copies of files

Managing Files and Directories

• Recursive: referring to itself and its own contents

– Recursive copy command copies the directory and all subdirectories and contents

– Recursive search includes all subdirectories in a directory and their contents

Managing Files and Directories

• rm command: Removes files

– Arguments are a list of files

– Can use wildcards

– Interactive mode by default

– Use -f option to override

Managing Files and Directories

• rmdir command: removes directories

– Arguments are a list of files

– Can use wildcards

– Interactive mode by default

– Use -f option to override

– Cannot be used to remove directory full of files

• To delete directory and all its contents (subdirectories and files), use rm –r

command

Finding Files

• locate command: Search for files on system

– Receives full or partial filename as argument

– Uses premade indexed database of all files on system

• To update the database use updatedb command – Information returned may not fit on screen

• Use with more or less commands

• e.g., find /root –name project

– If using wildcard metacharacters, ensure that they are interpreted by the find command

• Place wildcards in quotation marks

– To reduce search time, specify subdirectory to be searched

Finding Files

• Common criteria used with find command

Finding Files

• Common criteria used with the find command

Finding Files

• PATH variable: lists directories on system

where executable files are located

– Allows executable files to be run without specifying absolute or relative path

• which command: search for an executable

file

– Searches the PATH variable

– If the file is not found, lists the directories that were searched

Searching for Text Within Files

• Text tools: commands that search for and manipulate text

• Regular expressions (regexp): text wildcards that ease the search for specific text

– Match patterns of text within a text document

– Used by many text tools and programming languages

– Including grep, emacs, C++, PERL, and many more

Searching for Text Within Files

• Regular Expressions

– Different from wildcard metacharacters

• Wildcard metacharacters interpreted by shell; regexps interpreted by text tools

• Wildcard metacharacters match characters in filenames; regexps match characters within text files

• Wildcard metacharacters have different definitions that regexps

• More regexps than wildcard metacharacters – Regular expressions are divided into common regexps and extended regexps

Searching for Text Within Files

• Regular Expressions

Searching for Text Within Files

• grep (global regular expression print) command: displays lines in a text file that match common regexps

• egrep command: displays lines in a text file that match extended regexps

– Can be written as grep -E

• fgrep command: does not interpret any regular expressions

– Returns results much faster than egrep

– Can be written as grep -F

Searching for Text Within Files

• grep requires two arguments

– Text to search for

• Can use regular expressions

– Files in which to search

• grep is case sensitive

– For case-insensitive search, use –i option

• grep matches patterns of text, ignoring division into words

• To search only for occurrences of a word, surround it by space characters

LINKING FILES

What is an INODE?

• Inodes store information about files and folders, such as file ownership, access mode (read, write, execute permissions), and file type.

– Fixed number of inodes per file system

– Inodes do not contain file names, only file metadata.

• Use df -i to see inode usage

• Use ls -i to determine a filenames inode number

• WARNING: You can use up all of a filesystems inodes without using all of the storage space on the disk it resides.

– The inode table: consists of several inodes, each

of which describes a file or directory

• Unique inode number, file size, data block locations, last date modified, permissions, and ownership

– Data blocks: Data making up contents of a file

Linking Files

• Hard linked files share the same inode and inode number

– Must reside on the same filesystem

• To remove hard linked files, delete one of the linked files

– Reduces the link count for the file

Linking Files

• The structure of hard linked files

Linking Files

• Symbolic linked files do not share the same inode and inode number with their target file

• Symbolic linked file is a pointer to the target file

– Data blocks in the linked file contain only a pathname for the target file

• Linked file and target file have different sizes

– Editing symbolic linked file actually edits the target file

• If the target file is deleted, symbolic link serves

no function

Linking Files

• The structure of symbolically linked files

• Existing file to link

• Target file to create as a link to existing file

– Use –s option to create symbolic link

– Arguments can be relative or absolute pathnames

FILE AND DIRECTORY

PERMISSIONS

File and Directory Permissions

• All users must login with a username and password

• Users identified by username and group memberships

• Access to resources depends on username and group membership

• Must have required permissions

File and Directory Ownership

• Primary group: user’s default group

• During file creation, file’s owner and group owner set to user’s username and primary group

– Same for directory creation

• whoami command: view current user name

• groups command: view group memberships

and primary group

• touch command: create an empty file

File and Directory Ownership

• chown (change owner) command: change

ownership of a file or directory

– Two arguments:

• New owner

• File to change

– Can use –R option for contents of directory

• chgrp (change group) command: change

group owner of a file or directory

– Same arguments and options as for chown

command

File and Directory Permissions

• Mode: inode section that stores permissions

• Three sections, based on the user(s) that receive the permission:

– User permissions: owner

– Group permissions: group owner

– Other permissions: everyone on system

• Three regular permissions may be assigned to each user:

– Read

– Write

Interpreting the Mode

Interpreting the Mode

• User: refers to owner of a file or directory

• Owner: refers to users with ability to change permissions on a file or directory

• Other: refers to all users on system

• Permissions are not additive

Interpreting Permissions

Changing Permissions

• chmod (change mode) command: change mode (permissions) of files or directories

– Two arguments at minimum

• Criteria used to change permissions

• Filenames to change

• Permissions stored in a file’s or a directory’s inode as binary powers of two

Changing Permissions

Changing Permissions

• umask : find what the current umask is

• umask –S: display the umask expressed symbolically rather than in octal form

• umask u=rwx,g=rx,o=rx is equivalent to

umask 022

Default Permissions

Default Permissions

• Performing a umask 022 calculation

Default Permissions

• Performing a umask 007 calculation

Special Permissions

• Three more optional special permissions for files and directories

– SUID (Set User ID)

– SGID (Set Group ID)

– Sticky bit

– Only applicable to binary compiled programs

• Cannot be used on shell scripts – Excample:

• chmod u+s file1.txt

• chmod 4 750 file1.txt

Special Permissions

• SGID

– Applicable to files and directories

– If set on a file, user who executes the file becomes member of the file’s group during execution

– If a user creates a file in a directory with SGID set, the file’s group owner is set to be the directory’s group owner and not the user’s primary group

– Example:

• chmod g+s file1.txt

• chmod 2 750 file1.txt

Special Permissions

• Sticky bit

– Previously used to lock files in memory

– Currently only applicable to directories

– Ensures that a user can only delete his/her own files when given write permissions in a directory – Example

• chmod o+t /opt/dump/ or chmod +t /opt/dump/

• chmod 1 757 /opt/dump/

Setting Special Permissions

• Special permissions require execute

• Mask the execute permission when displayed by the ls –l command

• May be set even if file or directory does not have execute permission

– Indicating letter in the mode will be capitalized

• Add special permissions via chmod command

– Add an extra digit at front of permissions argument

Setting Special Permissions

• Representing special permissions in the mode

Setting Special Permissions

• Representing special permissions in the absence of the execute permissions

Setting Special Permissions

• Numeric representation of regular and special permissions

SUDOERS

How To Obtain Root Privileges

• Login as root

• Use “su” to become root

• Use “sudo” to execute commands as root

/etc/sudoers file

• The /etc/sudoers file controls

– who can run what commands as what

users on what machines

– special things such as whether you need a password for particular commands

• The file is composed

– aliases (basically variables) and

– user specifications (which control who can run what)

where Alias_Type is one of 4 types above

• Use semicolon as separator

– Alias_Type NAME1 = item1, item2 : NAME2 =  item3 

• There are also built in aliases called ALL which match everything where they are used.

 User_Alias LIMITED_USERS = USERS, !WEBMASTERS, !ADMINS

 # but I think this method is clearer.

• user list is a list of users or a user alias

• host list is a list of hosts or a host alias

• operator list is a list of users they must be running as

• command list is a list of commands or a cmnd alias.

• tag list allows you set special things

– PASSWD and NOPASSWD to specify whether the user has to enter a password or not

– NOEXEC to prevent any programs launching shells

themselves

User Specifications Example

# This lets the webmasters run all the web commands on  the machine "webserver" provided they give a password

 USERS WORKSTATIONS=(ADMINS) ADMIN_CMDS

# This lets "harry" shutdown his own machine without a  password

 harry harrys­machine= NOPASSWD: SHUTDOWN_CMDS

#  And  this  lets  everybody  print  without  requiring  a  password

What is visudo?

• The program used to edit the sudoers file

• Traditionally, visudo opens the /etc/sudoers file with the "vi" text editor

• Ubuntu, however, has configured visudo to use the "nano" text editor instead

• If you would like to change it, issue the following command:

sudo select­editor

• Multiple tags on a line

myuser  ALL  =  (root)  NOPASSWD:NOEXEC:  /usr/bin/vim

• Enabling Visual Feedback when Typing Passwords