CIT 500: IT Fundamentals

1
CIT 500 IT Fundamentals

• Users and Filesystems

2
Topics

1. Users
2. User accounts
3. Groups
4. Passwords
5. Filesystems
6. Partitions
7. Filesystems and files
8. File permissions

3
User Accounts

• Each user has their own
• User ID (UID)
• Group ID (GID)
• Password
• Home directory
• Access to files is determined by
• User identity UID GIDs
• File permissions

4
User Types

• Regular users
• Humans with accounts on system.
• May log in via network or on console.
• Special users
• Non-human users for specific programs, i.e. http.
• Used for file permission purposes.
• Superuser
• Admin user with UID 0 has special permissions.
• Username is typically root.

5
/etc/passwd

• rootx00root/root/bin/bash
• daemonx11daemon/usr/sbin/bin/sh
• binx22bin/bin/bin/sh
• sysx33sys/dev/bin/sh
• gamesx560games/usr/games/bin/sh
• manx612man/var/cache/man/bin/sh
• lpx77lp/var/spool/lpd/bin/sh
• mailx88mail/var/mail/bin/sh
• newsx99news/var/spool/news/bin/sh
• uucpx1010uucp/var/spool/uucp/bin/sh
• waldenjx100100James Walden,
  faculty/home/waldenj/bin/bash
• smithx101101John Smith, student/home/smithj/
  bin/bash

6
Groups

• Users belong to one or more groups.
• User always has a primary group.
• User can access files accessible to any of the
  groups to which the user belongs.
• Groups contain zero or more users.
• Created by the system administrator.
• Some groups exist for programs like special
  users.
• Other groups exist for human users.

7
/etc/group

• rootx0
• daemonx1
• binx2
• sysx3
• admx4
• ttyx5
• diskx6
• lpx7
• waldenjx100
• smithjx101
• facultyxwaldenj
• studentxsmithj

8
Passwords

• Passwords
• Most common type of authentication.
• Authentication binds a person to an identity.
• Use passwd command to change.
• Attacks against passwords
• Reading passwords from disk storage.
• Intercepting passwords via wiretapping.
• Guessing passwords.

9
Protecting Passwords

• Against disk storage attacks
• Store password in secure file, /etc/shadow.
• Store one-way hash of password, not password
  itself.
• Compare hash of password entered by user with
  hash of password stored on disk to login.
• Against wiretapping
• Do not send passwords over email.
• Use encrypted protocols like ssh to login.
• Against guessing
• Do not use dictionary words, birthdates, names.
• Choose a long password.

10
User Information Commands

• gt whoami
• waldenj
• gt id
• uid102(waldenj) gid102(waldenj)
  groups102(waldenj),101(faculty)
• gt who
• waldenj pts/3 Sep 3 1406 (10.10.10.18)
• wardj pts/5 Sep 3 1127 (10.10.10.51)
• cunninghams pts/6 Sep 3 1514
  (10.10.10.11)
• gt w
• 151659 up 105 days, 106, 8 users, load
  average 0.02, 0.04, 0.01
• USER TTY FROM LOGIN_at_ IDLE
  JCPU PCPU WHAT
• waldenj pts/3 10.10.10.18 1406 0.00s
  0.03s 0.01s w
• wardj pts/5 10.10.10.51 1127 1820m
  0.01s 0.01s -bash
• cunningh pts/6 10.10.10.11 1514 0.00s
  0.01s 0.00s vi highlow.rb

11
Partitions and the MBR

• 4 primary partitions.
• One can be used as an extended partition, which
  is a link to an Extended boot record on the 1st
  sector of that partition.
• Each logical partition is described by its own
  EBR, which links to the next EBR.

12
Extended Partitions and EBRs

• There is only one extended partition.
• It is one of the primary partitions.
• It contains one or more logical partitions.
• It should contain all disk space not used by the
  other primary partitions.
• EBRs contain two entries.
• The first entry describes a logical partition.
• The second entry points to the next EBR if there
  are more logical partitions after the current one.

13
Why Partition?

1. Separate OS from user files, to allow user
   backups OS upgrades w/o problems.
2. Have a faster swap area for virtual memory.
3. Improve performance by keeping filesystem tables
   small and keeping frequently used together files
   close together on the disk.
4. Limit the effect of disk full issues, often
   caused by log or cache files.
5. Multi-boot systems with multiple OSes.

14
Filesystems

• Filesystems are a method for organizing and
  storing data. Filesystems typically
• Divide storage into blocks.
• Provide tree-structured organization.
• Filesystems
• ext3fs used on most Linux systems.
• FAT used on MS-DOS systems flash memory.
• ISO9660 used by CD-ROM and DVD-ROMs.
• NTFS used by MS Windows NT, XP, Vista.

15
Blocks

• Filesystems divide storage into uniform blocks
• Blocks contain one or more disk sectors.
• Filesystem tracks which blocks are used, free.
• Blocks store
• File data
• File metadata
• Directories
• Filesystem metadata

16
UNIX File System Structure
17
Paths

• Absolute Paths
• Specify path to file from root of the tree.
• Always begin with /.
• ex /bin/ls, /home/b/smithj/cit500/hw/a1.rtf
• Relative Paths
• Specify path from current dir to file.
• Never begin with /.
• ex ls, a1.rtf, ../../cit501/syl.pdf,
  cit500/hw/a1.rtf, /cit500/hw/a1.rtf,
  smithj/hw/a1.rtf

18
Files

• A described storage unit.
• Description includes name(s) other metadata.
• Storage is a sequence of bytes.
• Metadata includes
• File ownership.
• File access permissions.
• Timestamps (creation, modification, access.)
• Location of blocks containing file data.

19
File Types

• Types indicate application to use
• JPEG, TIFF, PNG, GIF image file types
• AVI, FLV, MKV, MPEG video file types
• How do you determine the type of a file?
• MIME types email attachments and web files.
• Magic numbers first few bytes of a file.
• Suffixes of filename, set by user so unreliable.

20
MIME Types

• Multipurpose Internet Mail Extensions
• Used for e-mail attachments.
• Used for all web documents.
• Identified by Content-Type header.
• text/plain regular e-mail
• text/html HTML markup
• multipart/mixed text/plain attachments
• image/jpeg JPEG image attachment
• Many other formats

21
File Command

• Identifies some file types by file metadata
• Directories, device files, socket files, etc.
• Identifies most file types by magic number
• Examine first few bytes of file.
• Lookup in dictionary of magic numbers to types.
• Returns type of file.
• Magic numbers are human-specified numerical
  constants in programs.

22
Directories

• Special file type that maps names to inodes.
• Names are the filenames you see with ls.
• Every name is a link to the inode.
• Inodes are disk structures that store file
  metadata.
• Every directory contains two directories
• . references the current directory.
• .. references the directory above the current
  directory in the filesystem tree.

23
File Storage in UNIX
24
Inode Block Addressing
25
Hard and Soft Links

• Hard Links
• Maps name to inode.
• Can only refer to files on same filesystem.
• Diff names in diff dirs can map to same inode.
• File is not deleted until all hard links deleted.
• Symbolic links
• File that refers to another file or directory.
• Contains pathname for file data.
• Can point to files on other filesystems.

26
Hard and Soft Links

• Creating a hard link
• ln /bin/ls myls
• ln creating hard link myls' gt /bin/ls'
  Invalid cross-device link
• ln .bashrc myconfig
• Creating a symbolic link
• ln s /bin/ls myls
• ln s .bashrc myconfig

27
Access Control Permissions

• Read
• You can read the file with cat, more, etc.
• Write
• You can modify the file with vi, OpenOffice, etc.
• Execute
• You can run the file if its a program.

28
Three Sets of Permissions
29
Access Control Directories

• Read
• You can list directory contents with ls, etc.
• Write
• You can create new files with touch, etc.
• You can delete files with rm, etc.
• Execute
• You can cd to the directory.

30
Octal Codes for Permissions
31
Access Control Interpretation
32
Access Control Commands

• Changing File Access Privileges
• chmod options octal-mode file
• chmod options symbolic file

33
Examples of chmod
34
More chmod Examples
35
More chmod Examples
36
More chmod Examples
37
Setting Default Permissions

• umask mask
• The access permission value on executable file
  or directory is computed by
• file permission 777 mask
• Current Value of the mask
• umask
• 777

38
Special Access Bits

• The Set-User-ID (SUID) Bit
• Command runs with privileges of file owner when.
• chmod 4xxx file-list
• chmod us file-list
• The Set-Group-ID (SGID) Bit
• Command runs with privileges of group owner.
• chmod 2xxx file-list
• chmod gs file-list
• The Sticky Bit
• Prevents non-owners from removing/renaming files
  in dir.
• chmod 1xxx file-list
• chmod t file-list

39
Special Bits Examples

• SetUID Bit
• gt ls -l /etc/passwd /usr/bin/passwd
• -rw-r--r-- 1 root root 1335 2005 /etc/passwd
• -rwsr-xr-x 1 root root 25464 2005 /usr/bin/passwd
• SetGID Bit
• gt ls l /usr/bin/wall
• -rwxr-sr-x 1 root tty 9784 2005 /usr/bin/wall
• Sticky Bit
• gt ls -ld /var/tmp
• drwxrwxrwt 13 root root 4096 2005 /var/tmp

40
Archiving Files

• Archiving files stores multiple files in a single
  file.
• Useful for transferring files across the network.
• Useful for storing rarely needed files for future
  use.
• Most archives are compressed to save space/time.
• Compression encodes the same information using
  fewer bits to save space.
• Run Length Encoding (RLE) is a simple compression
  algorithm where repeated sequences are encoded as
  the sequence followed by a repetition count.

41
Tar

• Tar (Tape ARchive) is std UNIX archive format.
• Originally and still used to save data to tape.
• Also used to create archive files on disk.
• Stores directories, file data, and metadata.
• Includes ownership permissions.
• Does not include extended attributes and ACLs
  that are supported by advanced filesystems.

42
Compression

• Common compression tools
• compress obsolete, files have .Z suffix
• gzip old, .gz suffix, offers 61 bin, 75 text
• bzip2 std, .bz2 suffix, offers 64 bin, 80
  text
• 7zip newer, .7z suffix, offers 73 bin, 81
  text
• nanozip newest, best compression, beta version

43
References

1. Syed Mansoor Sarwar, Robert Koretsky, Syed Ageel
   Sarwar, UNIX The Textbook, 2nd edition,
   Addison-Wesley, 2004.
2. Nicholas Wells, The Complete Guide to Linux
   System Administration, Thomson Course Technology,
   2005.