Sender: Albin (Aile Bin), News District: Linux
Title: Linux Elective Class: File System
Sending station: Bihai Qingtian (Wed Apr 21 23:35:36 1999), transfer
Copyright Notice:
This article is the Linux elective course of Dalian University of Technology. You are welcome to reprint, but it is forbidden to use this material.
Any commercial or profitable event. Please keep this copyright statement when you reprint.
Author: He Binwu, hbwork @ dlut.edu.cn, Network Center of Dalian University of Technology, April 1999.
URL: ftp://ftp.dlut.edu.cn/pub/people/albin/
-------------------------------------------------- ----------------------------
File system
The Unix file system control files and information in the directory are present on disk and other auxiliary media. it
Controls how information and how information can be accessed. So it is the most basic basis for enhancing UNIX system security
One of the tools.
The information stored in the UNIX file system is arranged into a tree structure of the directory and files. Tree structure by a total
The directory and subdirectories in the catalog are constituted, and the total directory is called root directory (root). Each directory can be included
Subdistries and other items, such as files, pointing to other file systems (symbolic connections), indicating the logo of the device
Compiling names (such as / dev / tty) and other types (Proc, etc.).
file
All users accessible in the UNIX system can be represented as a "file" in the file system -
Includes processes and network connections. Each file has at least one file name, one owner, and access
And other properties. These attributes are stored on INDEX NODEs in the file system, this is the basic file
The system's entry. The i-node exists to remove anything about the file system outside the file. Only file name is stored in the directory
Inside, and contact I node through the pointer.
table of Contents
The directory is a special entry in the file system. A directory is actually a list of file names and i nodes. file
Names can be composed of any character string, but cannot include / and NULL characters.
Contact the file name is a digital pointer, which is actually an index of a node on disk. One I node package
Infographic of a file entry in the file system.
Only file names and I node index numbers are included in the catalog, and there is no information requiring protection.
A simple relationship database of the mapping relationship between file names and I nodes. Multiple files can point to the same I node.
Also, multiple directories can also point to the same I node.
RM does not necessarily delete a file, and the file is really deleted when the connection value of the i node is 0.
Each directory contains. And .. two directories.
i node
Applying a structure called INODE (inode) in the UNIX system to store parts in the file system
Management information. The i node resides on the hard disk, there is no name, but has the number of indexes to point to them.
The location of the I node array.
Each I node usually includes:
The location of the data entry is on disk
. The type of data item (file, directory, symbolic connection, etc.)
The number of bytes of this data entry
This node is last modified time (CTIME)
This file is the last time (MTIME)
The time (atime) of the last time (ATIME)
The number of file names corresponding to this file (number of connections)
UID
GID
Mode bit
Current directory and path
Absolute path VS relative path
Use the ls command
LS -A
LS -LF (TOTAL line points out the number of KB occupied by all files in the directory.)
ls -af (* / = @)
LS -L (Mtime)
Ls -lu (atime)
LS -LC (CTIME)
Document authorization (LS -L output)
*** The executable bits are only meaningful for executable files.
The Phase Script command can be performed when there must be permission to have execution permissions in Linux. Use a chmod command
CHMOD [RFH] [Agou] [ - =] [rwxxstugo] FileList
Authority
R Read
w wh
x Execute (or Access for Directories)
X Sets the execution permission only when the file is a directory or a file that has already executed some execution bit
S set user or group ID
T Save Program Text On Swap Device (Sticky)
u Remove access from the owner's authorization
G Delete access from the authorization of the user group
G Delete access from other users' authorization
8 credit file properties
4000 SUID
2000 SGID
1000 sticky
0400 -R --------
0200 - W -------
0100 --- ------------
0040 ---- r ------
0020 ----- W ----
0010 ------ x ---
0004 ------- r -
0002 -------- W-
0001 --------- x
umask command
The interface of the umask feature is an inner command in the SH, KSH, CSH shell program! ? Default file establishment mode: 0666
A simple way to calculate the umask value: In UMASK, 2 shields write a bit bit, 7 shields all permissions.
Use directory permissions
UNIX stores the contents of the directory in a normal file. But the permissions of the directory are different from ordinary documents.
R Read OpenDir () readdir () or LS to find that file in this directory
W Write file or subdirectory in this directory can be created, delete or rename it in this directory
x Execute the content of the directory that can be STAT (such as determining the owner of the directory, and the length of the file in the directory)
Degree). You can only make this directory only in this directory or open in this directory (or
Files within its sub-directory.
Common catalog permissions
0755 / / usr / bin Anyone can see the content of the directory, but only the owner and root can change it
1777 / TMP / VAR / MAIL Any user can establish a file within this directory, but can not delete other users
file
0700 $ home users can access their own primary directories, but other users cannot.
Delete an inappropriate file
$ rm ./-foo
$ RM - -FOO
$ rm -i *
SUID
Passwd su
Suid / SGID / Sticky
--- S ------ SUID Effective UID of this SUID process is set to the program owner's UID
------ S --- SGID
--------- T Sticky (generally only for the directory)
--- S ------ SUID Sets SuID but does not set the execution bit of the corresponding bit
*** Don't write SHELL Script, if necessary, use Perl (TAINTPERL)
Find all SUID and SGID files
Find / / (-perm -004000 -o -perm -002000 /) -type f -print
EXCEPT for NFS
Find / / (-local -o -prune /) /
/ (- Perm -004000 -o -perm -002000 /) --Type F -PRINT
Turn off SUID and SGID in the file system in Mount
Mount -o Nosuid ..... (generally used in NFS)
Device file
Equipment documents are one of the reasons why UNIX popularity and flexibility.
/ dev directory
/ dev / null
/ DEV / KMEM pseudo device
/ dev / MakeDev
Most equipment files should not allow ordinary users to read and write.
Illegal device file
Not in the / dev directory, it may provide illegal invasive accessors to the use of entrances: Find / / (-Type C -Type B /) -EXEC LS -L {} /;
Find / /! -type f -a /! -type d -exec ls {} /;
(Including symbolic connection, PIPE, etc.)
Chown change file owner
CHGRP changes to files
-
[M [1; 32M ※ Source:. Bihai Youth bbs.dlut.edu.cn. [From: apple.dlut.edu.c] [M
