File system security
In your unix stuff directory, type
% ls –l (l for long listing!)
You will see that you now get lots of details about the contents of you directory, similar to the example below
Each file(and directory) has associated access rights, which may be found by typing ls –l
In the left-hand column is a 10 symbol string consisting of the symbols d,r,w,x- if d is present, it will be ate the left hand end of the string symbol of the string
The 9 remaining symbols indicated the permissions, or access rights, and are taken as three groups of 3
The left group of 3 gives the file permissions for the user that owns the file(or directory)
The middle group gives the permissions for the group of people to whom the file(or directory) belongs.
The rightmost group gives the permissions for all others.
Access rights on files
R(or -), indicates read permission(or otherwise), that is, the presence or absence of permission to read and copy the file
W(or -)indicate write permission(or otherwise), that is, the permission(or otherwise) to change a file
X(or -),indicates execution permission(or otherwise), that is, the permission to execute a file, where appropriate
Access rights on directories
R allows users to list files in directory
W means that users may delete files from the directory or move files into it;
X means the rights to access files in the directory. This implies that you may read files in the directory provided you have read permission on the individual files
So, in order to read a file, you must have execute permission on the directory containing that file.
For examples
-rwxrwxrwx a file that everyone can read, write and execute (and delete)
-rw ----------- a file that only the owner can read and write; no-one else can read or write and no-one has execution rights(e.g. your mailbox file)
Change access right
Chmod(changing a file mode)
Only the owner of a file can use chmod to change the permissions of a file, the options of chmod are as follows
U: user
G: group
O:other
A:all
R:read
W:write(and delete)
X:execute(and access directory)
+: add permission
-: take away permission
For example, to remove read write and execute permissions on the file biglist for the group and others, type
% chmod go-rw biglist
This will leave the other permissions unaffected
To give read and write permissions on the file biglist to all,
% chmod a+rw biglist
The protection Bits
U g o
Rw- r-- ---
6 4 0
The file has “mode” 640” the first bits, set to “r+w”(4+2) in our example, specify the protection for the user who owns the files(U) The use who owns the file can read or write(which includes delete) the file.
The next trio of bits, set to 4, or “r” in our example, specify access to the file for other users in the same group as the group of the file.
Finally, all other users are given no access to the file.
Process
A process is an executing program identified by a unique PID (process identifier). To see information about your processes, with their associated PID and status, type
% ps
To kill off the process , type
% kill PID_number
And then type ps again to see if it has been removed from the list
Other Command
Find. –name “circle.h” –print
Who am i
Which which
Finger
Date
History 3
Text Editor
Vi
The Vi editor has powerful features to aid programmers
The vi editor has two modes: command and insert
The command mode allows the entry of commands to manipulate text.
The insert mode puts anything typed on the keyboard into the current file
Vi initially starts in command mode
Open a file in Vi by typing either of
% vi filename (opens specified file) here are some basic vi commands:
Command mod
I,a : enter insert mode
:w : save the file without exiting
:q! :Quit without saving
:wq : Quit and save
:x, ZZ: quit and save the file
Dd: delete the line where the cursor is located
X: delete the character
Set number:set the line number
Set nonumber: cancel line number
Esc :enter command mode
UNIX shell
The kernel
The kernel of UNIX is the hub of the operating system: it allocates time and memory to programs and handles the file store and communications in response to system calls.
The shell
The shell acts as an interface between the user and the kernel, When a user logs in, the login program checks the username and password, and then starts another program called the shell.
The shell is a command line interpreter(CLI), it interprets the commands the user types in and arranges for them to be carried out. The commands are themselves programs: when they terminate, the shell gives the user another prompt (% on our systems)
As an illustration of the way that the shell and the kernel work together, suppose a user types rm myfile (which has the effect of removing the file myfile).
The shell searches the files store for the file containing the program rm, and then requests the kernel, through system calls, to execute the program rm on myfile.
When the process rm myfile has finished running, the shell then returns the UNIX prompt % to the user, indicating that it is waiting for further commands.
Bash
For our first shell script. We’ll just write a script which says “hello world”
Create a file (first.sh) as follows: first.sh
#! /bin/bash
# This is a comment!
Echo Hello World #This is a comment, too!
The first line tell Unix that the file is to be executed by /bin/bash
The Second line begins with a special symbol: #. This makes the line as a comment, and it is ignored completely by the shell.
You could even just run:
% echo Hello world
Hello world
%
Variable
There must be no spaces around the “=” sign: VAR=value works:
VAR = VALUE doesn’t work
Var.sh
#! /bin/bash
MY_MESSAGE=”hellowrod”
Echo $MY_MESSAGE
Makefile
To simplify compiling your code, we will be using a Makefile to compile our code
Make is a UNIX program that helps programmers efficiently build progects.
For example:
$ make
$ make clean
$ make install