Even more notes on a class my employer sent me to
If you've gotten this far, you should see all the previous installments on the right. Don't bother reading them, though. They're amazingly boring. This installment won't be much better.
Unit 6: Users, Groups, and Permissions Oh my!
The Linux Security Model
+ Users, Groups, and Other
+ root is not a normal User, nor is it Other. root sits above most security features.
+ Every process has a User and Group association. Processes can only access resources that are accessible by their User and Group.
+ When a new User is created, a new Group of the same name is created.
+ Users can be members of more than one Group.
+ Processes can have multiple Group affiliations, but files can only have one Group affiliation.
+ The system administrator can define a default Group for a given User.
+ When a User creates a file, it inherits the User's default Group affiliation only.
+ When a User starts a process, the process inherits all the User's Group affiliations.
Users
+ Usernames and UIDs are stored in /etc/passwd
+ Users are assigned a home directory and a program that is run when they login (e.g., a shell).
Groups
+ GIDs are stored in /etc/group
+ All Users affiliated with a Group have access to everything the Group has access to.
root
+ root is a special administrative account
+ root has a UID of 0 (zero)
+ Any process running with UID 0 has root privileges.
+ You can assign any User a UID of 0 by editing that User's entry in /etc/passwd
+ root has unlimited privileges on the system. Use it sparingly!
Linux File Security
+ Every file and directory has permissions defined, that restrict access.
+ Access levels are defined for the file's User, Group, and Others
+ Permission types are r, w, x
+ read permission allows you to read and copy files, and list directory contents.
+ write permission allows you to create, remove, and move (rename) files and directories.
+ execute permission allows you to run files and access directories.
Permission Notation
+ Ten-character string
+ Files (e.g.): -rwxrwxr--
+ Directories (e.g.): drwxrw-r--
+ The first character denotes a file (-) or a directory (d).
+ The next three characters denote the User access.
+ The next three characters denote the Group access.
+ The final three characters denote th e Other access.
chmod
+ Usage: chmod ...
There are a Symbolic method and a Numeric method for changing permissions. Refer to the workbook for details. What? No workbook?1!
+ E.g., chmod 750 (grants -rwxr-x--- to the file)
Unit 7: vi and vim Editors
+ Usage: vi [If the file doesn't exist, vi creates it on invocation.
+ vi -m File is non-modifiable
+ vi -R File is only modifiablle using :w!
+ vi -n Editor will not use swap for backing up the file (e.g., when the file is on a floppy disk or other tiny storage device)
+ vi -r Editor will recover data from swap after a crash
+ vi -x Editor encrypts the file when saving, and decrypts when editing
Three Modes of vi (and vim)
+ Command Mode: Cursor movement, change, delete, yank, put, search (ESC)
+ Insert Mode: Type in new text, return to Command Mode (i, I, and others)
+ "ex" Mode: Configure, exit, save, search & replace (:)
Some vi Commands and Their More Powerful Evil Twins
+ a appends after the cursor; A appends at the end of the line.
+ i inserts before the cursor; I inserts at the beginning of the line
+ o opens a line below the cursor; O opens a line above the cursor
+ u undoes most recent change; U undoes all changes to the current line (since the cursor last landed on the current line)
+ CTRL+R redoes last "udone" change.
The vi Command Structure
+ Usage: [] []
+ Line: cc (change); dd (delete); yy ("yank" - i.e., copy)
+ Letter: cl; dl; yl
+ Word: cw; dw; yw
+ Sentence Ahead: c); d); y)
+ Sentence Behind: c(; d(; y(
+ Paragraph Above: c{; d{; y{
+ Paragraph Below: c}; d}; y}
Note that these commands use the vi movement controls (parens, curly-braces, etc.)
Command Mode Tricks
+ dtc deletes from cursor to the letter c (does not span lines).
+ 5dd deletes five lines
+ rc replaces a character with the letter c
There are many, many more.
NOW WE DO SOME LABS.
Printing in Linux
+ Print requests are sent to queues.
+ Queued jobs are sent to the printer on FIFO basis.
+ Jobs can be canceled before or during printing.
Print Commands
+ lpr Send a job to a queue.
+ lpq View the contents of a queue.
+ lprm[ Remove a job from a queue.
+ System V commands are also supported.
Insert sermon on proprietary software and the superiority of ogg-vorbis here.
Unit 8: The Linux Filesystem In Depth
+ Partitions and filesystems
+ The inode table and cp, mv, and rm
+ Symbolic links and additional hard links
+ Removable media
+ tar and gzip
Partitions and Filesystems
+ Disk drives are divided into partitions
+ Partitions are formatted with filesystems
+ Filesystems allow users to store data.
The df command returns partition and filesystem information.
[student@station10 ~]$ df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/vol0-root
5063712 3002704 1803780 63% /
/dev/hda1 101086 13472 82395 15% /boot
none 257892 0 257892 0% /dev/shm
/dev/mapper/vol0-home
507748 20110 461424 5% /home
Inodes
+ An inode table contains a list of all files and their attributes, along with pointers to the first few data blocks of the file. I.e., the inode table contains metadata. The data blocks contain the actual file data.
+ Inode tables are additional "overhead" for data storage. In addtion to the space the actual files take up, the inode table entries take up space as well.
+ file type, permissions, link count, UID, GID
+ file size and timestamps
+ pointers to the file's data blocks
+ etc.
The Linux kernel references files by inode number. Humans reference files by name. A directory is a mapping between the human filenames and the kernel's inode numbers.
The cp Command:
+ Allocates a free inode number and creates a new entry (with that number) in the inode table. The filesystem takes care of inode numbers.
+ Creates a directory entry, mapping the file's inode number to the file's human name.
+ Copies data into the new file.
If there are no free inodes, cp will fail. Use df -i to show your free inodes. Note that you only get one inode back (at most) from deleting a file, no matter how large the file was.
The mv Command and inodes
If the destination of the mv command is on the same filesystem as the source, the mv command:
+ Creates a new directory entry with the new filename
+ Deletes the old directory entry
+ Updates the timestamp for that file in the inode table.
Note that because the kernel thinks of the file in terms of its inode number, changing the name of the file (i.e., "moving" the file) doesn't involve moving any data or making any changes (other than timestamp) to the inode table. Note also that when the file is being moved to a different partition, the inode table will change (because the inode tables are allocated by partition; a new inode entry is required to move the file to a new partition).
The rm Command:
+ Decrements the "link count", freeing an inode number for reuse.
+ Places the freed data blocks on the "free" list.
+ Removes the directory entry.
Read on for more about "links" and "link counts".
Hard Links
+ Represents one physical file in the filesystem.
+ Each link references the file's inode.
+ A file is present in the filesystem as long as at least one link remains.
+ Hard links cannot link files across drives or partitions.
+ Hard links increment an inode's link count.
+ Command Usage: ln
+ Only files can be hardlinked; directories cannot be hardlinked.
Symbolic Links I.e., "soft" links
+ Symbolic links overcome the limitations of hard links.
+ Where a hard link results in two names pointing to the same inode (data), a symbolic link points from one name to another.
+ Therefore, soft links do not increment the inode's link count.
+ Therefore, a soft link can point to a file that no longer exists.
+ Command Usage: ln -s []
Unit 9: bash
Some Notes About Configuring the bash Shell
+ set Usage: set =
+ You can set environment variables on the fly, but they only apply to that shell instance. If you open up another shell instance, it won't include env. variable changes you made in the earlier shell instance.
+ Shells load a default set of env. variables from a config file when instanced. To make changes to the environment of all shell instances, you must edit the config file where that shell's env. variables are defined.
+ Aliases (e.g., aliasing vim to vi) are defined in the shell environment.
+ alias Usage: alias =
+ Note: This is all bash-specific syntax. Dumbass.
There are two kinds of shells: "login", and "interactive".
+ You get the login shell when you first login.
+ You get the interactive shell whenever you invoke a shell explicitly.
+ The significant feature of the login shell is that it will carry out certain "on login" instructions.
+ When you invoke a shell explicitly, the interactive shell does not carry out the "on login" instructions.
+ E.g., on login, bash executes /etc/profile, ~/.bash_profile, etc.
+ An interactive bash shell only executes ~/.bashrc (if exists)
+ Under Linux, the login shell looks into /etc/profile and only executes *.sh entries.
NOW WE DO SOME LABS