Subsections of Files

Advanced File Management

Permission Classes and Types

Permission classes

  • user (u)
  • group (g)
  • other (o) (public)
  • all (a) <- all combined

Permission types

  • r,w,x
  • works differently on files and directories
  • hyphen (-) represents no permissions set

ls results permissions groupings

    • rwx rw- r–
      • user (owner), group, and other (public)

ls results first character meaning

  • regular file d directory l symbolic link c character device file b block device file p named pipe s socket

Modifying Access Permission Bits

chmod command

  • Modify permissions using symbolic or octal notation.
  • Used by root or the file owner.

Flags chmod -v ::: Verbose.

Symbolic notation

  • Letters (ugo/rwx) and symbols (+, -, =) used to add, revoke, or assign permission bits.

Octal Notation

Three-digit numbering system ranging from 0 to 7. 0 — 1 –x 2 -w- 3 -wx 4 r– 5 r-x 6 rw- 7 rwx

Default Permissions

  • Calculated based on the umask (user mask) value subtracted from the initial permissions value.

umask

  • Three-digit value (octal or symbolic) that refers to read, write, and execute permissions for owner, group, and public.
  • Default umask value is 0022 for the root user and 0002 normal users.
  • The left-most 0 has no significance.
  • If umask is set to 000 files will get max of 666
  • If the initial permissions are 666 and the umask is 002 then the default permissions are 664. (666-002)
  • Any new files or directories created after changing the umask will have the new default permissions set.
  • umask settings are lost when you log off. Add it to the appropriate startup file to make it permanent.

Defaults

  • files 666 rw-rw-rw-
  • directories 777 rwxrwxrwx

umask command

Options

  • -S symbolic form

Special Permission Bits

  • 3 types of special permission bits for executable files or directories for non root users
    • setuid
    • setgid
    • sticky
  • setuid
    • set on exe’s to provide non-owners the ability to run them with the privileges of the owning user
    • may be set on directories and files but will have no effect.
    • example: the su command
    • shows an ’s’ in ls -l listing at the end of owners permissions
    • If the file already has the “x” bit set for the user, the long listing will show a lowercase “s”, otherwise it will list it with an uppercase “S”.
  • setgid
    • set on exe’s to provide non-group members the ability to run them with the privileges of the owning group.
    • May be set on shared directories
      • allow files and subdirectories created underneath to automatically inherit the directory’s owning group.
      • saves group members who are sharing the directory contents from changing the group ID for every new file and subdirectory that they add.
    • write command has this set by default so a member of the tty group can run it. If the file already has the “x” bit set for the group, the long listing will show a lowercase “s”, otherwise it will list it with an uppercase “S”.
  • Sticky bit
    • may be set on public directories for inhibiting file deletion by non-owners
    • may be set on directories and files but will have no effect.
    • Set on /tmp and /var/tmp by default
    • Letter “t” in other permission feild
    • If the directory already has the “x” bit set for public, the long listing will show a lowercase “t”, otherwise it will list it with an uppercase “T”.

Access Control Lists (ACLs)

  • Setting a default ACL on a directory allows content sharing among user’s without having to modify access on each new file and subdirectory.

  • Extra permissions that can be set on files and directories.

  • Define permissions for named user and named groups.

  • Configured the same way on both files and directories.

  • Named Users

    • May or may not be a part of the same group.

  • 2 different groups of ACLs. Default ACLs and Access ACLs.

    • Access ACLs
      • Set on individual files and directories
    • Default ACLs
      • Applied on directories
      • files and subdirectories inherit the ACL
      • Execute bit must be set on the directory for public.
      • Files receive the shared directory’s default ACLs as their access ACLs - what the mask limits.
      • Subdirectories receive both default ACLs and access ACLs as they are.

  • A “+” at the end of ls -l listing indicates ACL is set

    • -rw-rw-r–+

ACL Commands

getfacl

  • Display ACL settings
    • Displays:
    • name of file
    • owner
    • owning group
    • Permissions
      • colon characters save space for named user/group (or UID/GID) when extended Permissions are set.
      • Example: user:1000:r–
        • the named user with UID 1000, who is neither the file owner nor a member of the owning group, is allowed read-only access to this file.
      • Example: group:dba:rw-
        • give the named group (dba) read and write access to the file. setfacl
    • set, modify, substitute, or delete ACL settings
    • If you want to give read and write permissions to a specific user (user1) and change the mask to read-only at the same time, the setfacl command will allocate the permissions as mentioned; however, the effective permissions for the named user will only be read-only.

u:UID:perms

  • named user must exist in /etc/passwd
  • if no user specified, permissions are given to the owner of the file/directory

g:GID:perms

  • Named group must exist in /etc/group
  • If no group specified, permissions are given to the owning group of the file/directory

o:perms

  • Neither owner or owning group

m:perms

  • Maximum permissions for named user or named group

Switches

Switch Description
-b Remove all Access ACLs
-d Applies to default ACLs
-k Removes all default ACLs
-m Sets or modifies ACLs
-n Prevent auto mask recalculation
-R Apply Recursively to directory
-x Remove Access ACL
-c Display output without header

Mask Value

  • Determine maximum allowable permissions for named user or named group
  • Mask value displayed on separate line in getfacl output
  • Mask is recalculated every time an ACL is modified unless value is manually entered.
  • Overrides the set ACL value.

Find Command

  • Search files and display the full path.
  • Execute command on search results.
  • Different search criteria
    • name
    • part name
    • ownership
    • owning group
    • permissions
    • inode number
    • last access
    • modification time in days or minutes
    • size
    • file type
  • Command syntax
    • {find} + {path} + {search option} + {action}
  • Options
    • -name / -iname (search by name)
    • -user / -group (UID / GID)
    • -perm (permissions)
    • -inum (inode)
    • -atime/amin (access time)
    • -mtime/amin (modification time)
    • -size / -type (size / type)
  • Action
    • copy, erase, rename, change ownership, modify permissions
      • -exec {} \;
        • replaces {} for each filename as it is found. The semicolon character (;) marks the termination of the command and it is escaped with the backslash character (\).
      • -ok {} \;
        • same as exec but requires confirmation.
    • -delete
    • -print <- default

Advanced File Management Labs

Lab: find stuff

  1. Create file 10 and search for it.
[vagrant@server1 ~]$ sudo touch /root/file10
[vagrant@server1 ~]$ sudo find / -name file10 -print
/root/file10
  1. Perform a case insensitive search for files and directories in /dev that begin with “usb” followed by any characters.
[vagrant@server1 ~]$ find /dev -iname usb*
/dev/usbmon0
  1. Find files smaller than 1MB (-1M) in size (-size) in the root user’s home directory (~).
[vagrant@server1 etc]$ find ~ -size -1M
  1. Search for files larger than 40MB (+40M) in size (-size) in the /usr directory:
[vagrant@server1 etc]$ sudo find /usr -size +40M
/usr/share/GeoIP/GeoLite2-City.b
  1. Find files in the entire root file system (/) with ownership (-user) set to user daemon and owning group (-group) set to any group other than (-not or ! for negation) user1:
[vagrant@server1 etc]$ sudo find / -user daemon -not -group user1
  1. Search for directories (-type) by the name “src” (-name) in /usr at a maximum of two subdirectory levels below (-maxdepth):
[vagrant@server1 etc]$ sudo find /usr -maxdepth 2 -type d -name src
/usr/local/src
/usr/src
  1. Run the above search but at least three subdirectory levels beneath /usr, substitute -maxdepth 2 with -mindepth 3.
[vagrant@server1 etc]$ sudo find /usr -mindepth 3 -type d -name src
/usr/src/kernels/4.18.0-425.3.1.el8.x86_64/drivers/gpu/drm//display/dmub/src
/usr/src/kernels/4.18.0-425.3.1.el8.x86_64/tools/usb/usbip/src
  1. Find files in the /etc directory that were modified (-mtime) more than (the + sign) 2000 days ago:
[vagrant@server1 etc]$ sudo find /etc -mtime +2000
/etc/libuser.conf
/etc/xattr.conf
/etc/whois.conf
  1. Run the above search for files that were modified exactly 12 days ago, replace “+2000” with “12”.
[vagrant@server1 etc]$ sudo find /etc -mtime 12
  1. To find files in the /var/log directory that have been modified (-mmin) in the past (the - sign) 100 minutes:
[vagrant@server1 etc]$ sudo find /var/log -mmin -100
/var/log/rhsm/rhsmcertd.log
/var/log/rhsm/rhsm.log
/var/log/audit/audit.log
/var/log/dnf.librepo.log
/var/log/dnf.rpm.log
/var/log/sa
/var/log/sa/sa16
/var/log/sa/sar15
/var/log/dnf.log
/var/log/hawkey.log
/var/log/cron
/var/log/messages
/var/log/secure
  1. Run the above search for files that have been modified exactly 25 minutes ago, replace “-100” with “25”.
[vagrant@server1 etc]$ sudo find /var/log -mmin 25
  1. To search for block device files (-type) in the /dev directory with permissions (-perm) set to exactly 660:
[vagrant@server1 etc]$ sudo find /dev -type b -perm 660
/dev/dm-1
/dev/dm-0
/dev/sda2
/dev/sda1
/dev/sda
  1. Search for character device files (-type) in the /dev directory with at least (-222) world writable permissions (this example would ignore checking the write and execute permissions):
[vagrant@server1 etc]$ sudo find /dev -type c -perm -222
  1. Find files in the /etc/systemd directory that are executable by at least their owner or group members:
[vagrant@server1 etc]$ sudo find /etc/systemd -perm /110
  1. Search for symlinked files (-type) in /usr with permissions (-perm) set to read and write for the owner and owning group:
 sudo find /usr -type l -perm -ug=rw
  1. Search for directories in the entire directory tree (/) by the name “core” (-name) and list them (ls-ld) as they are discovered without prompting for user confirmation (-exec):
 [vagrant@server1 etc]$ sudo find / -name core -exec ls -ld {} \;
  1. Use the -ok switch to prompt for confirmation before it copies each matched file (-name) in /etc/sysconfig to /tmp:
 sudo find /etc/sysconfig -name '*.conf' -ok  cp {} /tmp \;

Lab: Display ACL and give permissions

  1. Create and empty file aclfile1 in /tmp and display ACLs on it:
 cd /tmp
 touch aclfile1
 getfacl aclfile1
  1. Give rw permission to user 1 but with a mask of read only and view the results.
 setfacl -m u:user1:rw,m:r aclfile1
  1. Promote the mask value to include write bit and verify:
 setfacl -m m:rw aclfile1
 getfacl -c aclfile1

Lab: Identify, Apply, and Erase Access ACLs

  1. Switch to user1 and create file acluser1 in /tmp:
 su - user1
 cd /tmp
 touch acluser1
  1. Use ls and getfacl to check existing acl entries:
 ls -l acluser1
 getfacl acluser1 -c
  1. Allocate rw permissions to user100 with setfacl in octal form:
 setfacl -m u:user100:6 acluser1
  1. Run ls (+) and getfacl to verify:
 ls -l acluser1
 getfacl -c acluser1

  1. Open another terminal as user100 and open the file and edit it.

  2. Add user200 with full rwx permissions to acluser1 using the symbolic notation and then show the updated ACL settings:

 setfacl -m u:user200:rwx acluser1
 getfacl -c acluser1
  1. Delete the ACL entries set for user200 and validate:
 setfacl -x u:user200 acluser1
 getfacl acluser1 -c
  1. Delete the rest of the ACLs:
 setfacl -b acluser1
  1. Use the ls and getfacl commands and confirm for the ACLs removal:
 ls -l acluser1
 getfacl acluser1 -c
  1. create group aclgroup1
 groupadd -g 8000 aclgroup1
  1. add this group as a named group along with the two named users (user100 and user200).

Lab: Apply, Identify, and erase default ACLs

  1. Switch or log in as user1 and create a directory projects in /tmp:
 su - user1
 cd /tmp
 mkdir projects
  1. Use the getfacl command for an initial look at the permissions on the directory:
 getfacl -c projects
  1. Allocate default read, write, and execute permissions to user100 and user200 on the directory. Use both octal and symbolic notations and the -d (default) option with the setfacl command.
 setfacl -dm u:user100:7,u:user200:rwx projects/
 getfacl -c projects/
  1. Create a subdirectory prjdir1 under projects and observe the ACL inheritance:
 mkdir prjdir1
 getfacl -c prjdir1
  1. Create a file prjfile1 under projects and observe the ACL inheritance:
 touch prjfile1
 getfacl -c prjfilel
  1. log in as one of the named users, change directory into /tmp/projects, and edit prjfile1 (add some random text). Then change into the prjdir1 and create file file100.
 su - user100
 cd /tmp/projects
 vim prjfile1
 ls -l prjfile1
 cd prjdir1
 touch file100
 pwd
  1. Delete all the default ACLs from the projects directory as user1 and confirm:
 exit
 su - user1
 cd /tmp
 setfacl -k projects
 getfacl -c projects
  1. create a group such as aclgroup2 by running groupadd -g 9000 aclgroup2 as the root user and repeat this exercise by adding this group as a named group along with the two named users (user100 and user200).

Lab: Modify Permission Bits Using Symbolic Form

  1. Add an execute bit for the owner and a write bit for group and public
 [vagrant@server1 ~]$ chmod u+x permfile1 -v
 mode of 'permfile1' changed from 0444 (r--r--r--) to 0544 (r-xr--r--)
 [vagrant@server1 ~]$ chmod -v go+w permfile1
 mode of 'permfile1' changed from 0544 (r-xr--r--) to 0566 (r-xrw-rw-)
  1. Revoke the write bit from public
 [vagrant@server1 ~]$ chmod -v o-w permfile1
 mode of 'permfile1' changed from 0566 (r-xrw-rw-) to 0564 (r-xrw-r--)
 [vagrant@server1 ~]$ chmod -v a=rwx permfile1
 mode of 'permfile1' changed from 0564 (r-xrw-r--) to 0777 (rwxrwxrwx)
  1. Revoke write from the owning group and write and execute bits from public.
 [vagrant@server1 ~]$ chmod g-w,o-wx permfile1 -v
 mode of 'permfile1' changed from 0777 (rwxrwxrwx) to 0754 (rwxr-xr--)

Lab: Modify Permission Bits Using Octal Form

  1. Read only for user, group, and other:
 [vagrant@server1 ~]$ touch permfile2
 [vagrant@server1 ~]$ chmod 444 permfile2
 [vagrant@server1 ~]$ ls -l permfile2
 -r--r--r--. 1 vagrant vagrant 0 Feb  4 12:22 permfile2
  1. Add an execute bit for the owner:
 [vagrant@server1 ~]$ chmod -v 544 permfile2
 mode of 'permfile2' changed from 0444 (r--r--r--) to 0544 (r-xr--r--)
  1. Add a write permission bit for group and public:
 [vagrant@server1 ~]$ chmod -v 566 permfile2
 mode of 'permfile2' changed from 0544 (r-xr--r--) to 0566 (r-xrw-rw-)
  1. Revoke the write bit for public:
 [vagrant@server1 ~]$ chmod -v 564 permfile2
 mode of 'permfile2' changed from 0566 (r-xrw-rw-) to 0564 (r-xrw-r--)
  1. Assign read, write, and execute permission bits to all three user categories:
 [vagrant@server1 ~]$ chmod -v 777 permfile2
 mode of 'permfile2' changed from 0564 (r-xrw-r--) to 0777 (rwxrwxrwx)
  1. Run the umask command without any options and it will display the current umask value in octal notation:
 [vagrant@server1 ~]$ umask
 0002
  1. Symbolic form
 [vagrant@server1 ~]$ umask -S
 u=rwx,g=rwx,o=rx
  1. Set all new files and directories to get 640 and 750 permissions,
 umask 027
 umask u=rwx,g=rx,o=
  1. Test new umask (666-027=640) (777-027=750)
 [vagrant@server1 ~]$ touch tempfile1
 [vagrant@server1 ~]$ ls -l tempfile1
 -rw-r-----. 1 vagrant vagrant 0 Feb  5 12:09 tempfile1
 [vagrant@server1 ~]$ mkdir tempdir1
 [vagrant@server1 ~]$ ls -ld tempdir1
 drwxr-x---. 2 vagrant vagrant 6 Feb  5 12:10 tempdir1

Lab: View suid bit on su command

 [vagrant@server1 ~]$ ls -l /usr/bin/su
 -rwsr-xr-x. 1 root root 50152 Aug 22 10:08 /usr/bin/su

Lab: Test the Effect of setuid Bit on Executable Files

  1. Open 2 terminal windows. Switch to user1 in terminal1
 [vagrant@server1 ~]$ su - user1
 Password:
 Last login: Sun Feb  5 12:37:12 UTC 2023 on pts/1
  1. Switch to root on terminal2
 sudo su - root
  1. T1 Revoke the setuid bit from /usr/bin/su
 chmod -v u-s /usr/bin/su
  1. T2 log off as root
 ctrl+d
  1. Try to log in has root from both terminals
 [user1@server1 ~]$ su - root
 Password:
 su: Authentication failure
  1. T1 restore the setuid bit
 [vagrant@server1 ~]$ sudo chmod -v +4000 /usr/bin/su
 mode of '/usr/bin/su' changed from 0755 (rwxr-xr-x) to 4755 (rwsr-xr-x)

Lab: Test the Effect of setgid Bit on Executable Files

  1. Log into two terminals T1 root T2 user1 Opened with ssh

  2. T2 list users currently logged in

who
  1. T2 send a message to root
write root
  1. T1 revoke setgid from /usr/bin/write
chmod g-s /usr/bin/write -v
  1. Try to write root
[user1@server1 ~]$ write root
write: effective gid does not match group of /dev/pts/0
  1. Restore the setgid bit on /usr/bin/write:
[root@server1 ~]# sudo chmod -v +2000 /usr/bin/write
mode of '/usr/bin/write' changed from 0755 (rwxr-xr-x) to 2755 (rwxr-sr-x)
  1. Test
write root

Lab: Set up Shared Directory for Group Collaboration

  1. set up 2 test users
 [root@server1 ~]# adduser user100
 [root@server1 ~]# adduser user200
  1. Add group sgrp with GID 9999 with the groupadd command:
 [root@server1 ~]# groupadd -g 9999 sgrp
  1. Add user100 and user200 as members to sgrp using the usermod command:
 [root@server1 ~]# usermod -aG sgrp user100
 [root@server1 ~]# usermod -aG sgrp user200
  1. Create /sdir directory
 [root@server1 ~]# mkdir /sdir
  1. Set ownership and owning group on /sdir to root and sgrp, using the chown command:
 [root@server1 ~]# chown root:sgrp /sdir
  1. Set the setgid bit on /sdir using the chmod command:
 [vagrant@server1 ~]$ sudo chmod g+s /sdir
  1. Add write permission to the group members on /sdir and revoke all permissions from public:
 [root@server1 ~]# chmod g+w,o-rx /sdir
  1. Verify
 [root@server1 ~]# ls -ld /sdir
 drwxrws---. 2 root sgrp 6 Feb 13 15:49 /sdir
  1. Switch or log in as user100 and change to the /sdir directory:
 [root@server1 ~]# su - user100
 [user100@server1 ~]$ cd /sdir
  1. Create a file and check the owner and owning group on it:
 [user100@server1 sdir]$ touch file100
 [user100@server1 sdir]$ ls -l file100
 -rw-rw-r--. 1 user100 sgrp 0 Feb 10 22:41 file100
  1. Log out as user100, and switch or log in as user200 and change to the /sdir directory:
 [root@server1 ~]# su - user200
 [user200@server1 ~]$ cd /sdir
  1. Create a file and check the owner and owning group on it:
 [user200@server1 sdir]$ touch file200
 [user200@server1 sdir]$ ls -l file200
 -rw-rw-r--. 1 user200 sgrp 0 Feb 13 16:01 file200

Lab: View “t” in permissions for sticky bit

 [user200@server1 sdir]$ ls -l /tmp /var/tmp -d
 drwxrwxrwt. 8 root root 185 Feb 13 16:12 /tmp
 drwxrwxrwt. 4 root root 113 Feb 13 16:00 /var/tmp

Lab: Test the effect of Sticky Bit

  1. Switch to user100 and change to the /tmp directory
[user100@server1 sdir]$ cd /tmp
  1. Create file called stckyfile
[user100@server1 tmp]$ touch stickyfile
  1. Try to delete the file as user200
[user200@server1 tmp]$ rm stickyfile
rm: remove write-protected regular empty file 'stickyfile'? y
rm: cannot remove 'stickyfile': Operation not permitted
  1. Revoke the /tmp stickybit and confirm
[vagrant@server1 ~]$ sudo chmod o-t /tmp
[vagrant@server1 ~]$ ls -ld /tmp
drwxrwxrwx. 8 root root 4096 Feb 13 22:00 /tmp
  1. Retry the removal as user200
rm stickyfile
  1. Restore the sticky bit on /tmp
sudo chmod -v +1000 /tmp

Lab: Manipulate File Permissions (user1)

  1. Create file file11 and directory dir11 in the home directory. Make a note of the permissions on them.
 touch file11
 mkdir dir11
  1. Run the umask command to determine the current umask.
 umask
  1. Change the umask value to 0035 using symbolic notation.
 umask g=r,0=w
  1. Create file22 and directory dir22 in the home directory.
 touch file22
 mkdir dir22
  1. Observe the permissions on file22 and dir22, and compare them with the permissions on file11 and dir11.
 ls -l
  1. Use the chmod command and modify the permissions on file11 to match those on file22.
 chmod g-w,o-r,o+w file11
  1. Use the chmod command and modify the permissions on dir22 to match those on dir11. Do not remove file11, file22, dir11, and dir22 yet.
 chmod g-wx,o-rx,o+w dir11

Lab: Configure Group Collaboration and Prevent File Deletion (root)

  1. create directory /sdir. Create group sgrp and create user1000 and user2000 and add them to the group:
 mkdir /sdir
 groupadd sgrp
 adduser user1000 && adduser user2000
 usermod -a -G sgrp user1000
 usermod -a -G sgrp user2000
  1. Set up appropriate ownership (root), owning group (sgrp), and permissions (rwx for group, — for public, s for group, and t for public) on the directory to support group collaboration and ensure non-owners cannot delete files.
 chgrp sgrp sdir
 chmod g=rwx,o=--- sdir
 chmod o+t sdir
 chmod g+s sdir
  1. Log on as user1000 and create a file under /sdir.
 su - user1000
 cd /sdir
 touch testfile
  1. Log on as user2000 and try to edit that file. You should be able to edit the file successfully.
 su - user200
 cd /sdir
 vim testfile
 cat testfile
  1. As user2000 try to delete the file. You should not be able to.
 rm testfile

Lab: Find Files (root)

  1. Search for all files in the entire directory structure that have been modified in the last 300 minutes and display their type.
 find /sdir -mtime -300 -exec file {} \;
  1. Search for named pipe and socket files.
 find / -type p
 find / -type s

Lab: Find Files Using Different Criteria (root)

  1. Search for regular files under /usr that were accessed more than 100 days ago, are not bigger than 5MB in size, and are owned by the user root.
 find /usr -type f -mtime +100 -size -5M -user root

Lab: Apply ACL Settings (root)

  1. Create file testfile under /tmp.
 touch /tmp/testfile
  1. Create users.
 adduser user2000
 adduser user3000
 adduser user4000
  1. Apply ACL settings on the file so that user2000 gets 7, user3000 gets 6, and user4000 gets 4 permissions.
 setfacl -m u:user2000:7 testfile
 setfacl -m u:user3000:6 testfile
 setfacl -m u:user4000:4 testfile
  1. Remove the ACLs for user2000, and verify.
 setfacl -x user2000 testfile
 getfacl testfile
  1. Erase all remaining ACLs at once, and confirm.
 setfacl -b testfile
 getfacl testfile

Basic File Managment

Chapter 3 RHCSA Notes - File Management

7 File types

  1. regular
  2. directory
  3. block special device
  4. character special device
  5. symbolic link
  6. named pipe
  7. socket

Commands

  • ls
  • stat
  • file

Regular files

  • Text or binary data.
  • Represented by hyphen (-).

Directory Files

  • Identified by the letter “d” in the beginning of ls output.

Block and Character (raw) Special Device Files

  • All hardware has device file in /dev/.
  • Used by system to communicate with device.
  • Identified by “c” or “b” in ls listing.
  • Each device driver is assigned a unique number called the major number
  • Character device
    • Reads and writes 8 bits at a time.
    • Serial
  • Block device
    • Receives data in fixed block size determined by drivers
    • 512 or 4096 bytes

Major Number

  • Used by kernel to recognize device driver type.
  • Column 5 of ls listing.
ls -l /dev/sda

Minor Number

  • Each device controlled by the same device driver gets a Minor Number
  • Applies to disk partitions as well.
  • The same driver can control multiple devices of the same type.
  • Column 6 of ls listing
ls -l /dev/sda
  • Shortcut to another file or directory.
  • Begins with “l” in ls listing.
ls -l /usr/sbin/vigr
lrwxrwxrwx. 1 root root 4 Jul 21 14:36 /usr/sbin/vigr -> vipw

Compression and Archiving

Archiving

  • Preserves file attributes such as ownership, owning group, and timestamp.
  • Preserves extended file attributes such as ACLs and SELinux contexts.
  • Syntax of tar and star are identical.

star command

tar (tape archive) command

  • Create, append, update, list, and extract files/directory tree to/from a file called a tarball(tarfile)
  • Can compress a tarball after it’s been created.
  • Automatically removes “/” so you do not have to specify the full pathname  when restoring files at any location.

flags tar -c :: Create tarball. tar -f :: Specify tarball name. tar -p :: Preserve file permissions. Default for the root user. Specify this if you create an archive as a normal user. tar -r :: Append files to the end of an existing uncompressed tarball. tar -t :: List contents of a tarball. tar -u :: Append files to the end of an existing uncompressed tarball provided the specified files being added are newer. -z -j -C

Archive entire home directory:

tar -cvf /tmp/home.tar /home

Archive two specific files:

tar -cvf /tmp/files.tar /etc/passwd /etc/yum.conf

Append files in a directory to existing tarball:

tar -rvf /tmp/files.tar /etc/yum.repos.d

List what is included in home.tar tarball:

tar -tvf /tmp/files.tar

Restore single file and confirm:

tar -xf /tmp/files.tar etc/yum.conf
ls -l etc/yum.conf

Restore all files and confirm:

tar -xf /tmp/files.tar
ls

Create a gzip-compressed tarball under /tmp for /home:

tar -czf /tmp/home.tar.gz /home

Create bzip2-compressed tarball under /tmp for /home:

sudo tar -cjf /tmp/home.tar.bz2 /home

List content of gzip-compressed archive without uncompressing it:

tar -tf /tmp/home.tar.gz

Extract files from gzip-compressed tarball in the current directory:

tar -xf /tmp/home.tar.gz

Extract files from the bzip2-compressed tarball under /tmp:

tar -xf /tmp/home.tar.bz2 -C /tmp

Compression tools

gzip (gunzip) command

  • Create a compressed file for each of the specified files.
  • Adds .gz extension.

Flags

Copy /etc/fstab to the current directory and display filename when uncompressed:

cp /etc/fstab .
ls -l fstab

gzip fstab and view details:

gzip fstab
ls -l fstab.gz

Display compression info:

gzip -l fstab.gz

Uncompress fstab.gz:

gunzip fstab.gz
ls -l fstab

bzip2 (bunzip2) command

  • Adds .bz2 extension.
  • Better compression/ decompression ratio but is slower than gzip.

Compress fstab using bzip and view details:

bzip2 fstab
ls -l fstab.bz2

Unzip fstab.bz2 and view details:

bunzip2 fstab.bz2
ls -l fstab

File Editing

Vim

vimguide

File and Directory Operations

touch command

  • File is created with 0 bytes in size.
  • Run touch on it and it will get a new timestamp

Flags

Set date on file1 to 2019-09-20:

touch -d 2019-09-20 file1

Change modification time on file1 to current system time:

touch -m file1

mkdir command

  • Create a new directory.

flags

Create dir1 verbosely:

mkdir dir1 -v

Create dir2/perl/perl5:

mkdir -vp dir2/perl/perl5

Commands for displaying file contents

  • cat
  • more
  • less
  • head
  • tail

cat command

  • Concatenate and print files to standard output.

Flags

Redirect output to specified file:

cat > catfile1

tac command

  • Display file contents in reverse

more command

  • Display files on page-by-page basis.
  • Forward text searching only.

less command

  • Display files on page-by-page basis.
  • Forward and backwards searching.
less /usr/bin/znew

head command

  • Displays first 10 lines of a file.
head /etc/profile

View top 3 lines of a file:

head -3 /etc/profile

tail command

  • Display last 10 lines of a file.

Flags

tail /etc/profile

View last 3 lines of /etc/profile:

tail -3 /etc/profile

View updates to the system log file /varlog/messages in real time:

sudo tail -f /var/log/messages

Counting Words, Lines, and Characters in Text Files

wc (word count) command

  • Display the number of lines, words, and characters (or bytes) contained in a text file or input supplied.

Flags

 wc /etc/profile
  85  294 2123 /etc/profile

Display count of characters on /etc/profile:

wc -m /etc/profile

Copying Files and Directories

cp command

  • Copy files or directories.
  • Overwrites destination without warning.
  • root has a custom alias in their .bashrc file that automatically adds the -i option.
alias cp='cp -i'

Flags

cp file1 newfile1

Copy file to new directory:

cp file1 dir1

Get confirmation before overwriting:

cp file1 dir1 -i
cp: overwrite 'dir1/file1'? y

Copy a directory and view hierarchy:

cp -r dir1 dir2
ls -l dir2 -R

Copy file while preserving attributes:

cp -p file1 /tmp

Moving and renaming Files and Directories

mv command

  • Move or rename files and directories.
  • Can move a directory into another directory.
    • Target directory must exist otherwise you are just renaming the directory.
  • Alias exists in root’s home directory for -i in the .bashrc file.
alias—“alias mv=’mv -i’""

Flags

mv -i file1 dir1
mv newfile1 newfile2

Move a dir into another dir (target exists):

mv dir1 dir2

Rename a directory (Target does not exist):

mv dir2 dir20

Removing files

rm command

  • Delete one or more specified files or directories.
  • Alias—“alias rm=’rm -i’”— in the .bashrc file in the root user’s home directory.
  • Remember to backslash “" any wildcard characters in filenames.

Flags

Erase newfile2:

rm -i newfile2

rm a directory:

 rm -dv emptydir

rm a directory recursively:

rm -r dir20

rmdir command

  • Remove empty directories.

Flags

rmdir emptydir -v

File Linking

inode (index node)

  • Contains metadata about a file (128 bytes)
    • File type, Size, permissions, owner name, owning group, access times, link count, etc.
    • Also shows number of allocated blocks and pointers to the data storage location.
  • Assigned a unique numeric identifier that is used by the kernel for accessing, tracking, and managing the file.
  • Does not store the filename.
  • Filename and corresponding inode number mapping is maintained in the directory’s metadata where the file resides.
  • Links are not created between files and directories
  • Mapping between one or more filenames and an inode number.
  • Hard-linked files are indistinguishable from one another.
  • All hard-linked files will have identical metadata.
  • Changes to the file metadata and content can be made by accessing any of the filenames.
  • Cannot cross file system boundaries.
  • Cannot link directories.

ls -li output

  • Column 1 inode number.
  • Column 3 link count.
  • Symbolic (symlink).
  • Like a Windows shortcut.
  • Unique inode number for each symlink.
  • Link count does not increase or decrease.
  • Size of soft link is the number of character in pathname to target.
  • Can cross file system boundaries.
  • Can link directories.
  • ls-l shows l at the beginning of the permissions for soft link
  • if you remove the original file, the softlink will point to a file that doesn’t exist.
  • RHEL 8 has four soft-linked directories under /.
    1. bin -> usr/bin
    2. lib -> usr/lib
    3. lib64 ->usr/lib64
    4. sbin -> usr/sbin
  • Same syntax for creating linked directories

ln command

  • Create links between files.
  • Creates hard link by default.
touch file10
ln file10 file20
ls -li
ln -s file10 soft10

Copying vs linking

Copying

  • Duplicates source file.
  • Each copy stores data at a unique location.
  • Each copied file has a unique inode number and unique metadata.
  • If a copy is moved, erased, or renamed, the source file will have no impact, and vice versa.
  • Copy is used when the data needs to be edited independent of the other.
  • Permissions on the source and the copy are managed independent of each other.

Linking

  • Creates a shortcut that points to the source file.
  • Source can be accessed or modified using either the source file or the link.
  • All linked files point to the same data.
  • Hard Link: All hard-linked files share the same inode number, and hence the metadata.
  • Symlink: Each symlinked file has a unique inode number, but the inode number stores only the pathname to the source.
  • Hard Link: If the hard link is weeded out, the other file and the data will remain untouched.
  • Symlink: If the source is deleted, the soft link will be broken and become meaningless. If the soft link is removed, the source will have no impact.
  • Links are used when access to the same source is required from multiple locations.
  • Permissions are managed on the source file.

Labs

Lab: Viewing regular file information:

touch file1
ls -l
file file1
stat file1
  1. Create an empty file /tmp/hard1, and display the long file listing including the inode number:
touch /tmp/hard1
ls -li /tmp/hard1
  1. Create two hard links called hard2 and hard3 under /tmp, and display the long listing:
ln /tmp/hard1 /tmp/hard2
ln /tmp/hard1 /tmp/hard3
ls -li /tmp/hard*
  1. Edit file hard2 and add some random text. Display the long listing for all three files again:
vim /tmp/hard2
ls -li /tmp/hard*
  1. Erase file hard1 and hard3, and display the long listing for the remaining file:
rm -f /tmp/hard1 /tmp/hard3
ls -li /tmp/hard*
  1. Create soft link /root/soft1 pointing to /tmp/hard2, and display the long file listing for both:
sudo ln -s /tmp/hard2 /root/soft1
ls -li /tmp/hard2 /root/soft1
sudo ls -li /tmp/hard2 /root/soft1

2.Edit soft1 and display the long listing again:

sudo vim /root/soft1
sudo ls -li /tmp/hard2 /root/soft1

3.Remove hard2 and display the long listing:

sudo ls -li /tmp/hard2 /root/soft1

remove the soft link

rm -f /root/soft1.

Lab: Archive, List, and Restore Files

Create a gzip-compressed archive of the /etc directory.

tar -czf etc.tar.gz /etc

Create a bzip2-compressed archive of the /etc directory.

sudo tar -cjf etc.tar.bz2 /etc

Compare the file sizes of the two archives.

ls -l etc*

Run the tar command and uncompress and restore both archives without specifying the compression tool used.

sudo tar -xf etc.tar.bz2 ; sudo tar -xf etc.tar.gz

Lab: Practice the vim Editor

As user1 on server1, create a file called vipractice in the home directory using vim. Type (do not copy and paste) each sentence from Lab 3-1 on a separate line (do not worry about line wrapping). Save the file and quit the editor.

Open vipractice in vim again and reveal line numbering. Copy lines 2 and 3 to the end of the file to make the total number of lines in the file to 6.

:set number!
#then
yy and p

Move line 3 to make it line 1.

3m0

Go to the last line and append the contents of the .bash_profile.

:r ~/.bashrc

Substitute all occurrences of the string “Profile” with “Pro File”, and all occurrences of the string “profile” with “pro file”.

:%s/profile/pro file/gi

Erase lines 5 to 8.

:5,8d

Provide a count of lines, words, and characters in the vipractice file using the wc command.

wc vipractice

Lab: File and Directory Operations

As user1 on server1, create one file and one directory in the home directory.

touch file3
mkdir dir5

List the file and directory and observe the permissions, ownership, and owning group.

ls -l file3
ls -l dir5
ls -ld dir5

Try to move the file and the directory to the /var/log directory and notice what happens.

mv dir5 /var/log
mv file3 /var/log

Try again to move them to the /tmp directory.

mv dir5 /tmp
ls /tmp

Duplicate the file with the cp command, and then rename the duplicated file using any name.

cp /tmp/file3 file4
ls /tmp
ls

Erase the file and directory created for this lab.

rm -d /tmp/dir5; rm file4