Notes for Apue--chapter 4 files and directories (files and directories)

4.1 Introduction 4.2 Stat, Fstat, Fstatat, and Lstat Functions

The Lstat function is similar to stat and when the named file was a symbolic link lstat returns information about the SYM Bolic link, not the file referenced by the symbolic link.

4.3 File types

1. Common Files

2. Catalog files

Directory file. A file that contains the names of other files and pointers to
Information on these files. Any process this has Read permission for a directory
File can read the contents of the directory, but only the kernel can write directly
to a directory file. Processes must use the functions described on this chapter to
Make changes to a directory.

The catalog file contains the names of other files and pointers to information about those files. Any process that has read access to a directory file can have the contents of that directory, but only the kernel can write the directory file directly. The process must use the functions described in this chapter to change the directory.

3. Block Special files

Block special file. A type of file providing buffered I/O Access in fixed-size units
To devices such as disk drives.

A fixed-size unit, such as a disk drive, that can have a buffered access block on a special file , such as a device that belongs to a block special file.

4. Character Special files

Character special file. A type of file providing unbuffered I/O access in
Variable-sized units to devices. All devices on a system is either block special
Files or character special files.

A fixed-size unit can be accessed without buffering the characters on special files . All devices on a system are not block special files or character special files.

5. FIFO

This type of file is used for interprocess communication, sometimes referred to as a named pipe (named pipe).

6. Socket

7. Symbolic Links

4.4 Set-user-id and Set-group-id

There are 6 or more IDs associated with a process.

1. The real user ID and the real group ID indicate who we really are.
2. Effective user ID, effective group ID, and supplementary group IDs determine our file access rights.
3. When a program is executed, saved Set-user-id and saved Set-group-id will contain a copy of the effective user ID and the effective group ID, respectively.

Typically, the effective user ID equals the real user id,effective group ID equals the real group ID.

Each file has an owner and a group owner. The ST_UID member in the stat structure (struct stat) specifies who the owner of the file is, and similarly, the St_gid member of the STAT structure specifies who the file's group owner is.

When we execute a program file , the effective user ID in the process is usually the real user ID, and similarly, the effective group I in the process D is usually the real group ID. However, we can change this situation by setting a related flag in the St_mode member of struct Stat. When a process executes a file, the process's effective user ID can be set to the owner of the file (that is, the value of the St_uid member in the file's struct stat), and the process's effective group ID can be set to the file's Group owner (that is, the value of the St_gid member in the file's struct stat). We call the above two bits (flag) in St_mode as the set-user-id bit and the set-group-id bit.   

For example, if the owner of a file is Superuser, and the Set-user-id bit of the file is already set, then when the process run this file (the file itself is a program,run up is a process), this process will have SUP Eruser's privileges. No matter who the real user ID of the process that executed the file is, the above situation will certainly occur. Looking at another example, UNIX system programs allow any user to change their password, in fact, passwd (1) is a Set-user-id program, which we need because/etc/passwd and/etc/shadow only Superuse R to write (then when our process runs the passwd (1) program, the effictive user ID of the process is set to Superuser, so that the process has superuser privileges, which can be/etc/pass WD or/etc/shadow for rewriting). A Process Execution Set-user-id program usually has the other user's permissions, so writing such code requires special care.

Back to the stat function, the Set-user-id bit and Set-group-id bit are included in the St-mode members of the file's struct stat structure. Whether these two bits are set can be tested with constants S_isuid and S_isgid.

4.5 File access permissions (permission)

The St_mode member in the file's struct stat structure also contains the file's access permission bits (access permission bit). When referring to a file, it refers to the type of file (such as normal files, directory files, etc.). All file types have permission (permissions). Many people take it for granted that only ordinary documents (regular files) have access rights.

For each file there are 9 kinds of permission, which are divided into the following 3 categories:

In the first 3 lines of the term user, refers to the file owner. The chmod (1) command (for modifying these 9 permission bit) allows us to represent the user (owner) with the U, the group in G, and the O for other.

The 3 types of access rights (read, write, and execute) are used in various ways by different functions. These usage methods are summarized here.

1. The first rule is that whenever we want to open any type of file by name, there must be Execute permission (Execute permission) for the directory containing the file name (including the current directory). This is why the Execute permission bit of a directory is often called the search bit.

For example, to open the file/usr/include/stdio.h, we need execute
Permission in the directory/, execute permission in the DIRECTORY/USR, and execute
Permission in the Directory/usr/include. We then need appropriate permission
For the file itself, depending in how do we ' re trying to open it:read-only, Read–write,
And so on.
If The current directory is is/usr/include, then we need execute permission in the
Current directory to open the file stdio.h. This is a example of the current
Directory being implied, not specifically mentioned. It is identical to our opening the
File./stdio.h.

It is important to note that for a directory file, read permissions and execute permissions are different. Read permissions allow us to read the directory and get a list of all the filenames in that directory. When a directory is a part of the pathname that we want to access, execute permissions on that directory allow us to go through that directory (that is, to search for that directory for a specific file name).

For a file, it is literally understandable, but what does the execution privilege mean for a directory? How does it differ from read and write permissions?

Do some small experiments first, and then summarize.

# # # Experiment Data Preparation # #
$ mkdir test                          # Create Catalog Test
$ echo "Hello" > test/f1           # Create a file under Directory test F1
##################

1. Read permissions
$ chmod 444 Test # Modify directory for Read permissions (including users, groups, and others)
$ ls Test # View directory Test file list
F1 # results show
$ cat Test/f1 # Try again to see the file in the catalog test F1
Cat:test/f1:permission denied

Thus, the Read permission of the directory allows us to read the directory only, get a list of all the filenames in that directory, but cannot view the contents of the files in the directory.

2. Execute permissions
$ chmod 111 Test # Modify directory to execute permissions (including users, groups, and others)
$ ls Test # View directory Test file list
ls:test/: Permission denied
$ cat Test/f1 # View the file in the catalog test F1
Hello

This shows that the directory execution permission does not allow us to read the directory's file list, but can view the contents of the file in the directory. When a directory is a part of the path name of the file that we want to access, execute permissions on that directory allow us to pass through the directory.

3. Write permissions
$ chmod 222 Test # Modify directory for write permissions (including users, groups, and others)
$ echo "Bye" > Test/f1 # Modify the contents of the file F1 in the catalog test
-bash:test/f1:permission denied
$ chmod 333 Test # Modify directory for Execute, write permissions (including users, groups, and others)
$ echo "Bye" > Test/f1
$ cat Test/f1
Bye

This shows that to modify the contents of the file in the directory, not only the write permission of the directory, but also the execution of the directory permissions (this is obvious).

2. The Read permission for a file determines whether we can open an existing file for reading:the O_RDONLY and O_RDWR FLA GS for the Open function.

3. The Write permission for a file determines whether we can open an existing file for writing:the o_wronly and O_rdwr FL AGS for the Open function.

4. We must has write permission for a, file to specify, the O_TRUNC flag in the open function.

5. We cannot create a new file in a directory unless We has write permission and execute permission in the directory.

6. To delete a existing file, we need Write permission and execute permission in the directory containing the file. We don't need Read permission or write permission for the file itself.

7. Execute permission for a file must is on if we want to Execute the file using any of the seven Exec functions (section 8.10). The file also have to is a regular file.

each time the process open, create, or delete a file, the kernel will perform a file access test, which will involve the file's owners (St_uid and St_gid), the process of effective IDs (effective User ID and effective group ID) and process supplementary group IDs (if supported). two kinds of owner IDs are attributes of the file, while the two effective IDs and supplementary group IDs are the properties of the process. The kernel tests are as follows:

1. If the effective user ID of the process is 0 (the superuser), then access is allowed.

2. If the effective user ID of the process equals the owner of the file (for example, the process owns the file), and the appropriate user access permission bit (a bit of the St_mode member in the file's struct stat structure) is set, then allow access to the file, otherwise, access is denied. Here, the appropriate user access permission bit refers to: if the process opens the file for read, then the user-read bit should be 1 if the process opens the file for write, then the user-write bit should be 1 if the process opens For execution, the user-execute should be 1.

3. If the effective group ID of the process or one of the supplementary group IDs equals the group ID of the file, and the appropriate group access permission bit (the file's struct STA A bit of the St_mode member in the T structure) is set, then the process allows access to the file, otherwise, access is denied.

4. If the appropriate other access permission bit (a bit of the St_mode member in the file's struct stat structure) is set, then the process allows access to the file, otherwise, access is denied.

The above 4 steps are attempted sequentially. Note that if the process owns the file (step 2), then the process can access the file, depending only on the file's user access permission, and no longer the group access permission that is involved in the file. Similarly, if a process does not own the file but belongs to a suitable group, then the process can access the file, depending solely on the file's group access permission, no longer involving the other permission of the file.

Notes for Apue--chapter 4 files and directories (files and directories)