Properties of FreeBSD files

Source: Internet
Author: User
Tags chmod file system requires system log file permissions root directory

The file is a very important concept under UNIX, not only using files to save data, but also using files to save directory information, to represent hardware devices, and so on. Unix filenames are case-sensitive, for example, "foo" and "foo" are two different files, and the file name can be up to 255 characters long.

Files are organized in a hierarchical manner, each level is called a directory, its contents are saved using a special directory file, and the first level directory is the root, which forms a tree structure, the root directory "/", and the root directory has a normal file and its subdirectories, such as: "/usr/", "/var/" and so on , and have their own files and subdirectories under different subdirectories.

/directory: The root of the directory tree that holds the kernel files of the system and the system boot files, which are located on the root file system.

/dev Directory: Used to save the system's device files, occupy roughly fixed hard disk space, located in the root file system.

/ETC directory: A configuration file that is used to save the system, including very important files such as PASSWD,RC, is also placed in the root file system.

/bin and/sbin directory: The execution files are saved for system maintenance purposes, where the files in/sbin are typically used directly for system maintenance,/bin provide the basic tools for administrators to use the system. must also be placed on the root file system, when the system is running in Single-user mode and only when the root file system is installed on the system, these programs can be run for system maintenance tasks.

/tmp directory: Used to store the temporary files generated by the program, this directory is also writable by each user, the system will automatically empty the directory when it starts. When the system runs a larger service program, it requires a large/TMP space that exceeds the space of the root file system, so you can create another temporary file directory in the other file system, using methods such as symbolic connections to maintain.

/usr directory: Used to save a variety of files used during the normal operation of the system, where/usr/bin place system execution files,/usr/sbin Place system maintenance programs,/usr/local place non-standard applications,/usr/share place documents and other data files in the system, /usr/src to place the source code of the system,/USR/X11R6 to place the X Window System, application and data files. Because of the very many content, the/usr directory is typically a separately installed file system that occupies a hard disk partition called the USR file system. As System tasks grow, the contents of the/usr directory increase rapidly, as well as consider separating their larger subdirectories, such as the/usr/local directory.

/var directory: Used to save data files generated and used by the system runtime, such as the/var/log directory used to place the system log,/va r/db/pkg directory to place the installation records for the system software package. Many applications also use it to place data files, such as news servers. The files in this directory will change as the system runs, and many of these files will grow and occupy a lot of disk space. This directory should be detached so that even if a process does not have a limited number of data files in this directory, populating the entire filesystem will not affect the data store in other directories, such as the data store in the user's own directory. Because the size of the/var directory changes as the application requires, the/var footprint should be larger for servers that provide network services.

/home directory: Use it to maintain the user's personal directory, its size by the number of users and the user's active degree of decision, also need to have enough space to provide a normal service. Typically, this directory is stored in the USR file system and is maintained using a connection under the root directory. When the number of users increases a lot, you should leave it in a separate file system.

These directories are initially designed to hold different data, and each directory uses a different partition. It is not right for users accustomed to Dos/windows to use multiple file systems in a way that uses only one file system. Multi-file systems can be used to separate different tasks, separate system risks, and increase reliability, which is required for FreeBSD systems that serve as servers.

Unix's tree-like directory structure is very standard, that kind of file should be placed in that directory has a certain habit. Of course, in different UNIX, the location of the specific files also have subtle differences, in fact, in the process of UNIX development, the standard directory tree structure has several major changes, but the basic structure is the same. Because FreeBSD has a unified version, all developers use the same source tree, and use the unified packages Collection mechanism to maintain the application software, so FreeBSD directory structure is more neat and clean.

    • Properties of the file

Since FreeBSD is a multi-user system, different users should have different processing power over different files, and usually the user who creates the file owns the file and becomes the owner of the file. Similarly, a file has its own group, which is the two important attributes of a file. Because the owners and groups of the files involve access control of the file, only root can change the file's two properties, change the file owner's command to Chown, and change the file's group command to CHGRP.

Since it is not possible to provide a completely separate file system for each user individually, a multiuser operating system must provide a secure access control mechanism that allows users to share certain files with other users and ensure that the files of individual users are not illegally accessed or corrupted. UNIX has a total of three different users for the owner, the same group of users, and other users, respectively, with access control rights: Read, Write, and execute, expressed in English letters R (read), W (write), and X (execute) respectively. Because these three permission settings are available to the owner, group, and other users, there are nine permission parameters per file. You can see the permissions settings for a file by using the "ls-l" command:

$ ls -l

drwx------ 4 user wheel  512 Nov 25 17:23 Mail

-rw-rw-r-- 1 user wheel  149 Dec 4 14:18 Makefile

-rwxr-xr-x 1 user wheel  3212 Dec 4 12:36 a.out

drwxr-xr-x 1 user wheel  512 Dec 14 17:03 bin

-rw-r--r-- 1 user wheel  143 Dec 4 12:36 hello.c

drwxr-xr-x 2 user wheel  1024 Oct 16 1997 public_html

drwxrwxrwx 2 user wheel  512 Jan 3 14:07 tmp

From the example above, you can see that the permissions settings for the file are displayed in the first column of the listed data, such as the A.out property of the file is-rwxr-xr-x, displaying a total of 10-letter positions. The first location is the type of file to identify, not the permission settings, and the remaining nine locations represent the three permissions settings for each of the three groups. The second to fourth position indicates that the owner's permissions are set to read, write, and execute respectively, and the fifth to seventh position sets the permissions for the same group of users, and eighth to the tenth position to set the permissions of the other user. When the corresponding permission is not displayed at the specified location, but "-", the corresponding permission is not allowed. Therefore, the permissions for the a.out are set to read-write and execute for the owner's permissions, for the same group of users for Read and execute permissions, and for other users. For a directory, having Read permission means that users can list the contents of the file in this directory, write permissions that allow users to add, delete, and change file names in this directory, and execute permissions to ensure that users can access the directory using CDs.

The first position of the LS output result represents a category, for example "D" represents a directory, "C" indicates that the file is a character device file, "B" is a block device file, and "L" is represented as a symbolic connection.

The UNIX system internally uses numeric values to represent these attributes, each of which corresponds to a bits in the file attribute, and if the access permission is set, the corresponding BITS is 1, and if the access permission is not set, the bits is 0. This a.out permission attribute rwxr-xr-x in binary notation is 111101101,unix often used in the form of octal, so this permission is 755.

The owner and administrator of the file can use the command chmod to set or change permissions on the file. There are several different ways to use chmod, you can set properties directly using the octal permission representation, or use property letters to set or change the properties of a file, different methods of use require different chmod parameters, and here are some examples of using chmod:

chmod 750 a.out: The authority to change a.out is 750;

chmod a+x a.out: Adds a.out execution rights to all users,
A (all) represents all users;

chmod u=rwx a.out: Set owner's permissions to read, write, and execute
U (user) is the main user;

chmod G+RW a.out: Increase read and write access to the same group of users
G (group) represents the same group of users;

chmod o-w a.out: Reduces write access for other users,
O (Others) means other users;

chmod go= a.out: Clears all permissions for the same group and other users;

chmod o=u-w a.out: Set Other user's permissions to minus the owner of the Write permission;

Permission 755 is the most common file permission setting, which allows other users to access the file, but cannot be changed, and access to the file can be set to 700 if the file is not intended to be accessed by other users. When a file is created, the system uses a mask to determine the permissions of the file. If the mask has a binary corresponding bit of 1, the corresponding bit of the file attribute is set to 0, for example, when the mask's octal is represented as 022 (binary is 000010010), the file permissions created are 755 (111101101). The file mask is set using the Umask command, for example, with the "Umask 027" setting mask of 027, the file permission created is 750, and no other user will have any permissions on the file. You can set the user's mask in the startup resource file or in the settings in the logon category.

The directory needs to set the execution bit to allow the user to access the directory using the CD command

When a file's permissions are set, when a process attempts to access the file, the system compares the owner and group of the process with the owner and group of the file to determine whether the process has access rights. Because each process's owner and group identity is determined by the user who started the process, a user-initiated process has its own access to the file.

In addition to read, write, and execute permissions, there are two other very important attributes for an executable program: Set the owner (setuid, set User ID) permission and set group identity (Setgid, set group ID) permissions. These two properties allow a program to change its own process identity as a program file owner or group, so that it can have access to the owner or group of the program's files, rather than just the access rights of the user who started the process, so that specific tasks can be accomplished. Many system programs, such as Su, perform the conversion of the normal user identity from the execution process to the root user through this feature, so these two attributes are critical to system security. is not a necessary system program and cannot have these properties.

You can use either chmod +s file or chmod g+s file to set these two properties, or use the chmod 4755 file, chmod 2755 file octal method to set the Setuid or Setgid properties.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.