[ previous ] [ Contents ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ] [ 18 ] [ A ] [ B ] [ C ] [ D ] [ next ]

Debian Tutorial
Chapter 7 - More on files


In Files and Directories, Section 4.2 we covered moving/renaming files with mv, copying them with cp, removing them with rm, removing directories with rmdir, and creating directories with mkdir. This chapter will cover some more aspects of files.


7.1 Permissions

GNU and Unix systems are set up to allow many people to use the same computer, while keeping certain files private or keeping certain people from modifying certain files. You can verify this for yourself:

  1. Log in as yourself, i.e. NOT as root.
  1. whoami

    Verifies that you are not root.

  1. rm /etc/resolv.conf

    You should be told "Permission denied." /etc/resolv.conf is an essential system configuration file --- you aren't allowed to change or remove it unless you're root. This keeps you from accidentally messing up the system, and if the computer is a public one such as at an office or school, it keeps users from messing up the system on purpose.

Now type ls -l /etc/resolv.conf

This will give you output that looks something like this:

     -rw-r--r-- 1 root root 119 Feb 23 1997 /etc/resolv.conf

The -l option to ls requests all that additional information. The info on the right is easy - the size of the file is 119 bytes, the date the file was last changed is Feb 23 1997, the file's name is /etc/resolv.conf. On the left side of the screen, things get a little more complicated.

First, the brief, technical explanation: the -rw-r--r-- is the mode of the file, the 1 is the number of hard links to this file (or the number of files in a directory), and the two root are the user and group owning the file.

So that was cryptic. Let's go through it slowly (except the hard links part --- for that see The real nature of files: hard links and inodes, Section 16.2.1).


7.1.1 File Ownership

Every file has two owners --- a user, and a group. The above case is a little confusing, since there's a group called root in addition to the root user. Groups are just collections of users who are collectively permitted access to some part of the system. A good example is a games group. Just to be mean, you might set up your system so that only people in a games group are allowed to play games.

A more practical example: say you're setting up a computer for a school. You might want certain files to be accessible only to teachers, not students, so you put all the teachers in a single group. Then you can tell the system that certain files belong to members of the group teachers, and that no one else can access those files.

Here are some things you can do to explore groups on your system:

  1. groups

    Typing this at the shell prompt will tell you what groups you're a member of. It's likely that you're a member of only one group, which is identical to your username.

  1. more /etc/group

    This file lists the groups that exist on your system. Notice the root group (the only member of this group is the root user), and the group which corresponds to your username. There are also groups like dialout (users who are allowed to dial out on the modem), and floppy (users who can use the floppy drive). However, your system is probably not configured to make use of these groups --- it's likely that only root can use the floppy or the modem right now. For details about this file, try reading man group.

  1. ls -l /home

    Observe how every user's directory is owned by that user and that user's personal group. (If you just installed Debian, you may be the only user.)


7.1.2 Mode

In addition to being owned by one user and one group, every file and directory also has a mode, which determines who's allowed to read, write, and execute the file. There are a few other things also determined by the mode, but they're advanced topics so we'll skip them for now.

The mode looks like this in the ls output: -rw-r--r--. There are ten "elements" here, and the mode actually consists of twelve bits (think of bits as switches which can be on or off). But for now, we'll consider only nine of these bits: those that control read, write, and execute permissions for the user owning the file, the group owning the file, and others (everyone on the system, sometimes called world).

Notice that three kinds of permission (read, write, execute) times three sets of people who can have permission (user, group, others) makes a total of nine elements.

In the mode line, the first "element" gives the type of the file. The - in this case means it's a regular file. If it was d, we'd be looking at a directory. There are other possibilities too complex to go into now (see Advanced aspects of file permissions, Section 16.2.4).

The remaining nine "elements" are used to display the 12 bits that make up the file's mode. The basic 9 bits (read, write, and execute for user, group, and other) are displayed as three blocks of rwx.

So if all permissions are turned on and this is a regular file, the mode will look like this: -rwxrwxrwx. If it was a directory with all permissions turned off for others and full permissions for user and group, it would be drwxrwx---. (The remaining three bits are displayed by changing the x to s, t, S, or T, but this is a complex topic we're saving for Advanced aspects of file permissions, Section 16.2.4.)

For regular files, "read", "write", and "execute" have the following meanings:

Directory modes are a little confusing, so here are some examples of the effects of various combinations:

Directory write permission determines whether you can delete files in a directory --- a read-only file can be deleted, if you have permission to write to the directory containing it. You can't delete a file from a read-only directory, even if you're allowed to make changes to the file. File permissions have nothing to do with deleting files.

This also means that if you own a directory you can always delete files from it, even if those files belong to root.

Directory execute permission determines whether you have access to files --- and thus whether file permissions come into play. If you have execute permissions to a directory, file permissions for that directory become relevant. Otherwise file permissions just don't matter; you can't access the files anyway.

If you have execute permission for the directory, file permissions determine whether you can read the contents of the file, change the file, and/or execute the file as a command.

Finally, permission to change permissions on a file or directory is not affected by the permissions of that file or directory. Rather, you can always change the permissions on files or directories that you own, but not on files owned by someone else, as long as you are permitted access to the file. So if you can access a file you own at all (that is, you have execute permission for the directory containing it) then you can change its permissions.

This means that you can't permanently remove permissions from yourself because you can always give them back. Say you remove user write permission from a file you own, then try to change the file. It won't be permitted, but you can always give yourself write permission again and then change the file. The only way to lose the ability to change permissions back is to lose access to the file entirely.


7.1.3 Permissions in practice

This section goes through a short example session to demonstrate how permissions are used.

To change permissions, we'll use the chmod command.

  1. cd; touch myfile

    There are a couple of new tricks here. First, you can use ; to put two commands on one line. You can type the above as:

         $ cd 
         $ touch myfile
    

    or as:

         $ cd; touch myfile
    

    and the same thing will end up happening.

    Recall that cd by itself returns you to your home directory. touch is normally used to change the modification time of the file to the current time, but it has another interesting feature: if the file doesn't exist, touch creates the file. So we're using it to create a file to practice with. Use ls -l to confirm that the file has been created, and notice the permissions mode:

         $ ls -l 
         -rw-r--r-- 1 havoc havoc 0 Nov 18 22:04 myfile
    

    Obviously the time and user/group names will be different when you try it. The size of the file is 0, since touch creates an empty file. -rw-r--r-- is the default permissions mode on Debian .

  1. chmod u+x myfile

    This command means to add (+) execute (x) permissions for the user (u) who owns the file. Use ls -l to see the effects.

  1. chmod go-r myfile

    Here we've subtracted (-) read permission (r) from the group (g) owning the file, and from everyone else (others, o). Again, use ls -l to verify the effects.

  1. chmod ugo=rx myfile

    Here we've set (=) user, group, and other permissions to read and execute. This sets permissions to exactly what you've specified, and unsets any other permissions. So all rx should be set, and all w should be unset. Now, no one can write to the file.

  1. chmod a-x myfile

    a is a shortcut for ugo, or "all". So all the x permissions should now be unset.

  1. rm myfile

    We're removing the file, but without write permissions. rm will ask if you're sure:

         rm: remove `myfile', overriding mode 0444?
    

    You should respond by typing y and pressing enter. This is a feature of rm, not a fact of permissions - permission to delete a file comes from the directory permissions, and you have write permission in the directory. However, rm tries to be helpful, figuring that if you didn't want to change the file (and thus removed write permission), you don't want to delete it either, so it asks you.

What was that 0444 business in the question from rm? The permissions mode is a twelve-digit binary number, like this: 000100100100. 0444 is this binary number represented as an octal (base 8) number, which is the conventional way to write a mode. So you can type chmod 444 myfile instead of chmod ugo=r myfile. This is fully explained in Advanced aspects of file permissions, Section 16.2.4.


7.2 What files are on my system? Where can I put my own files?

Now that you can navigate the directory tree, let's take a guided tour of the files and directories you created when you installed Debian. If you're curious, cd to each directory and type ls to see its contents. If the listing doesn't fit on the screen, try ls | more, where | is the "pipe" character, generally found on the same key with backslash.

/
As already mentioned, this is the root directory, which contains every other directory.
/root
But don't get / confused with /root! /root is the home directory of the root user, or superuser. It's a directory called /root, but it isn't the root directory /.
/home
This is where all normal users --- that is, all users except root --- have their home directories. Home directories are named after the user who owns them, for example, /home/jane. If you're using a large system at a school or business, your system administrator may create additional directories to contain home directories: /home1 and /home2 for example. On some other systems, you'll see an additional level of subdirectories: /home/students/username, /home/staff/username, etc...

Your home directory is where you put all your personal work, email and other documents, and personal configuration preferences. It's your home on the system.

/bin
This directory contains "binaries," executable files which are essential to the operation of the system. Examples are the shell (bash), and file commands such as cp.
/sbin
This directory contains "system binaries", utilities that the root user or system administrator might want to use, but probably you won't want to use in your day-to-day activities.
/usr
/usr contains most of the files you'll be interested in. It has many subdirectories: /usr/bin and /usr/sbin are pretty much like /bin and /sbin, except that the directories in /usr are not considered "essential to the operation of the system".

While not essential to get the computer working,/usr does contain the applications you'll use to get real work done. Also in /usr you'll find the /usr/man, /usr/info, and /usr/doc directories --- these contain manual pages, info pages, and other documentation, respectively. And don't forget /usr/games!

/usr/local
The Debian system doesn't install anything in this directory. You should use it if you want to install software that you compile yourself, or any software not contained in a Debian package. You can also install software in your home directory, if you'll be the only one using it.
/etc
/etc contains all the system-wide configuration files. Whenever you want to change something that affects all users of your computer --- such as how you connect to the internet, or what kind of video card you have --- you'll probably have to log on as root and change a file in /etc.
/tmp
Here you'll find temporary files, most of them created by the system. This directory is generally erased on a regular basis, or every time you reboot the system. You can create files here if you want, just be aware they might get deleted automatically.
/var
/var contains "variable" files, that the system changes automatically. For example, incoming mail is stored here. The system keeps a log of its actions here. There are a number of other automatically generated files here as well. You'll mostly be interested in the contents of /var/log, where you can find error messages and try to figure out what you're system's up to if something goes wrong.

Clearly there are many more directories on the system, too many to describe every one.

For changing things, you'll usually want to confine yourself to your home directory and /etc. On a Debian system, there's rarely an occasion to change anything else, because everything else is automatically installed for you.

/etc is used to configure the system as a whole. You'll use your own home directory, a subdirectory of /home, for configuring your own preferences, and storing your personal data. The idea is that on a day-to-day basis you confine yourself to /home/yourname, so there's no way you can break anything. Occasionally you log in as root to change something in a system-wide directory, but only when absolutely necessary. Of course, if you're using Debian at a school or business and someone else is the system administrator, you won't have root access and will only be able to change your home directory. This limits what you can do with the system.


7.3 Using a filemanager

Instead of moving files around by hand, you can use a file manager. If you move a lot of files around a file manager can make your work more efficient. There are text-based file managers, such as GNU Midnight Commander (type mc), and a number of file managers for the X Window System (for example gmc for the X Window version of GNU Midnight Commander).

Describing each of these is outside the scope of this manual; but you may want to try them out if the command line doesn't meet your needs.


[ previous ] [ Contents ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ] [ 18 ] [ A ] [ B ] [ C ] [ D ] [ next ]

Debian Tutorial


17 June 2006

Havoc Pennington [email protected]