Friday, 12 February 2016


Viewing Ownership and Permissions


In Linux, each and every file is owned by a single user and a single group, and has its own access permissions. Let's look at how to view the ownership and permissions of a file.
The most common way to view the permissions of a file is to use ls with the long listing option, e.g. ls -l myfile. If you want to view the permissions of all of the files in your current directory, run the command without an argument, like this.
ls -l   or ll

Understanding File attributes


Here is an example screenshot of what the output might look like, with labels of each column of output:
ls -l

Note that each file's mode (which contains permissions), owner, group, and name are listed. Aside from theMode column, this listing is fairly easy to understand. To help explain what all of those letters and hyphens mean, let's break down the Mode column into its components.


Understanding Mode

To help explain what all the groupings and letters mean, take a look at this closeup of the mode of the first file in the example above:
Mode and permissions breakdown

File Types

In Linux, there are two basic types of files: normal and special. The file type is indicated by the first character of the mode of a file--in this guide, we refer to this as the file type field.
Normal files can be identified by files with a hyphen (-) in their file type fields. Normal files are just plain files that can contain data. They are called normal, or regular, files to distinguish them from special files.
Special files can be identified by files that have a non-hyphen character, such as a letter, in their file type fields, and are handled by the OS differently than normal files. The character that appears in the file type field indicates the kind of special file a particular file is. For example, a directory, which is the most common kind of special file, is identified by the d character that appears in its file type field (like in the previous screenshot). There are several other kinds of special files but they are not essential what we are learning here.

Examples:

d      : Directory
-       : Files
l       : Link

when applying permissions to directories on Linux, the permission bits have different meanings than on regular files.
  • The execute bit allows the affected user to enter the directory, and access files and directories inside
  • The write bit allows the affected user to create, rename, or delete files within the directory, and modify the directory's attributes
  • The read bit allows the affected user to list the files within the directory (Not get Acess to any inode)
  • The sticky bit states that files and directories within that directory may only be 
  •  deleted or renamed by their owner (or root)



Assigning Permissions

we can Assign permissons in two methods

1) Symbolic method
2) Absolute method

Symbolic method


The first and probably easiest way is the relative (or symbolic) method, which lets you specify access classes and types with single letter abbreviations. A chmod command with this form of syntax consists of at least three parts from the following lists:
Access ClassOperatorAccess Type
u (user)+ (add access)r (read)
g (group)- (remove access)w (write)
o (other)= (set exact access)x (execute)
a (all: u, g, and o)
For example, to add permission for everyone to read a file in the current directory named myfile, at the Unix prompt, you would enter:
  chmod a+r myfile
The a stands for "all", the + for "add", and the r for "read".
Note:
This assumes that everyone already has access to the directory where myfile is located and its parent directories; that is, you must set the directory permissions separately.
If you omit the access class, it's assumed to be all, so you could also enter the previous example as:
  chmod +r myfile
You can also specify multiple classes and types with a single command. For example, to remove read and write permission for group and other users (leaving only yourself with read and write permission) on a file namedmyfile, you would enter:
  chmod go-rw myfile
You can also specify that different permissions be added and removed in the same command. For example, to remove write permission and add execute for all users on myfile, you would enter:
  chmod a-w+x myfile
In each of these examples, the access types that aren't specified are unchanged. The previous command, for example, doesn't change any existing settings specifying whether users besides yourself may have read (r) access to myfile. You could also use the exact form to explicitly state that group and other users' access is set only to read with the = operator:
  chmod go=r myfile
The chmod command also operates on directories. For example, to remove write permission for other users on a subdirectory named mydir, you would enter:
  chmod o-w mydir
To do the same for the current directory, you would enter:
  chmod o-w 
Be careful when setting the permissions of directories, particularly your home directory; you don't want to lock yourself out by removing your own access. Also, you must have execute permission on a directory to switch (cd) to it.

Absolute form

The other way to use the chmod command is the absolute form. In this case, you specify a set of three numbers that together determine all the access classes and types. Rather than being able to change only particular attributes, you must specify the entire state of the file's permissions.
The three numbers are specified in the order: user (or owner), group, other. Each number is the sum of values that specify read (4), write (2), and execute (1) access, with 0 (zero) meaning no access. For example, if you wanted to give yourself read, write, and execute permissions on myfile; give users in your group read and execute permissions; and give others only execute permission, the appropriate number would be calculated as (4+2+1)(4+0+1)(0+0+1) for the three digits 751. You would then enter the command as:
  chmod 751 myfile
As another example, to give only yourself read, write, and execute permission on the current directory, you would calculate the digits as (4+2+1)(0+0+0)(0+0+0) for the sequence 700, and enter the command:
  chmod 700 
If it seems clearer to you, you can also think of the three digit sequence as the sum of attributes you select from the following table:
400Read by owner
200Write by owner
100Execute by owner
040Read by group
020Write by group
010Execute by group
004Read by others
002Write by others
001Execute by others
To create an access mode, sum all the accesses you wish to permit. For example, to give read privileges to all, and write and execute privileges to the owner only for a file, you would sum: 400+200+100+040+004 = 744. Then, at the Unix prompt, you would enter:
  chmod 744 myfile.ext
Some other frequently used examples are:
777
anyone can do anything (read, write, or execute)
755
you can do anything; others can only read and execute
711
you can do anything; others can only execute
644
you can read and write; others can only read

Deep In File Permissions 


1) Directory  "Test" with only read permission

[mithz@localhost ~]$ cd test
bash: cd: test: Permission denied

[mithz@localhost ~]$ ls -l ./test
ls: cannot access ./test/one.txt: Permission denied
ls: cannot access ./test/two.txt: Permission denied
total 0
?????????? ? ? ? ?            ? one.txt?????????? ? ? ? ?            ? two.txt

>Cant enter into Directory
>List only the names but cant acess any information stored in inodes eg:size,permissions,modified time etc:-
 
with only Write permissions :-
 
[mithz@localhost ~]$ cd test
bash: cd: test: Permission denied

[mithz@localhost ~]$ ls test
ls: cannot open directory test: Permission denied

[mithz@localhost ~]$ cat ./test/one.txt
cat: ./test/one.txt: Permission denied
 
with only Execute Permissions:-
 
 [mithz@localhost ~]$ cd test

[mithz@localhost test]$ ls -l
ls: cannot open directory .: Permission denied

[mithz@localhost test]$ cat one.txt
yes u can read me now :-)!!!

One way I use SUID on my machine
I have a few files that I modify through Linux and then before I shutdown Linux I have to transfer them to my Windows partition for further use there. As a normal user I do not have write access to the Windows partitions that I have mounted. So I have to be the superuser to be able to write to that partition. I have created a simple shell script that copies my files to the Windows partitions. This script was created by root user and the SUID bit was set. Access rights to this script have been given to all users. Now whenever I want to copy my files I simply run this script. Even though I have logged in as a normal user, the SUID bit which is set causes this script to execute as if the root was executing it and it allows me to write to the Windows partitions.

Had the SUID bit not been set, I would have to type ' su ' at the prompt and get temporary superuser access to get write access to the Windows partitions. Hope you got the point..
Note : In case you do not know how to access your Windows partitions through Linux, refer to Article No. 3
You may be thinking that since these applications would run as root they can do harmful things and destroy the system. The concept behind SUID bit is that you as the superuser would be able to allow certain applications / scripts to be run by the users as if they were the superuser for the time being. What these application / scripts do when they execute should be completely known to you. Even though the users would be allowed to execute these programs as root they would be able to do ONLY THOSE things that these programs were designed to do. So in case a script was designed to copy 5 files from one place to another. Then the user who would run that script would be able to ONLY copy those 5 files from one place to another. He would not be able to modify that script in any way since he would not have write access to the script. He would only be having execute rights for that script. Hence its an excellent idea to allow users to do some important backup using a script that does only that and by setting the SUID bit for that script. This way the users don't have to know the superuser password but can still use some facilities that are only available to the superuser
Important : Think twice before setting the SUID bit for scripts (owned by root) that take arguments at the command line. Since you never know what parameters a malicious user may pass to your script. Since the script would run as root it could do great damage if misused.


Sunday, 7 February 2016

5.1. What is Swap Space?

Swap space in Linux is used when the amount of physical memory (RAM) is full. If the system needs more memory resources and the RAM is full, inactive pages in memory are moved to the swap space. While swap space can help machines with a small amount of RAM, it should not be considered a replacement for more RAM. Swap space is located on hard drives, which have a slower access time than physical memory.
Swap space can be a dedicated swap partition (recommended), a swap file, or a combination of swap partitions and swap files.
Swap should equal 2x physical RAM for up to 2 GB of physical RAM, and then an additional 1x physical RAM for any amount above 2 GB, but never less than 32 MB.
So, if:
M = Amount of RAM in GB, and S = Amount of swap in GB, then
If M < 2
 S = M *2
Else
 S = M + 2
Using this formula, a system with 2 GB of physical RAM would have 4 GB of swap, while one with 3 GB of physical RAM would have 5 GB of swap. Creating a large swap space partition can be especially helpful if you plan to upgrade your RAM at a later time.

For systems with really large amounts of RAM (more than 32 GB) you can likely get away with a smaller swap partition (around 1x, or less, of physical RAM).
Recommended System Swap Space
Amount of RAM in the SystemRecommended Amount of Swap Space
4GB of RAM or lessa minimum of 2GB of swap space
4GB to 16GB of RAMa minimum of 4GB of swap space
16GB to 64GB of RAMa minimum of 8GB of swap space
64GB to 256GB of RAMa minimum of 16GB of swap space
256GB to 512GB of RAMa minimum of 32GB of swap space


To check The Total Swap,Physical &buffers/cache Space in System


free -m
             total       used       free     shared    buffers     cached
Mem:          3953        315       3637          8         11        107
-/+ buffers/cache:        196       3756
Swap:            0          0       4095

1. Creating Swap Partition

To add an extra swap partition to your system, you first need to prepare it. Step one is to ensure that the partition is marked as a swap partition and step two is to make the swap filesystem. To check that the partition is marked for swap, run as root:
fdisk -l /dev/hdb
Replace /dev/hdb with the device of the hard disk on your system with the swap partition on it. You should see output that looks like this:
Device Boot    Start      End           Blocks  Id      System
/dev/hdb1       2328    2434    859446  82      Linux swap / Solaris

If the partition isn't marked as swap you will need to alter it by running fdisk and using the 't' menu option. Be careful when working with partitions -- you don't want to delete important partitions by mistake or change the id of your system partition to swap by mistake. All data on a swap partition will be lost, so double-check every change you make. Also note that Solaris uses the same ID as Linux swap space for its partitions, so be careful not to kill your Solaris partitions by mistake.

2. Format new Partition Using Swap File  system


Once a partition is marked as swap, you need to prepare it using the mkswap (make swap) command as root:
mkswap /dev/hdb1

3.  Activate The New Swap Partition

If you see no errors, your swap space is ready to use. To activate it immediately, type:
swapon /dev/hdb1

3. Varify The  Swap Partitions

You can verify that it is being used by running   swapon -s
swapon -s

4. Mount The Swap partition


 To mount the swap space automatically at boot time, you must add an entry to the  /etc/fstab  file, which contains a list of filesystems and swap spaces that need to be mounted at boot up. The format of each line is:
  1. To enable the swap file immediately but not automatically at boot time:
    swapon /swapfile
    
  2. To enable it at boot time, edit /etc/fstab to include the following entry:
    /swapfile swap swap defaults 0 0
    
    The next time the system boots, it enables the new swap file.
5. Add New Activated Swap space To Old Swap 

 swapon -v /dev/hdb1


6. Deactivate swap Partition


Sometimes it can be prudent to reduce swap space after installation. For example, say you downgraded the amount of RAM in your system from 1 GB to 512 MB, but there is 2 GB of swap space still assigned. It might be advantageous to reduce the amount of swap space to 1 GB, since the larger 2 GB could be wasting disk space.

swapoff -v /dev/hdb1



Popular Posts

Recent Posts

Unordered List

Categories

Text Widget

Powered by Blogger.

Home - PageNavi (show/hide)

Ads

Pages