unx03.htm

Linux Unix揭密.高质量电子书籍.对学习Linux有大帮助,欢迎下载学习.

<HR ALIGN=CENTER>

<H4 ALIGN="CENTER">

<CENTER><A ID="I16" NAME="I16">

<FONT SIZE=3><B>Renaming Directories with </B><B><I>mv</I></B>

<BR></FONT></A></CENTER></H4>

<P>You can also use mv to rename directories. For instance, to correct a mistyped mkdir command, you would have to rename the directory:

<BR></P>

<PRE>$ mkdir jornal

$ mv jornal journal</PRE>

<P>This command works even if the directory isn't empty.

<BR></P>

<HR ALIGN=CENTER>

<NOTE>

<IMG SRC="note.gif" WIDTH = 35 HEIGHT = 35><B>NOTE:</B> Some file commands do not work with directories, or require that you use different options, such as the -r option to rm. For instance, to copy a directory, you must use cp -r to copy recursively the 
directory and all its files and sub-directories. Suppose that you want to copy your Hungarian recipes to /tmp so that your friend Joe can add them to his collection:

<BR>

<BR>$ cd recipes

<BR>$ ls hungarian

<BR>chicken_paprika goulash

<BR>$ cp -r hungarian /tmp

<BR>$ ls /tmp

<BR>hungarian

<BR>$ ls /tmp/hungarian

<BR>chicken_paprika goulash

<BR>

<BR>Again, because the destination of the copy is a directory (/tmp), you need not specify the full pathname /tmp/hungarian.

<BR>

<BR>Another difference between directories and files is that the ln command (discussed later in this chapter in the section &quot;Hard and Symbolic Links&quot;) refuses to make a hard link to a directory.

<BR></NOTE>

<HR ALIGN=CENTER>

<H4 ALIGN="CENTER">

<CENTER><A ID="I17" NAME="I17">

<FONT SIZE=3><B>Keeping Secrets &#151; File and Directory Permissions</B>

<BR></FONT></A></CENTER></H4>

<P>UNIX is a multiuser operating system, which means that you share the system with other users. As you accumulate files, you'll find that the information that some contain is valuable; some files you want to share, and others you prefer to keep private. 
UNIX file and directory permissions give you a flexible way to control who has access to your files.

<BR></P>

<P>All UNIX files have three types of permissions&#151;read, write, and execute&#151;associated with three classes of users&#151;owner, group and other (sometimes called world).

<BR></P>

<P>Read permission enables you to examine the contents of files with commands such as cat, write permission enables you to alter the contents of a file or truncate it, and execute permission is necessary to run a file as a command. Each of the three 
permissions can be granted or withheld individually for each class of user. For instance, a file might be readable and writable by you, readable by other members of your group, but inaccessible to everyone else, or it might be readable and writable only by 

you.

<BR></P>

<P>The ls command shows your file and directory permissions, and the chmod (change mode) command changes them.

<BR></P>

<P>The -l option tells ls to make a long listing, such as the following:

<BR></P>

<PRE>$ cd recipes/german

$ ls -l

-rw-r&#151;r-r   1 joe   user1    2451 Feb 7 07:30 strudel

-rw-r&#151;r-r   1 joe   user1    4025 Feb 10 19:12 borscht

drwxr-xr-r   2 joe   user1     512 Feb 10 19:12 backups</PRE>

<P>Figure 3.4 shows the parts of the long listing. The file permissions, owner, and group are the parts that are most important for information security.

<BR></P>

<P>

<BR><B><A HREF="03unx04.gif">Figure 3.4. The </B><B><I>ls</I></B><B> command's long listing.</A></B>

<BR></P>

<P>To know who can access a file and in what ways, you must know the owner and the group and then examine the file permission string. The permission string is ten characters long. The first character indicates the file type, which is a hyphen (-) for 
regular files, d for a directory, and l for a symbolic link. (Symbolic links are discussed later in this chapter, in the section &quot;Hard and Symbolic Links.&quot; The following note describes the other file types.)

<BR></P>

<HR ALIGN=CENTER>

<NOTE>

<IMG SRC="note.gif" WIDTH = 35 HEIGHT = 35><B>NOTE:</B> The following is a complete list of the UNIX file types:

<BR>

<BR>-  Regular file

<BR>

<BR>d  Directory

<BR>

<BR>l  Symbolic link

<BR>

<BR>c  Character special file

<BR>

<BR>b  Block special file

<BR>

<BR>p  Named pipe

<BR>

<BR>You're already familiar with regular files and directories, and symbolic links are discussed in the section &quot;Hard and Symbolic Links.&quot; Character and block special files are device files, which were described in the introductory section of 
this chapter. You create device files with the mknod command, which is covered in Chapter 35, &quot;File System Administration.&quot;

<BR>

<BR>Named pipes enable you to communicate with a running program by reference to a file. Suppose that you have a continuously running program named quoted (also known as a daemon) that accepts requests to mail you a joke- or a quote-of-the-day. The 
commands that the program accepts might be send joke and send quote. Such a daemon could open a named pipe file in a standard place in the UNIX file tree, and you could send its requests with echo:

<BR>

<BR>$ echo send joke &gt; quoted_named_pipe

<BR>

<BR>The quoted program would continuously read the file <I>quoted_named_pipe</I>; when you echo into that file your request for a joke, the program would mail one to you.

<BR></NOTE>

<HR ALIGN=CENTER>

<P>The next nine characters are three groups of three permissions for owner, group, and other. Each group of three shows read (r), write (w), and execute (x) permission, in that order. A hyphen indicates that the permission is denied. In Figure 3.4, the 
permission string for the file borscht looks like this:

<BR></P>

<PRE>-rw-r&#151;&#151;</PRE>

<P>The first character is a hyphen, so borscht is a regular file, not a directory. The next three characters, rw-, show permissions for the owner, joe. Joe can read and write the file, but execute permission is turned off because borscht is not a program. 

The next three characters, r&#151;, show the permissions for other people in the group user1. Members of this group can read the file, but cannot write or execute it. The final three hyphen characters, &#151;-, show that read, write, and execute 
permissions are off for all other users.

<BR></P>

<P>You may wonder how files are assigned to a certain group. When you create files, UNIX assigns them an owner and a group. The owner will be your login name and the group will be your default (or login) group. Each UNIX user belongs to one or more groups, 

and when you log in you are put automatically into your default group. Files that you create are owned by you and assigned to your default group. If you are a member of other groups, you can use the chgrp command to change the group of an existing file to 

one of your other groups.

<BR></P>

<P>Suppose that your login name is karen, your default group is user1, and you're also a member of the group planners, which is supposed to brainstorm new products for your company. You want your planners coworkers to see your memos and project plans, but 

you want to keep those documents secret from other users. You also have another directory, jokes, that you want to share with everyone, and a directory called musings, in which you keep private notes. The following commands create the directories and set 
appropriate directory permissions:

<BR></P>

<PRE>$ <B>cd</B>

$ mkdir jokes memos musings

$ ls -l

total 6

drwx&#151;&#151;&#151; 2 karen user1      512 Jan 3 19:12 jokes

drwx&#151;&#151;&#151; 2 karen user1      512 Jan 3 19:12 memos

drwx&#151;&#151;&#151; 2 karen user1      512 Jan 3 19:12 musings

$ chgrp planners memos

$ chmod g+rx memos

$ chmod go+rx jokes

$ ls -l

total 6

drwxr-xr-x 2 karen user1      512 Jan  3 19:12 jokes

drwxr-x&#151; 2 karen planners   512 Jan  3 19:12 memos

drwx&#151;&#151;&#151; 2 karen user1      512 Jan  3 19:12 musings</PRE>

<P>The mkdir command creates the directories with default permissions that depend on Karen's umask. (The section &quot;Default File and Directory Permissions&#151;Your umask,&quot; later in this chapter, explains the umask.) Only the owner, Karen, can 
read, write, and execute the directories. She wants the memos directory to be accessible to other members of the group planners (but no one else), so she uses chgrp to change its group to planners and then uses chmod to add group-read and group-execute 
permissions. For the directory jokes, she uses chmod again to add read and execute permission for everyone. She leaves the directory musings alone because it already has the permissions she wants.

<BR></P>

<P>The chmod command expects two or more arguments, a permission specification, and one or more files:

<BR></P>

<PRE>$ chmod permissions file(s)</PRE>

<P>You can specify permissions either symbolically or absolutely. The preceding example provides examples of symbolic permissions, which are intuitively easy to work with. They consist of one or more of the characters ugo, followed by one of +-=, and 
finally one or more of rwx. The ugo characters stand for user (the file's owner), group, and other. As before, rwx stands for read, write, and execute permissions. You use the plus (+) and minus (-) signs to add or subtract permissions, and the equals sign 

(=) to set permissions absolutely, regardless of the previous ones. You can combine these strings any way you want. Table 3.2 shows some examples.

<BR></P>

<UL>

<LH><B>Table 3.2 </B><B><I>Symbolic</I></B><B> options to </B><B>chmod.</B>

<BR></LH></UL>

<TABLE BORDER>

<TR>

<TD>

<PRE><I>Option</I>

<BR></PRE>

<TD>

<PRE><I>Result</I>

<BR></PRE>

<TR>

<TD>

<P>u+rwx</P>

<TD>

<P>Turn on owner read, write, and execute permissions</P>

<TR>

<TD>

<P>u-w</P>

<TD>

<P>Remove owner write permission</P>

<TR>

<TD>

<P>go+x</P>

<TD>

<P>Add execute permission for group or other</P>

<TR>

<TD>

<P>o-rwx</P>

<TD>

<P>Remove all other permissions</P>

<TR>

<TD>

<P>o-w, og+r</P>

<TD>

<P>Remove owner write permission and set other and group permissions to read (no write or execute permission)</P>

<TR>

<TD>

<P>u+rwx, og+x</P>

<TD>

<P>Set owner read, write, and execute permission, and execute permission for all other users</P>

<TR>

<TD>

<P>ugo+rwx</P>

<TD>

<P>Turn on all permissions for all users</P></TABLE>

<P>The examples in Table 3.2 show only a few of the ways in which you can combine symbolic permissions. Note that you can specify different permissions for owner, group, and other in the same command, by using comma-separated permission specifications, as 

in the fifth and sixth examples.

<BR></P>

<P>Also note that the equals sign works differently than the plus and minus signs. If you type <B>chmod g+w memo1</B>, chmod adds group write permission to that file but leaves the read and execute permissions as they were, whether they were on or off. 
However, if you type <B>chmod g=w memo1</B>, you turn on write permission and turn off read and execute permissions, even though you don't mention those permissions explicitly:

<BR></P>

<PRE>$ ls -l memo1

-rw-r&#151;r&#151;  1 karen   planners    1721 May 28 10:14 memo1

$ chmod g+w memo1

$ ls -l memo1

-rw-rw-r&#151; 1 karen    planners    1721 May 28 10:14 memo1

$ chmod g=w memo1

$ ls -l memo1

-rw&#151;w-r&#151; 1 karen    planners    1721 May 28 10:14 memo1</PRE>

<P>The first chmod turns on write permission for members of the group planners, which is probably what Karen wants. The second chmod sets write permission but turns off read and execute permissions. It makes no sense to give a file write permission without 

also giving it read permission, so the first command is better.

<BR></P>

<P>Setting permissions properly may seem intimidating at first, but after you work with them a little, you'll feel more comfortable. Create some files with touch, and then experiment with various chmod commands until you have a good feel for what it does. 

You'll find that it looks more complicated on paper than in practice.

<BR></P>

<P>After you become comfortable with symbolic modes, you may want to move on to absolute modes, which are given as numbers. Numeric modes save you some typing because you can specify all three classes of permission with three digits. And, because these 
specifications are absolute, you don't have to worry about the file's current permissions; new ones are set without regard to the old ones. In this way, using absolute modes is similar to using the equals sign with symbolic modes.

<BR></P>

<P>When you use absolute modes, you set owner, group, and other permissions in one fell swoop. You specify numeric permissions with three digits that correspond to owner, group, and other. Execute permission has the value 1, write permission 2, and read 
permission 4. To create a numeric permission specification, you add, for each class of user, the permission values that you want to grant. Suppose that you have a filenamed plan-doc2 that you want to make readable and writable by you and other members of 
your group, but only readable by everyone else. As Table 3.3 shows, you calculate the correct numeric mode for the chmod command by adding the columns.

<BR></P>

<UL>

<LH><B>Table 3.3. Calculating numeric </B><B>chmod</B><B> options.</B>

<BR></LH></UL>

<TABLE BORDER>

<TR>

<TD>

<PRE><I>Permission</I>

<BR></PRE>

<TD>

<PRE><I>Owner</I>

<BR></PRE>

<TD>

<PRE><I>Group</I>

<BR></PRE>

<TD>

<PRE><I>Other</I>

<BR></PRE>

<TR>

<TD>

<P>Read</P>

<TD>

<P>4</P>

<TD>

<P>4</P>

<TD>

<P>4</P>