Copyright © 1998 P. Tobin Maginnis
This document is free; you can redistribute it and/or modify it under the terms
of the GNU General Public License as published by the Free Software Foundation.
All Linux (Unix) programs inherit "genes" from their parents in the form of the controlling terminal, current working directory, currently opened files, and other details. At least three file descriptors (handles) are always inherited: standard in which is usually the keyboard, standard out which is usually the display, and standard error which is also usually the display. This fundamental construct is used in two ways. First, it allows programs to be easily written without regard to the exact nature of the peripherals with which the program communicates. Second, this construct allows the parent to switch peripherals and redirect them into standard in and standard out before executing a child program.
Standard out and standard error generally connect to the same device (the display) but many times the parent will switch the child's normal output to go to one device, while potential error messages are monitored on a separate device.
The $ symbol represents non-privileged (positive valued) UIDs whereas # symbol represents superuser status (zero) UID that overrides any file system protection scheme. The superuser is also the only account that may request certain system services, such as changing date/time and increasing a processes priority.
Administrators can quickly switch from user to superuser status with variants on the su command.
These commands control access to file and directory names. File names beginning with a "." are not displayed with the usual ls command. But ls -la show the file details plus all the administrative files that begin with "." By definition a user is located in a current working directory and the print working directory (pwd) command reveals which one. Change directory (cd) moves up and down the logical file system hierarchy while make directory (mkdir) and remove directory (rmdir) manipulate nodes in the file system hierarchy.
drwxr-xr-x 2 ptm html 1024 Aug 26 10:23 images -rw-r--r-- 1 ptm html 11095 Aug 27 08:27 index.0 -rw-rw-r-- 1 ptm html 11104 Aug 27 20:46 index.html -rwsrwxr-t 1 ptm html 184 Aug 20 20:46 script
text editors: pico, vi, and emacs more, less, cat, od, and dd
An inode lists the block numbers that make up a file. Inodes are located in one or more fixed positions within the volume (hard disk partition). A directory contains pairs of file names and inode numbers which "point" to the file data. A hard link is the same inode number associated with two or more file names in two or more directory files. Finally, a symbolic link is a file that contains the path (file name) of another file. Since hard links employ volume relative block numbers, they are restricted to the current volume, but symbolic links may "point" anywhere among the mounted file volumes.
A Unix shell is the command line interpreter that provide simple command line editing, executes other programs, and offers flow control in the execution of other programs (batch jobs).
The stty command associates a given key stroke with each type of command.
When a binary file is displayed, it may set the terminal into a pseudo graphics mode where only lines and blocks are displayed. And when you type the terminal will only echo blocks and lines. The reset command fixes this by:
Note, in the worst case the carriage-return character may no longer work and you may have to type:
Where Control-J is used to generate the line-feed character to separate the command from the earlier binary data and to tell the shell to execute the command.
The pipe operator (|) is used to concatenate three independent operations into one action. The zcat command will read a GNU compressed file and un-compress it to standard out. The output is a tape archive (tar) formatted file that is fed into the tar program with the first pipe. The tar program views the archive table of contents (-tv) and reads the archive from standard in (f -). The output is then fed into the more program with the second pipe so that the user may view the archived files one screen full at a time.
Disk usage, du, lists all files and sub-directories from the specified or implied (current working directory) and their size in logical OS blocks. Disk free, df, shows where the various volumes are mounted in the directory structure and the amount of free space in bytes. du is used to see how much space a given user or application occupies, where df is used to see how disk space in general is being allocated.
There are two types of Linux (Unix) commands, internal to the shell and external to the shell. Internal commands are specific to the type of shell (bash and ksh versus tcsh and csh) and only affect the present shell. For example, cd is an internal command that leads to problems when a shell script terminates. The user does not usually realize that upon script completion and return to the parent shell, the current directory returns to the parent's value since the parent never executed the internal command.
External Linux commands consist of files that are located, loaded, and executed by the shell. The shell searches common directories that are setup by the system administrator in the /etc/profile, /etc/csh.cshrc, .profile, or .cshrc files. Common directories include: /usr/local/bin, /usr/bin, /bin, /usr/bin/X11, and /usr/games but not "." or the current directory. Thus, to execute a command or a program in the current directory, one must type "./command."
To provide for communication among successive generations of shells, Linux (Unix) pass "environmental variables" from parent to child. These variables are ASCII strings that may be seen with the set or echo $NAME internal commands. For example, the command echo $PATH will display the shell's search path for external commands.
For the bash or ksh:
To add the new directory to the end of the path, use the command export PATH=$PATH:.
For the csh or tcsh, the internal command is set path = ( $PATH .)
To automate the process, edit the .bashrc or .cshrc files with one of the above commands.
The locate program is a fast and easy to use GNU utility (i.e., locate log). It is fast because it searches a database of file names for the specified file instead of having to ask the file manager to sequentially step through all the file system inodes looking for the file name. Locate also helps with Network File System (NFS) volumes since it avoids the network as well as the remote file manager. However, the results of locate may be incomplete since one usually wants to locate odd files that have been added recently and are probably not in the database.
The find program is a slow but complete utility in that it searches out every branch of the directory hierarchy. The find utility was designed to be flexible and, as a result, requires arcane arguments. For example, find / -name "*log*" -print tells the utility to begin searching at the root directory for any file or directory name consisting of "log" or having the sub-string "log" embedded within the name. The quotation marks are required to pass the "*" characters onto the find program without the shell interpreting them as wild card operators.
The foreground, fg, command brings terminal control back to a background process. The %1 matches the job number assigned to the process when it was placed in the background with the "&" command. The 1234 argument specifies the process identifier (PID) returned by the process status, ps, command.
Permission is the idea that a file's contents can be read or written, and if the file is executable, it's the idea that the file can be run. The same permission bits shift in meaning for directory files. The "executable" permission determines if one can enter or change their working directory to the directory or allow access to a file in the directory. Directory read permission determines if the file name may be viewed. Write permission indicates that a file maybe created or deleted. Thus, it is possible to have writable access to a file but not be able to see its name.
Set User Identifier (SUID) and Set Group Identifier (SGID) apply to executable files. They cause the user's effective ID to switch to the file's ID upon execution. In this way, system programs may temporally promote a user to superuser so that it may access system resources. Generally, the SGID is not used by system programs.
Again, the meaning shifts for directories. The SUID bit is unused; while the SGID bit will allow another user to create a file in the directory, the GID will have to be the GID of the directory, not the GID of the user. For example, if several users belonged to the group "games" and the directory was "SGID games" then, regardless of the users' current group IDs, the new files will belong to the group "games." This allows several users to create separate files and also share read/write access with other group members.
Permissions apply at three levels, the file owner (the user), the file group (the group), and anyone else (other). A user must first have permission to "enter" the directory either as the owner, a group member, or as anyone. Once in the directory, the user must have permission to access an individual file as the owner, group member, or anybody.
An Access Control List (ACL) is a sparse matrix of files (as columns) and users (as rows). If a user has access to a file then the intersection is "checked." There is a matrix for each file attribute such as read, write, execute. ACLs provide find-grained control over file system access determining exactly which accounts may access which files. But, the sparse matrix(es) take up space and require a lot of update time.
Any number of groups may be created in Linux. Files with restricted access are setup with a common group and user accounts are assigned to the same group (as well as other groups). To access a given restricted file, the user issues a newgrp command to switch to the desired group. A problem arises when the user wants to move files between two restricted file groups. In this case, files would have to be copied from one restricted area to another area accessible by the user. Then the user would newgrp othergroup to copy the files into the other restricted directory that has its SGID bit set.
Shells, editors, mail, news, X-Window, and desktop GUI
Setup special kernel arguments such as append=128M or append="ether=11,0x280,eth0 ether=5,0x300,eth1" MBR, description of boot disk, an OS stanza, kernel arguments, extra kernel stanza, the MBR write operation, and the Tab key.
This depends on which boot program is loading Linux. If LILO is booting, then it ignores the active partition. If DOS or OS/2 is booting, then they need to see an active partition.
Runlevels used by the Red Hat distribution are:
The init process is always waiting for events. The Ctrl-Alt-Del key sequence sends a signal via the keyboard driver. Special devices such as the UPS can switch runlevels sending the power fail signal. Or, running the init program with a runlevel argument (init 5) will also change runlevels. Wait means wait for another event before re-executing a runlevel. Respawn means wait for the process to terminate and then restart it.
Use "adduser" or "vipw" (must be superuser) to:
echo -n "Enter Account name: " read name while [ $name != "done" ] do adduser -g users -s /bin/bash -d /home/$name -p $name $name echo -n "Enter Account name: " read name done
If the name of this script was "newaccount" then a batch of new accounts could be processed with the command ./newaccount < users.