Filesystem and permissions

The file system on Unix-based systems like Linux are a collection of directories and files in a hierarchy. It is similar to a tree structure. The root directory is the parent of all other directories and files, and you can navigate from one directory to another. This is different from Microsoft Windows where each drive gets its own root directory and you can navigate from one drive to another.

Working with files and directories

$ touch /tmp/test.txt
$ ls -l /tmp
-rw-rw-r-- 1 user01 user01 0 Jan  1  1970 /tmp/test.txt
$ cat /tmp/test.txt
$ rm /tmp/test.txt
$ mkdir /tmp/testdir
$ ls -l /tmp
drwxr-xr-x 2 user01 user01 0 Jan  1  1970 /tmp/testdir
$ cd /tmp/testdir
$ pwd
/tmp/testdir
$ mkdir /tmp/testdir/testdir2
$ ls -l /tmp/testdir
drwxr-xr-x 2 user01 user01 0 Jan  1  1970 /tmp/testdir/testdir2
$ rmdir /tmp/testdir/testdir2
$ ls -l /tmp/testdir
drwxr-xr-x 2 user01 user01 0 Jan  1  1970 /tmp/testdir
$ mkdir /tmp/testdir
$ touch /tmp/testdir/test.txt
$ ls -l /tmp/testdir
-rw-rw-r-- 1 user01 user01 0 Jan  1  1970 /tmp/testdir/test.txt
$ mv /tmp/testdir/test.txt /tmp/testdir/test.txt.bak
$ ls -l /tmp/testdir
-rw-rw-r-- 1 user01 user01 0 Jan  1
$ mkdir /tmp/testdir
$ touch /tmp/testdir/test.txt
$ ls -l /tmp/testdir
-rw-rw-r-- 1 user01 user01 0 Jan  1  1970 /tmp/testdir/test.txt
$ cp /tmp/testdir/test.txt /tmp/testdir/test.txt.bak
$ ls -l /tmp/testdir
-rw-rw-r-- 1 user01 user01 0 Jan  1

Filesystem Hierarchy Standard

Directory

File

/

Primary hierarchy root and root directory of the entire file system hierarchy.

/bin

Essential command binaries that need to be available in single-user mode, including to bring up the system or repair it, for all users.

/boot

Boot loader.

/dev

Device files.

/etc

Host-specific system-wide configuration files.

/home

Users’ home directories, containing saved files, personal settings, etc.

/lib

Libraries essential for the binaries in /bin and /sbin.

/media

Mount points for removable media such as CD-ROMs.

/mnt

Temporarily mounted filesystems.

/opt

Add-on application software packages.

/proc

Virtual filesystem providing process and kernel information as files.

/root

Home directory for the root user.

/run

Run-time variable data.

/sbin

Essential system binaries.

/srv

Site-specific data served by this system.

/sys

Contains information about devices, drivers, and some kernel features.

/tmp

Directory for temporary files.

/usr

Secondary hierarchy for read-only user data; contains the majority of (multi-)user utilities and applications.

/var

Variable files.

File and directory ownership

$ chown user02 /tmp/test.txt
# chown user02 /tmp/test.txt
$ chgrp group01 /tmp/test.txt
# chgrp root /tmp/test.txt
# chown root:root /tmp/test.txt

Using file and directory permissons

Posix permissions

$ ls -l /etc/ssh/sshd_config
-rw-r--r--. 1 root root  631 Jan  5  2009 /etc/ssh/sshd_config
$ chmod 600 /etc/ssh/sshd_config
$ touch /tmp/test.txt
$ chmod u+x /tmp/test.txt
$ chmod +x /tmp/test.txt
$ chmod a=rw /tmp/test.txt
$ chmod o-w /tmp/test.txt
  • 4 - add read permission

  • 2 - add write permission

  • 1 - add execute permission

$ chmod 750 /tmp/test.txt
$ chmod 4750 /tmp/test.txt
$ chmod u+s /tmp/test.txt
$ chmod g+s /tmp/test.txt
$ chmod +t /tmp/test.txt

Default mask for files: -rw-rw-r--

Default mask for directory: drwxrwxr-x

  • 4 - remove read permission

  • 2 - remove write permission

  • 1 - remove execute permission

$ umask
0022
$ umask 0027
$ umask
0027

Using an Access Control List

$ getfacls /etc/ssh/sshd_config
/etc/ssh/sshd_config:
user::rw-
group::r--
other::---
user:root:rw-
group:root:r--
other:root:---
$ setfacl -m u:johndoe:rwx /etc/ssh/sshd_config