Filesystem and permissions

The file system on Unix-based systems like Linux are a collection of directories and files in a hierarchy. It is similar to a tree structure. The root directory is the parent of all other directories and files, and you can navigate from one directory to another. This is different from Microsoft Windows where each drive gets its own root directory and you can navigate from one drive to another.

Most Unix-based systems like Linux are following the Filesystem Hierarchy Standard (FHS) which is a set of guidelines for creating a filesystem. While the FHS is a set of guidelines, it is not a set of rules. The rules are implemented by the system and the guidelines are not and most Linux distributions give their own interpretations to the FHS, but most end-users won’t notice it. The table below gives an overview of where the files and directories are located on the filesystem on the highest level possible.

Directory	File
/	Primary hierarchy root and root directory of the entire file system hierarchy.
/bin	Essential command binaries that need to be available in single-user mode, including to bring up the system or repair it, for all users.
/boot	Boot loader.
/dev	Device files.
/etc	Host-specific system-wide configuration files.
/home	Users’ home directories, containing saved files, personal settings, etc.
/lib	Libraries essential for the binaries in /bin and /sbin.
/media	Mount points for removable media such as CD-ROMs.
/mnt	Temporarily mounted filesystems.
/opt	Add-on application software packages.
/proc	Virtual filesystem providing process and kernel information as files.
/root	Home directory for the root user.
/run	Run-time variable data.
/sbin	Essential system binaries.
/srv	Site-specific data served by this system.
/sys	Contains information about devices, drivers, and some kernel features.
/tmp	Directory for temporary files.
/usr	Secondary hierarchy for read-only user data; contains the majority of (multi-)user utilities and applications.
/var	Variable files.

Navigating the filesystem

Users normally start in their home directory. This is the directory that contains their personal files. After openening a terminal the user can verify the current directory by typing the command `pwd` and it shows the full path of the current directory.

$ pwd
/home/user01

Changing directories is done by typing the command `cd` followed by the name of the directory.

$ cd /

In the example below the user is changing to the root directory and back to their home directory.

$ pwd
/home/user01
$ cd /
$ pwd
/
$ cd /home/user01
$ pwd
/home/user01

The shell helps you navigate back to the user home directory by typing the command `cd ~` or `cd`.

$ pwd
/home/user01
$ cd /
$ pwd
/
$ cd ~
$ pwd
/home/user01

The shell also helps you navigate by remembering the previous directory by typing the command `cd -`.

$ pwd
/home/user01
$ cd /
$ pwd
/
$ cd -
$ pwd
/home/user01

Knowing the current directory and changing directories is the first step to navigating the filesystem. The second step is to list the contents of the current directory with the command `ls`. By default the contents of the current directory are listed, but you can also specify a pattern to filter that can specify a file or a directory. In the example below we are listing the contents of root directory.

$ ls /
bin
bin   dev  home  lib64       media  opt   root  sbin  sys  usr
boot  etc  lib   lost+found  mnt    proc  run   srv   tmp  var

As an user can only changing directories the command `ls -l` lists the contents of the current directory with the permissions of the user and the type. All directories are listed with a `d` and files are listed with a `-`.

$ ls -l /
total 44
lrwxrwxrwx.   1 root root    7 Jul 22  2021 bin -> usr/bin
dr-xr-xr-x.   7 root root 4096 Apr 14 10:19 boot
drwxr-xr-x.  20 root root 4280 Apr 11 00:19 dev
drwxr-xr-x.   1 root root 6036 Apr 16 01:50 etc
drwxr-xr-x.   1 root root   42 Jul 22  2021 home
lrwxrwxrwx.   1 root root    7 Jul 22  2021 lib -> usr/lib
lrwxrwxrwx.   1 root root    9 Jul 22  2021 lib64 -> usr/lib64
drwx------.   1 root root    0 Apr 25  2018 lost+found
drwxr-xr-x.   1 root root    0 Jul 22  2021 media
drwxr-xr-x.   1 root root    0 Jul 22  2021 mnt
drwxr-xr-x.   1 root root  128 Jul 22  2021 opt
dr-xr-xr-x. 468 root root    0 Apr  9 10:00 proc
dr-xr-x---.   1 root root  412 Apr 14 00:20 root
drwxr-xr-x.  56 root root 1500 Apr 14 10:18 run
lrwxrwxrwx.   1 root root    8 Jul 22  2021 sbin -> usr/sbin
drwxr-xr-x.   1 root root   28 Jul 22  2021 srv
dr-xr-xr-x.  13 root root    0 Apr  9 10:01 sys
drwxrwxrwt.  35 root root 1160 Apr 16 11:47 tmp
drwxr-xr-x.   1 root root  112 Oct 31 00:37 usr
drwxr-xr-x.   1 root root  206 Oct 31 01:02 var

Unlike Microsoft Widnows, Unix-based systems do not support an attribute to mark files or directories as hidden, but all files and directories starting with a dot are hidden. The command `ls -a` lists all the contents of the current directory including hidden files and directories.

$ ls -a /
.   .cache  boot  etc   lib    lost+found  mnt  proc  run   srv  tmp  var
..  bin     dev   home  lib64  media       opt  root  sbin  sys  usr

The command `ls -A` works the same as `ls -A` and lists all the contents of the current directory including hidden files and directories with exception of `.` and `..`.

$ ls -A /
bin
bin   dev  home  lib64       media  opt   root  sbin  sys  usr
boot  etc  lib   lost+found  mnt    proc  run   srv   tmp  var

Creating and removing files and directories

Navigating the filesystem is the first step to working with files and directories. The second step is to create a file or directory with the command `touch` or `mkdir`. In the example below we are creating a file called `test.txt` in the directory for temporary files, view the contents of the file and delete it with `rm` command.

$ touch /tmp/test.txt
$ ls -l /tmp
-rw-rw-r-- 1 user01 user01 0 Jan  1  1970 /tmp/test.txt
$ cat /tmp/test.txt
$ rm /tmp/test.txt

Creating and removing directories can be done with the command `mkdir` or `rmdir`. In the example below we are creating a directory called `testdir` in the directory for temporary files and removing it again.

$ mkdir /tmp/testdir
$ ls -l /tmp
drwxr-xr-x 2 user01 user01 0 Jan  1  1970 /tmp/testdir
$ rmdir /tmp/testdir
$ ls -l /tmp/testdir
ls: cannot access '/tmp/testdir': No such file or directory

Creating and removing subdirectories can be done with the command `mkdir -p` if the parent directory doesn’t exist yet or `rmdir -p` if the directory only contains empty subdirectories. In the example below we are creating a directory called `testdir/subdir` in the directory for temporary files and removing it again.

$ mkdir -p /tmp/testdir/subdir
$ ls -l /tmp/testdir
drwxr-xr-x 2 user01 user01 0 Jan  1  1970 /tmp/testdir/subdir
$ rmdir -p /tmp/testdir
$ ls -l /tmp/testdir
ls: cannot access '/tmp/testdir': No such file or directory

Use command `rm -rf` to remove a directory recursively. In the example below we are creating a directory called `testdir` in the directory for temporary files and removing it recursively.

$ mkdir -p /tmp/testdir/subdir
$ touch /tmp/testdir/test.txt
$ ls -l /tmp/testdir
drwxr-xr-x 2 user01 user01 0 Jan  1  1970 /tmp/testdir/subdir
-rw-rw-r-- 1 user01 user01 0 Jan  1  1970 /tmp/testdir/test.txt
$ rm -rf /tmp/testdir
$ ls -l /tmp/testdir
ls: cannot access '/tmp/testdir': No such file or directory

Moving files and directories

Moving a file or directory to another location is done with the command `mv`. In the example below we are moving the file `test.txt` to the directory for temporary files.

$ mkdir /tmp/testdir
$ touch /tmp/testdir/test.txt
$ ls -l /tmp/testdir
-rw-rw-r-- 1 user01 user01 0 Jan  1  1970 /tmp/testdir/test.txt
$ mv /tmp/testdir/test.txt /tmp/testdir/test.txt.bak
$ ls -l /tmp/testdir
-rw-rw-r-- 1 user01 user01 0 Jan  1  1970 /tmp/testdir/test.txt.bak

$ mkdir /tmp/testdir
$ touch /tmp/testdir/test.txt
$ ls -l /tmp/testdir
-rw-rw-r-- 1 user01 user01 0 Jan  1  1970 /tmp/testdir/test.txt
$ cp /tmp/testdir/test.txt /tmp/testdir/test.txt.bak
$ ls -l /tmp/testdir
-rw-rw-r-- 1 user01 user01 0 Jan  1  1970 /tmp/testdir/test.txt
-rw-rw-r-- 1 user01 user01 0 Jan  1  1970 /tmp/testdir/test.txt.bak

$ mkdir /tmp/testdir
$ touch /tmp/testdir/test.txt
$ ls -l /tmp/testdir
-rw-rw-r-- 1 user01 user01 0 Jan  1  1970 /tmp/testdir/test.txt
$ mv /tmp/testdir /tmp/testdir2
$ ls -l /tmp/testdir2
-rw-rw-r-- 1 user01 user01 0 Jan  1  1970 /tmp/testdir2/test.txt

Using hard and symbolic links

$ ln -s /home/user01/file1 /home/user01/file2

$ ln -s -r /home/user01/file1 /home/user01/file2

$ ln /home/user01/file1 /home/user01/file2

File and directory ownership

$ chown user02 /tmp/test.txt

# chown user02 /tmp/test.txt

$ chgrp group01 /tmp/test.txt

# chgrp root /tmp/test.txt

# chown root:root /tmp/test.txt

Using file and directory permissons

Posix permissions

$ ls -l /etc/ssh/sshd_config
-rw-r--r--. 1 root root  631 Jan  5  2009 /etc/ssh/sshd_config

$ chmod 600 /etc/ssh/sshd_config

$ touch /tmp/test.txt

$ chmod u+x /tmp/test.txt

$ chmod +x /tmp/test.txt

$ chmod a=rw /tmp/test.txt

$ chmod o-w /tmp/test.txt

4 - add read permission
2 - add write permission
1 - add execute permission

$ chmod 750 /tmp/test.txt

$ chmod 4750 /tmp/test.txt

$ chmod u+s /tmp/test.txt

$ chmod g+s /tmp/test.txt

$ chmod +t /tmp/test.txt

Default mask for files: -rw-rw-r--

Default mask for directory: drwxrwxr-x

4 - remove read permission
2 - remove write permission
1 - remove execute permission

$ umask
0022

$ umask 0027
$ umask
0027

Using an Access Control List

$ getfacls /etc/ssh/sshd_config
/etc/ssh/sshd_config:
user::rw-
group::r--
other::---
user:root:rw-
group:root:r--
other:root:---

$ setfacl -m u:johndoe:rwx /etc/ssh/sshd_config