File System Hierarchy and Permissions - Linux

 

File System Hierarchy:

The Unix-like file system hierarchy is a structured organization of directories and files. It starts from the root directory ("/") and branches out into various subdirectories. Here are some of the most important directories and their purposes:

1. / (Root Directory): The top-level directory in the file system hierarchy. Everything on the system is under this directory.
2. /bin (Binary): Contains essential system binaries (executable files) required for system booting and repair.
3. /boot: Contains boot-related files, including the kernel and bootloader configuration.
4. /dev (Devices): Contains device files representing hardware devices, such as hard drives, keyboards, and serial ports.
5. /etc (Etcetera): Houses system-wide configuration files and scripts.
6. /home: User home directories are stored here. Each user has their own subdirectory here.
7. /lib (Library): Contains shared libraries needed by system programs and applications.
8. /mnt (Mount): Used for temporarily mounting external storage devices.
9. /opt (Optional): Often used for installing additional software packages.
10. /sbin (System Binaries): Contains system administration binaries and scripts.
11. /tmp (Temporary): Stores temporary files that are generally deleted upon system reboot.
12. /usr (Unix System Resources): Contains user binaries, libraries, documentation, and more.
13. /var (Variable): Contains variable data files like logs, spool files, and cached data.

File Permissions:

In Unix-like systems, each file and directory has associated permissions that determine who can read, write, or execute them. Permissions are represented by a series of letters and symbols. Here's a breakdown of permissions and their meanings:

• r (Read): Allows viewing the contents of a file or listing the contents of a directory.
• w (Write): Allows modifying the contents of a file or creating, renaming, or deleting files in a directory.
• x (Execute): Allows executing a file as a program or accessing a directory's contents.

There are three sets of permissions:

1. Owner Permissions: These apply to the file or directory's owner.
2. Group Permissions: These apply to a specific group associated with the file or directory.
3. Others Permissions: These apply to everyone else.

Permissions are displayed in a format like "rwxr-xr--," where the first three characters represent owner permissions, the next three represent group permissions, and the last three represent others permissions.

Command-Line Tools for Managing Permissions:

1. chmod (Change Mode): Used to change file permissions. For example, to make a file executable: chmod +x filename.
2. chown (Change Owner): Used to change the owner of a file or directory. For example, to change ownership: chown newowner filename.
3. chgrp (Change Group): Used to change the group ownership of a file or directory. For example, to change group ownership: chgrp newgroup filename.
4. ls (List): Used with the -l option to list files and their permissions. For example, ls -l filename.
5. umask: Sets default permissions for newly created files and directories.
6. su and sudo: Commands used to temporarily elevate your privileges to execute commands as another user or as the superuser (root).

Advanced File Permissions Concepts:

1. Symbolic Permissions: In addition to the octal representation (e.g., chmod 755 filename), you can use symbolic notation with chmod to set permissions. For example, chmod u+r filename adds read permission for the owner, and chmod o-rwx filename removes read, write, and execute permissions for others.
2. Default Permissions: Some Unix-like systems have a concept of default permissions for directories. The umask command is used to control default permissions. It subtracts the specified permissions from the maximum permissions (usually 777 for directories and 666 for files) to determine the defaults.
3. Sticky Bit: The sticky bit, denoted as t in the others' execute permission place, is often set on directories like /tmp. It ensures that only the owner of a file can delete or rename it within the directory.
4. Setuid and Setgid: Files can be marked as setuid or setgid using the chmod command. When a file has the setuid or setgid bit set, it runs with the permissions of the file's owner or group, respectively. This can be a security concern if not carefully managed.

Additional Command-Line Tools:

1. getfacl and setfacl: These commands are used for managing Access Control Lists (ACLs) in addition to traditional Unix permissions. ACLs provide finer-grained control over file and directory access.
2. find: The find command is used to search for files and directories based on various criteria, including permissions. For example, to find all files with write permissions for others: find /path/to/search -type f -perm /o=w.
3. stat: The stat command provides detailed information about a file, including its permissions, owner, group, and more.
4. chattr and lsattr: These commands are used for changing and displaying file attributes, such as making a file immutable (protected from modification) or undeletable.

Common Permission Scenarios:

1. 755 for Directories and 644 for Files: A common default permission setting where directories are accessible to all, but only the owner has write access, and files are readable by all but only writable by the owner.
2. 700 for Sensitive Files: In cases where security is a top concern, sensitive files can be set to 700, ensuring only the owner has any access.
3. 2777 for Shared Directories: When you want multiple users to be able to write to a directory (e.g., /var/www for a web server), you can set the group ownership to the web server group and use 2777 permissions to allow group write access.
4. umask Configuration: The system's default umask can be configured in /etc/profile, ~/.profile, or other shell configuration files to set default permissions for newly created files and directories.