LPI Linux Certification in a Nutshell - novelonlinefull.com
You’re read light novel LPI Linux Certification in a Nutshell Part 14 online at NovelOnlineFull.com. Please use the follow button to get notification about the latest chapter next time when you visit NovelOnlineFull.com. Use F11 button to read novel in full-screen(PC only). Drop by anytime you want to read free – fast – latest novel. It’s great if you could leave a comment, share your opinion about the new chapters, new novel with others on the internet. We’ll do our best to bring you the finest, latest novel everyday. Enjoy
proc This type represents the proc proc filesystem, which is not really a filesystem at all. The virtual files found in this virtual filesystem provide a window into the kernel. It is usually mounted on filesystem, which is not really a filesystem at all. The virtual files found in this virtual filesystem provide a window into the kernel. It is usually mounted on /proc /proc.
Example 1 Display filesystems currently mounted on the system: #mount /dev/sda1on/typeext2(rw) noneon/proctypeproc(rw) /dev/sda5on/boottypeext2(rw) /dev/sda9on/hometypeext2(rw) /dev/sda6on/roottypeext2(rw) /dev/sda10on/tmptypeext2(rw) /dev/sda8on/usrtypeext2(rw) /dev/sda7on/vartypeext2(rw) noneon/dev/ptstypedevpts(rw,mode=0622) /dev/hddon/mnt/ziptypevfat(rw,noexec,nosuid,nodev) In this example, you can see that most of the filesystems specified in the /etc/fstab /etc/fstab from from Example7-1 Example7-1 are already mounted. are already mounted.
Example 2 Mount the IDE CD-ROM device found on /dev/hdc /dev/hdc to the existing directory to the existing directory /mnt/cdrom /mnt/cdrom (read-only, of course): (read-only, of course): #mount-rtiso9660/dev/hdc/mnt/cdrom Note that without the -r -r option, you will receive a warning but still get appropriate results: option, you will receive a warning but still get appropriate results: #mount-tiso9660/dev/hdc/mnt/cdrom mount:blockdevice/dev/hdciswrite-protected, mountingread-only Another option would be to add the following to /etc/fstab /etc/fstab: /dev/hdc/mnt/cdromiso9660ro00 Then the device can be mounted with just mount /mnt/cdrom mount /mnt/cdrom.
Example 3 Mount an MS-DOS floppy in the first floppy disk drive /dev/fd0 /dev/fd0 ( (A: in MS-DOS) to the existing directory in MS-DOS) to the existing directory /mnt/floppy /mnt/floppy: #mount-tmsdos/dev/fd0/mnt/floppy Example 4 The filesystems mounted at /home /home and and /opt /opt have been unmounted for some kind of maintenance and are now remounted using the have been unmounted for some kind of maintenance and are now remounted using the -a -a option: option: #mount-av mount:/dev/hda5alreadymountedon/root mount:/dev/hda9alreadymountedon/usr mount:/dev/hda7alreadymountedon/var mount:nonealreadymountedon/proc mount:nonealreadymountedon/dev/pts /dev/hda10on/hometypeext2(rw) /dev/hda8on/opttypeext2(rw) Note that mount mount should work silently without the should work silently without the -v -v option. It also safely skips filesystems that have been previously mounted. option. It also safely skips filesystems that have been previously mounted.
Name umount Syntax umount[options]device umount[options]directory Description Unmount the filesystem on device device or mounted on or mounted on directory directory.
-a Unmounts all of the filesystems described in /etc/mtab /etc/mtab. This file is maintained by the mount mount and and umount umount commands and contains an up-to-date list of mounted filesystems. This option is typically used at shutdown time. commands and contains an up-to-date list of mounted filesystems. This option is typically used at shutdown time.
-t fstype fstype Unmounts only filesystems of type fstype fstype.
Example 1 Unmount the CD-ROM mounted on /dev/hdc /dev/hdc at at /mnt/cdrom /mnt/cdrom: #umount/mnt/cdrom or: #umount/dev/hdc Example 2 Unmount all NFS filesystems: #umount-atnfsOn the ExamBe sure that you understand how to use mount mount and mount points and how and mount points and how /etc/fstab /etc/fstab is used when mounting files. is used when mounting files.
Objective 4: Set and View Disk Quotas Managing disk s.p.a.ce can be a difficult problem. The available s.p.a.ce is a finite resource and is often consumed at an alarming rate, turning today's carefully sized filesystem into tomorrow's expansion requirement. On multiuser systems-no matter how big the filesystem-users will find a way to fill it. The last thing you want is for a filesystem to fill to capacity too early. One way to prevent this from happening is to enforce disk quotas disk quotas, which allow you to a.s.sign a limit to the amount of s.p.a.ce individual users or groups have on a filesystem.
A typical quota size is usually much smaller than the filesystem it is configured on, thus preventing the user or group from consuming too much s.p.a.ce. Quotas can be configured for each filesystem mentioned in /etc/fstab /etc/fstab, though they are usually applied only where multiple end users store files (e.g., /home/username /home/username). There is no need for a quota on /usr /usr, for example, since end users cannot store files there. Quotas may be configured for individual users listed in /etc/pa.s.swd /etc/pa.s.swd and for groups listed in and for groups listed in /etc/group /etc/group.
Quota Limits Each filesystem has up to five types of quota limits that can be enforced on it. These limits are specified in disk blocks blocks, usually 1,024 bytes each: Per-user hard limit The hard limit hard limit is the maximum amount of s.p.a.ce an individual user can have on the system. Once the user reaches his quota limit, he won't be allowed to write files to the disk. is the maximum amount of s.p.a.ce an individual user can have on the system. Once the user reaches his quota limit, he won't be allowed to write files to the disk.
Per-user soft limit Each user is free to store data on the filesystem until reaching her soft limit soft limit. The soft limit implements a sort of warning zone, instructing the user to clean up while still allowing her to work. When the amount of data exceeds this limit but does not exceed the hard limit, a message is printed on the user's terminal, indicating that her quota has been exceeded; however, the write operation will succeed.
Per-group hard limit This is the final limit set for a group by the quota system. Once this limit has been reached, none of the users within that group will be allowed to write files to the disk-even if the user's individual limits are not exceeded.
Per-group soft limit This limit behaves in the same way as a user's soft limit but is enforced based on group ownership instead of individual ownership.
Grace period Once a soft limit is reached, the user or group enters the grace period grace period. After the grace period expires, the soft limit becomes a hard limit until enough files are deleted to eliminate the over-quota situation. The grace period may be specified for any number of months, weeks, days, hours, minutes, or seconds. A typical value is seven days.
These limits are set using the edquota edquota command, detailed in the next section. command, detailed in the next section.
NoteWhen a disk write exceeds a hard limit or an expired soft limit, only part of the write operation will complete, leaving a truncated and probably useless file. The messages reported to the user when a quota is exceeded may be lost if the sh.e.l.l he is using is hidden (for example, if the user is writing to the disk through an SMB share from a Windows system). This could confuse the user because the error message generated by the application indicates that the disk is full or write-protected.
Quota Commands Linux offers a host of commands to manage, display, and report on filesystem quotas. Some of the setup required to initially enable quotas is done manually and without specific quota commands, a process that is covered in the next section.
Enabling Quotas To use quotas, they must first be enabled. Quota support must also be compiled into the kernel. In the unlikely event that your kernel does not contain quota support, you will need to recompile the kernel. This is not a difficult process, but unfortunately it is not completely straightforward either. To clarify the procedure, this section provides a brief tutorial on how to enable user and group quotas for a filesystem on /dev/sda9 /dev/sda9 mounted under mounted under /home /home. Note that you may enable user quotas only, group quotas only, or both, as your needs dictate.
1. Set options in /etc/fstab /etc/fstab. On the line containing the /home /home filesystem, add the filesystem, add the usrquota usrquota and and grpquota grpquota options to the existing options to the existing default default option, like this: option, like this:/dev/sda9/homeext2defaults,usrquota,grpquota12 These options tell quota configuration utilities which part.i.tions should be managed when the utilities reference /etc/fstab /etc/fstab.
2. Create the quota.user quota.user and and quota.group quota.group files at the top of the files at the top of the /home /home filesystem and set their protection bits for root access only: filesystem and set their protection bits for root access only:#touch/home/quota.user/home/quota.group #chmod600/home/quota.user/home/quota.group These two files are the databases for user and group quotas. Each filesystem with quotas uses its own quota databases. When quotas are enabled, these files will contain binary data (that is, they're not text files). Note that if you want end users to be able to examine quotas on groups to which they belong, quota.group quota.group will need a protection mode of 644 instead of 600. will need a protection mode of 644 instead of 600.
3. Run quotacheck quotacheck to initialize the databases: to initialize the databases:#quotacheck-avug Scanning/dev/sda9[/home]done Checked236directoriesand695files Usingquotafile/home/quota.user Usingquotafile/home/quota.group 4. Then, verify that your quota database files have been initialized by noting that they are no longer of size zero (here they are 16,192 bytes each):#ls-al/home/quota.*
-rw-------1rootroot16192Dec2719:53/home/quota.group -rw-------1rootroot16192Dec2719:53/home/quota.user 5. Run quotaon quotaon to enable the quota system: to enable the quota system:#quotaon-a 6. Verify that your system's initialization script (/etc/rc.d/rc.sysinit or similar) will turn on quotas when your system boots. Something along these lines is appropriate, although your system may be very different: or similar) will turn on quotas when your system boots. Something along these lines is appropriate, although your system may be very different:if[-x/sbin/quotacheck];then echo"Checkingquotas."
/sbin/quotacheck-avug echo"Done."
fi if[-x/sbin/quotaon];then echo"Turningonquotas."
/sbin/quotaon-avug fi 7. Add a command script to a system crontab crontab directory (such as the directory directory (such as the directory /etc/crontab.weekly /etc/crontab.weekly) to execute quotacheck quotacheck on a routine basis. An executable script file like the following will work: on a routine basis. An executable script file like the following will work:#!/bin/bash exec/sbin/quotacheck-avug If you prefer, you could instead put /sbin/quotacheck /sbin/quotacheck in in root root's crontab crontab file (using the file (using the crontab -e crontab -e command) for weekly execution, like this: command) for weekly execution, like this: #runquotacheckweekly 03**0/sbin/quotacheck-avug At this point, the /home /home filesystem is ready to accept quotas on a per-user and per-group basis, enforce them, and report on them. filesystem is ready to accept quotas on a per-user and per-group basis, enforce them, and report on them.
On the ExamA general understanding of quotas is necessary for the exam. In particular, you should know the function of each command. Also remember that quotas are set on a per-filesystem basis.
Name quota Syntax quota[-u][options]user quota-g[options]group Description Displays quota limits on user user or or group group. The -u -u option is the default. Only the superuser may use the option is the default. Only the superuser may use the -u -u flag and flag and user user to view the limits of other users. Other users can use the to view the limits of other users. Other users can use the -g -g flag and flag and group group to view only the limits of groups of which they are members, provided that the to view only the limits of groups of which they are members, provided that the quota.group quota.group files are readable by them. files are readable by them.
Frequently used options -q Sets quiet mode, which shows only over-quota situations.
-v Enables verbose mode to display quotas even if no storage s.p.a.ce is allocated.
Example 1 As root root, examine all quotas for user jdoe jdoe: #quota-uvjdoe Diskquotasforuserjdoe(uid500): Filesystemblksquotalimitgracefilesquotalimitgrace /dev/sda9945610000102003200 /dev/hda123001700 This example shows that jdoe jdoe is barely within her soft limit of 10,000 blocks, with a corresponding hard limit of 10,200 blocks on is barely within her soft limit of 10,000 blocks, with a corresponding hard limit of 10,200 blocks on /dev/sda9 /dev/sda9, and has no quota on /dev/hda1 /dev/hda1. The entry for /dev/hda1 /dev/hda1 is displayed in response to the is displayed in response to the -v -v option. No values are shown for the grace periods, because the soft limit has not been exceeded. option. No values are shown for the grace periods, because the soft limit has not been exceeded.
Example 2 As user jdoe jdoe, examine quotas for the finance finance group, of which he is a member: group, of which he is a member: $quota-gvfinance Diskquotasforgroupfinance(gid501): Filesystemblksquotalimitgracefilesquotalimitgrace /dev/sda91000*99010006days3439804000 /dev/hda1000000 Here, the finance finance group has exceeded its meager soft limit of 990 blocks and has come up against its hard limit of 1,000 blocks. (The write operation that wrote the 1,000th block was probably incomplete.) The original grace period in this example was set to seven days and has six days remaining, meaning that one day has elapsed since the soft limit was exceeded. group has exceeded its meager soft limit of 990 blocks and has come up against its hard limit of 1,000 blocks. (The write operation that wrote the 1,000th block was probably incomplete.) The original grace period in this example was set to seven days and has six days remaining, meaning that one day has elapsed since the soft limit was exceeded.
Name quotaon Syntax quotaon[options][filesystems]
quotaon[options]-a Description Enable previously configured disk quotas on one or more filesystems filesystems.
Frequently used options -a Turns quotas on for all filesystems in /etc/fstab /etc/fstab that are marked read-write with quotas. This is normally used automatically at boot time to enable quotas. that are marked read-write with quotas. This is normally used automatically at boot time to enable quotas.
-g Turns on group quotas. This option is not necessary when using the -a -a option, which includes both user and group quotas. option, which includes both user and group quotas.
-u Turns on user quotas; this is the default.
-v Enables verbose mode to display a message for each filesystem where quotas are turned on.
Example 1 Turn on all quotas as defined in /etc/fstab /etc/fstab: #quotaon-av /dev/sda9:groupquotasturnedon /dev/sda9:userquotasturnedon /dev/hda1:groupquotasturnedon /dev/hda1:userquotasturnedon Example 2 Turn on user quotas only on the /home /home filesystem: filesystem: #quotaon-gv/home /dev/sda9:groupquotasturnedon
Name quotaoff Syntax quotaoff[options][filesystems]
quotaoff[options]-a Description Disables disk quotas on one or more filesystems filesystems.
Frequently used options -a Turns quotas off for all filesystems in /etc/fstab /etc/fstab.
-g Turns off group quotas. This option is not necessary when using the -a -a option, which includes both user and group quotas. option, which includes both user and group quotas.
-u Turns off user quotas; this is the default.
-v Enables verbose mode to display a message for each filesystem where quotas are turned off.
Example Turn off all quotas: #quotaoff-av /dev/sda9:groupquotasturnedoff /dev/sda9:userquotasturnedoff /dev/hda1:groupquotasturnedoff /dev/hda1:userquotasturnedoff
Name quotacheck Syntax quotacheck[options]filesystems quotacheck[options]-a Description Examine filesystems and compile quota databases. This command is not specifically called out in the LPI Objectives for Exam 101, but is an important component of the Linux quota system. You should run the quotacheck -a quotacheck -a command on a regular basis (perhaps weekly) via command on a regular basis (perhaps weekly) via cron cron.
Frequently used options -a Checks all of the quotas for the filesystems mentioned in /etc/fstab /etc/fstab. Both user and group quotas are checked as indicated by the usrquota usrquota and and grpquota grpquota options. options.
-g group group Compiles information only on group group.
-u user user Compiles information only on user user; this is the default action. However, if the -g -g option is specified, then this option also should be specified when both group and user quotas are to be processed. option is specified, then this option also should be specified when both group and user quotas are to be processed.
-v Enables verbose mode to display information about what the program is doing. This option shows activity by displaying a spinning character in the terminal. This is nice but could be a problem if you are logged in over a slow modem link.
Example 1 Initialize all quota files: #quotaoff-a #quotacheck-aguv Scanning/dev/sda9[/home]done Checked237directoriesand714files Usingquotafile/home/quota.user Usingquotafile/home/quota.group Scanning/dev/hda1[/mnt/hd]done Checked3534directoriesand72673files Usingquotafile/mnt/hd/quota.user Usingquotafile/mnt/hd/quota.group #quotaon-a By turning off quotas during the update, the quota database files are updated.
Example 2 With quotas active, update the user quotas in memory for /home /home: #quotacheck-v/home Scanning/dev/sda9[/home]done Checked237directoriesand714files Usingquotafile/home/quota.user Updatingin-coreuserquotas
Name edquota Syntax edquota[-pproto-user][options]names edquota[options]-t Description Modify user or group quotas. This interactive command uses a text editor to configure quota parameters for users or groups. The vi vi editor is used by default unless either the editor is used by default unless either the EDITOR EDITOR or or VISUAL VISUAL environment variables are set to another editor, such as environment variables are set to another editor, such as emacs emacs. When the command is issued, the editor is launched with a temporary file containing quota settings. When the temporary file is saved and the editor is terminated, the changes are saved in the quota databases.
In the first form, a s.p.a.ce-separated list of users or groups specified in names names is modified. If is modified. If proto-user proto-user is specified with the is specified with the -p -p option, quotas of that user or group are copied and used for option, quotas of that user or group are copied and used for names names and no editor is launched. In the second form with the and no editor is launched. In the second form with the -t -t option, the soft limit settings are edited interactively for each filesystem. option, the soft limit settings are edited interactively for each filesystem.
Frequently used options -g Modify group quotas. If -g -g is specified, all is specified, all names names are a.s.sumed to be groups and not users, even if are a.s.sumed to be groups and not users, even if -u -u is also specified. is also specified.
-p proto-user proto-user Duplicate the quotas of the prototypical user or group proto-user proto-user for each user or group specified. This is the normal mechanism used to initialize quotas for multiple users or groups at the same time. for each user or group specified. This is the normal mechanism used to initialize quotas for multiple users or groups at the same time.
-t Modify soft limits. Time units of sec sec(onds), min min(utes), hour hour(s), day day(s), week week(s), and month month(s) are understood.
-u Modify user quotas. This is the default action. This option is ignored if -g -g is also specified. is also specified.NoteThe following examples use the vi vi editor. The contents of the edit buffer, not program output, are shown after each example. editor. The contents of the edit buffer, not program output, are shown after each example.
Example 1 Modify the user quotas for jdoe jdoe: #edquota-ujdoe Quotasforuserjdoe: /dev/sda9:blocksinuse:87,limits(soft=99900,hard=100000) inodesinuse:84,limits(soft=0,hard=0) /dev/hda1:blocksinuse:0,limits(soft=0,hard=0) inodesinuse:0,limits(soft=0,hard=0) ~ ~ "/tmp/EdP.auHTZJ0"5lines,241characters Here, jdoe jdoe has been allocated a soft limit of 99,900 blocks (which on a default Linux has been allocated a soft limit of 99,900 blocks (which on a default Linux ext2 ext2 or or ext3 ext3 filesystem with a 4k block size means 390 MB), a hard limit of 100,000 blocks (only 400 KB higher than the soft limit), and no limit on the number of files on filesystem with a 4k block size means 390 MB), a hard limit of 100,000 blocks (only 400 KB higher than the soft limit), and no limit on the number of files on /dev/sda9 /dev/sda9. She has no limits on /dev/hda1 /dev/hda1.
Example 2 Modify soft limits for users on all filesystems: #edquota-tu Timeunitsmaybe:days,hours,minutes,orseconds Graceperiodbeforeenforcingsoftlimitsforusers: /dev/sda9:blockgraceperiod:7days, filegraceperiod:3days /dev/hda1:blockgraceperiod:7days, filegraceperiod:3days ~ ~ "/tmp/EdP.aiTShJB"5lines,249characters Here, the user grace periods have been set to seven days for blocks (disk s.p.a.ce) and three days for files (inodes).
Name repquota Syntax repquota[options]filesystems repquota-a[options]
Description Used to report on the status of quotas. In the first form, repquota repquota displays a summary report on the quotas for the given displays a summary report on the quotas for the given filesystems filesystems on a per-user or per-group basis. In the second form, the on a per-user or per-group basis. In the second form, the -a -a option causes a summary for all filesystems with quotas to be displayed. This command fails for nonroot users unless the quota database files are world-readable. The current number of files and the amount of s.p.a.ce utilized are printed for each user, along with any quotas created with option causes a summary for all filesystems with quotas to be displayed. This command fails for nonroot users unless the quota database files are world-readable. The current number of files and the amount of s.p.a.ce utilized are printed for each user, along with any quotas created with edquota edquota.
Frequently used options -a Report on all of the quotas for the read-write filesystems mentioned in /etc/fstab /etc/fstab. Both user and group quotas are reported as indicated by the usrquota usrquota and and grpquota grpquota options. options.
-g Report quotas for groups.
-u Report quotas for users; this is the default action.
-v Enable verbose mode, which adds a descriptive header to the output.
Example Report user quotas for /home /home: #repquota-v/home ***Reportforuserquotason/dev/sda9(/home) BlocklimitsFilelimits Userusedsofthardgraceusedsofthardgrace root--4189410026900 328--1411002000 jdean--98189990010000033400 u1--44004300 u2--44004300 u3--12715530012400 jdoe--87999001000008400 bsmith--42199020004100
Objective 5: Manage File Permissions and Ownership Filesystem security is a fundamental requirement for any multiuser operating system. The system's files, such as the kernel, configuration files, and programs, must be protected from accidents and tampering by unauthorized people. Users' files must be protected from modification by other users and sometimes must be kept completely private. In general, a form of access control access control must be implemented to allow secure operations. must be implemented to allow secure operations.
Linux Access Control Native Linux filesystem access control is implemented using a set of properties, maintained separately for each file. These properties are collectively called the access mode access mode, or simply the mode mode, of the file. The mode is a part of the file's inode, the information retained in the filesystem that describes the file. A file's mode controls access by these three cla.s.ses of users: User The user who owns the file Group The group that owns the file Other All other users on the system Like the mode, user and group ownership properties are a part of the inode, and both are a.s.signed when a file is created. Usually, the owner is the user who created the file. The file's group is usually set to its creator's default group. Group ownership adds flexibility in situations in which a team shares files. The "other" users are those who aren't members of the file's group and are not the file's owner. For each of these three user cla.s.ses, the access mode defines three types of permissions, which apply differently for files and directories. The permissions are listed in Table7-2 Table7-2.
Table7-2.File permissions
Permission Mnemonic File permission Directory permission Read r Examine the contents of the file.
List directory contents.
Write w Write to or change the file.
Create and remove files in the directory.
Execute x Run the file as a program.
Access (cd into) the directory. into) the directory.
These three permissions apply to the three different cla.s.ses of users: user, group user, group, and other other. Each has read, write read, write, and execute execute permissions, as shown in permissions, as shown in Figure7-1 Figure7-1.
Figure7-1.Access mode bits All of the permissions are binary (either granted or not granted) and are thought of as single binary bits in the access mode. When displayed by commands such as ls ls, the permissions use the mnemonic in Table7-2 Table7-2 for the true state and a hyphen for the false state. To represent only the read permission, for example, for the true state and a hyphen for the false state. To represent only the read permission, for example, r-- r-- would be used. Read and execute together, typical for directories, would be denoted would be used. Read and execute together, typical for directories, would be denoted r-x r-x. These notations are usually offered in sets of three, such as: rw-rw-r-- A file with this setting would give read/write permission to the user and group, and read-only permission to everyone else.
In addition to the nine bits for user, group, and other, the access mode contains three more bits, which control special attributes for executable files and directories: SUID The SUID property is for executable files only and has no effect on directories. Normally the user who launches a program owns the resulting process. However, if an executable file has its SUID bit set, the file's owner owns the resulting process, no matter who launched it. When SUID is used, the file's owner is usually root. This offers anyone temporary root access for the duration of the command. An example of an SUID program is pa.s.swd pa.s.swd. This command needs special access to manipulate the shadow pa.s.sword file (/etc/shadow), and runs as user root root.Using the SUID bit in cases like pa.s.swd pa.s.swd enhances security by allowing access to secure functions without giving away the root pa.s.sword. On the other hand, SUID can be a security risk if access is granted unwisely. For example, consider a situation where enhances security by allowing access to secure functions without giving away the root pa.s.sword. On the other hand, SUID can be a security risk if access is granted unwisely. For example, consider a situation where /bin/vi /bin/vi was set to SUID mode. Any user would be able to edit any file on the system! was set to SUID mode. Any user would be able to edit any file on the system!
SGID The SGID property works the same way as SUID for executable files, setting the process group owner to the file's group. In addition, the SGID property has a special effect on directories. When SGID is set on a directory, new files created within that directory are a.s.signed the same group ownership as the directory itself. For example, if directory /home/fin /home/fin has the group has the group finance finance and has SGID enabled, then all files under and has SGID enabled, then all files under /home/fin /home/fin are created with group ownership of are created with group ownership of finance finance, regardless of the creator's group. This is an important attribute for teams, ensuring that shared files all have the same group ownership.
Sticky At one time, the sticky bit sticky bit applied to executable programs, flagging the system to keep an image of the program in memory after the program finished running. This capability increased performance for subsequent uses by eliminating the programs' load phase, and was applied to programs that were large or were run frequently. Modern virtual memory techniques have made this use unnecessary, and under Linux there is no need to use the sticky bit on executable programs. applied to executable programs, flagging the system to keep an image of the program in memory after the program finished running. This capability increased performance for subsequent uses by eliminating the programs' load phase, and was applied to programs that were large or were run frequently. Modern virtual memory techniques have made this use unnecessary, and under Linux there is no need to use the sticky bit on executable programs.When applied to a directory, the sticky bit offers additional security for files within the directory. Regardless of file permissions, the only users who can rename or delete the files from a directory with the sticky bit set are the file owner, the directory owner, and root root. When used in a team environment, the sticky bit allows groups to create and modify files but allows only file owners the privilege of deleting or renaming them. The /tmp /tmp directory on Linux systems usually has the sticky bit set, to allow any user to write to it, but allow only the file owner to delete files or directories. directory on Linux systems usually has the sticky bit set, to allow any user to write to it, but allow only the file owner to delete files or directories.
Like the other access controls, these special properties are binary and are considered bits in the access mode.
The mode bits The special, user, group special, user, group, and other other permissions can be represented in a string of 12 binary bits, as shown in permissions can be represented in a string of 12 binary bits, as shown in Figure7-2 Figure7-2.
Figure7-2.Changing permission bits to an octal number It is common to refer to these bits in four sets of three, translated into four octal (base-8) digits. The first octal digit represents the special permissions SUID, SGID, and sticky. The other three represent the read, write, and execute permissions, respectively, in each of the user, group, and other user cla.s.ses. Octal notation is used as shorthand for binary strings such as the access mode, and each group of three bits has 23 = 8 possible values, listed in = 8 possible values, listed in Table7-3 Table7-3.
The read permission by itself is r-- r--, which can be thought of as binary 100, or octal 4. Adding the write permission yields rw- rw-, or binary 110, which is octal 6. Figure7-2 Figure7-2 shows how to total bit values into the octal equivalents. Memorizing, or even writing, the binary-to-octal equivalents may be easier on the exam than adding bit values. Use the technique that works best for you. shows how to total bit values into the octal equivalents. Memorizing, or even writing, the binary-to-octal equivalents may be easier on the exam than adding bit values. Use the technique that works best for you.
Table7-3.Octal numbers