CIT 500: IT Fundamentals
description
Transcript of CIT 500: IT Fundamentals
![Page 1: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/1.jpg)
CIT 500: IT Fundamentals
Users and Filesystems
1
![Page 2: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/2.jpg)
Topics
1. Users1. User accounts2. Groups3. Passwords
2. Filesystems1. Partitions2. Filesystems and files3. File permissions
2
![Page 3: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/3.jpg)
User Accounts
Each user has their own– User ID (UID)– Group ID (GID)– Password– Home directory
Access to files is determined by– User identity: UID + GIDs– File permissions
3
![Page 4: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/4.jpg)
User Types
Regular users– Humans with accounts on system.– May log in via network or on console.
Special users– Non-human users for specific programs, i.e. http.– Used for file permission purposes.
Superuser– Admin user with UID 0 has special permissions.– Username is typically root.
4
![Page 5: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/5.jpg)
/etc/passwdroot:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shwaldenj:x:100:100:James Walden, faculty:/home/waldenj:/bin/bashsmith:x:101:101:John Smith, student:/home/smithj:/bin/bash
5
![Page 6: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/6.jpg)
Groups
Users belong to one or more groups.– User always has a primary group.– User can access files accessible to any of the
groups to which the user belongs.
Groups contain zero or more users.– Created by the system administrator.– Some groups exist for programs like special users.– Other groups exist for human users.
6
![Page 7: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/7.jpg)
/etc/grouproot:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
waldenj:x:100:
smithj:x:101:
faculty:x:waldenj
student:x:smithj
7
![Page 8: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/8.jpg)
Passwords
Passwords– Most common type of authentication.– Authentication binds a person to an identity.– Use passwd command to change.
Attacks against passwords– Reading passwords from disk storage.– Intercepting passwords via wiretapping.– Guessing passwords.
8
![Page 9: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/9.jpg)
Protecting Passwords
Against disk storage attacks– Store password in secure file, /etc/shadow.– Store one-way hash of password, not password itself.– Compare hash of password entered by user with hash of
password stored on disk to login.
Against wiretapping– Do not send passwords over email.– Use encrypted protocols like ssh to login.
Against guessing– Do not use dictionary words, birthdates, names.– Choose a long password.
9
![Page 10: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/10.jpg)
User Information Commands> whoamiwaldenj> iduid=102(waldenj) gid=102(waldenj) groups=102(waldenj),101(faculty)> whowaldenj pts/3 Sep 3 14:06 (10.10.10.18)wardj pts/5 Sep 3 11:27 (10.10.10.51)cunninghams pts/6 Sep 3 15:14 (10.10.10.11)> w 15:16:59 up 105 days, 1:06, 8 users, load average: 0.02, 0.04, 0.01USER TTY FROM LOGIN@ IDLE JCPU PCPU WHATwaldenj pts/3 10.10.10.18 14:06 0.00s 0.03s 0.01s wwardj pts/5 10.10.10.51 11:27 18:20m 0.01s 0.01s -bashcunningh pts/6 10.10.10.11 15:14 0.00s 0.01s 0.00s vi highlow.rb
10
![Page 11: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/11.jpg)
Partitions and the MBR4 primary partitions.
One can be used as an extended partition, which is a link to an Extended boot record on the 1st sector of that partition.
Each logical partition is described by its own EBR, which links to the next EBR.
11
![Page 12: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/12.jpg)
Extended Partitions and EBRsThere is only one extended partition.– It is one of the primary partitions.– It contains one or more logical partitions.– It should contain all disk space not used by the
other primary partitions.
EBRs contain two entries.– The first entry describes a logical partition.– The second entry points to the next EBR if there
are more logical partitions after the current one.
12
![Page 13: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/13.jpg)
Why Partition?
1. Separate OS from user files, to allow user backups + OS upgrades w/o problems.
2. Have a faster swap area for virtual memory.3. Improve performance by keeping filesystem tables
small and keeping frequently used together files close together on the disk.
4. Limit the effect of disk full issues, often caused by log or cache files.
5. Multi-boot systems with multiple OSes.
13
![Page 14: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/14.jpg)
Filesystems
• Filesystems are a method for organizing and storing data. Filesystems typically– Divide storage into blocks.– Provide tree-structured organization.
• Filesystems– ext3fs: used on most Linux systems.– FAT: used on MS-DOS systems + flash memory.– ISO9660: used by CD-ROM and DVD-ROMs.– NTFS: used by MS Windows NT, XP, Vista.
14
![Page 15: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/15.jpg)
Blocks
Filesystems divide storage into uniform blocks– Blocks contain one or more disk sectors.– Filesystem tracks which blocks are used, free.
Blocks store– File data– File metadata– Directories– Filesystem metadata
15
![Page 16: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/16.jpg)
UNIX File System Structure
Slide #16
![Page 17: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/17.jpg)
Paths
Absolute Paths– Specify path to file from root of the tree.– Always begin with /.– ex: /bin/ls, /home/b/smithj/cit500/hw/a1.rtf
Relative Paths– Specify path from current dir to file.– Never begin with /.– ex: ls, a1.rtf, ../../cit501/syl.pdf, cit500/hw/a1.rtf,
~/cit500/hw/a1.rtf, ~smithj/hw/a1.rtf17
![Page 18: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/18.jpg)
Files
A described storage unit.– Description includes name(s) + other metadata.– Storage is a sequence of bytes.
Metadata includes– File ownership.– File access permissions.– Timestamps (creation, modification, access.)– Location of blocks containing file data.
18
![Page 19: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/19.jpg)
File Types
Types indicate application to useJPEG, TIFF, PNG, GIF – image file typesAVI, FLV, MKV, MPEG – video file types
How do you determine the type of a file?MIME types – email attachments and web files.Magic numbers – first few bytes of a file.Suffixes – of filename, set by user so unreliable.
19
![Page 20: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/20.jpg)
MIME Types
Multipurpose Internet Mail Extensions– Used for e-mail attachments.– Used for all web documents.
Identified by Content-Type: header.– text/plain: regular e-mail– text/html: HTML markup– multipart/mixed: text/plain + attachments– image/jpeg: JPEG image attachment– Many other formats
20
![Page 21: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/21.jpg)
File Command
Identifies some file types by file metadataDirectories, device files, socket files, etc.
Identifies most file types by magic number1.Examine first few bytes of file.2.Lookup in dictionary of magic numbers to types.3.Returns type of file.
Magic numbers are human-specified numerical constants in programs.
21
![Page 22: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/22.jpg)
Directories
Special file type that maps names to inodes.Names are the filenames you see with ls.Every name is a link to the inode.Inodes are disk structures that store file metadata.
Every directory contains two directories. references the current directory... references the directory above the current
directory in the filesystem tree.
22
![Page 23: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/23.jpg)
File Storage in UNIX
Slide #23
![Page 24: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/24.jpg)
Inode Block Addressing
Slide #24
![Page 25: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/25.jpg)
Hard and Soft Links
Hard Links– Maps name to inode.– Can only refer to files on same filesystem.– Diff names in diff dirs can map to same inode.– File is not deleted until all hard links deleted.
Symbolic links– File that refers to another file or directory.– Contains pathname for file data.– Can point to files on other filesystems.
25
![Page 26: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/26.jpg)
Hard and Soft Links
Creating a hard linkln /bin/ls myls
ln: creating hard link `myls' => `/bin/ls': Invalid cross-device link
ln .bashrc myconfig
Creating a symbolic linkln –s /bin/ls myls
ln –s .bashrc myconfig
26
![Page 27: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/27.jpg)
Access Control: PermissionsRead– You can read the file with cat, more, etc.
Write– You can modify the file with vi, OpenOffice, etc.
Execute– You can run the file if it’s a program.
27
![Page 28: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/28.jpg)
Three Sets of Permissions
Slide #28
![Page 29: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/29.jpg)
Access Control: Directories• Read– You can list directory contents with ls, etc.
• Write– You can create new files with touch, etc.– You can delete files with rm, etc.
• Execute– You can cd to the directory.
29
![Page 30: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/30.jpg)
Octal Codes for Permissions
Slide #30
![Page 31: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/31.jpg)
Access Control Interpretation
Slide #31
![Page 32: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/32.jpg)
Access Control Commands
Changing File Access Privilegeschmod [options] octal-mode filechmod [options] symbolic file
Slide #32
![Page 33: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/33.jpg)
Examples of chmod
Slide #33
![Page 34: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/34.jpg)
More chmod Examples
Slide #34
![Page 35: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/35.jpg)
More chmod Examples
Slide #35
![Page 36: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/36.jpg)
More chmod Examples
Slide #36
![Page 37: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/37.jpg)
umask mask The access permission value on executable
file or directory is computed by:file permission = 777 –
mask
Current Value of the mask:$ umask
777
$
Setting Default Permissions
37
![Page 38: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/38.jpg)
Special Access Bits
The Set-User-ID (SUID) Bit– Command runs with privileges of file owner when.– chmod 4xxx file-list– chmod u+s file-list
The Set-Group-ID (SGID) Bit– Command runs with privileges of group owner.– chmod 2xxx file-list– chmod g+s file-list
The Sticky Bit– Prevents non-owners from removing/renaming files in dir.– chmod 1xxx file-list– chmod +t file-list
38
![Page 39: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/39.jpg)
Special Bits ExamplesSetUID Bit> ls -l /etc/passwd /usr/bin/passwd
-rw-r--r-- 1 root root 1335 2005 /etc/passwd
-rwsr-xr-x 1 root root 25464 2005 /usr/bin/passwd
SetGID Bit> ls –l /usr/bin/wall
-rwxr-sr-x 1 root tty 9784 2005 /usr/bin/wall
Sticky Bit> ls -ld /var/tmp
drwxrwxrwt 13 root root 4096 2005 /var/tmp
39
![Page 40: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/40.jpg)
Archiving Files
Archiving files stores multiple files in a single file.– Useful for transferring files across the network.– Useful for storing rarely needed files for future use.
Most archives are compressed to save space/time.– Compression encodes the same information using fewer
bits to save space.– Run Length Encoding (RLE) is a simple compression
algorithm where repeated sequences are encoded as the sequence followed by a repetition count.
40
![Page 41: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/41.jpg)
Tar
Tar (Tape ARchive) is std UNIX archive format.– Originally and still used to save data to tape.– Also used to create archive files on disk.
Stores directories, file data, and metadata.– Includes ownership + permissions.– Does not include extended attributes and ACLs
that are supported by advanced filesystems.
41
![Page 42: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/42.jpg)
Compression
Common compression toolscompress: obsolete, files have .Z suffixgzip: old, .gz suffix, offers ~61% bin, ~75% textbzip2: std, .bz2 suffix, offers ~64% bin, ~80% text7zip: newer, .7z suffix, offers ~73% bin, ~81% textnanozip: newest, best compression, beta version
42
![Page 43: CIT 500: IT Fundamentals](https://reader036.fdocuments.us/reader036/viewer/2022062804/56814938550346895db67e3e/html5/thumbnails/43.jpg)
References
1. Syed Mansoor Sarwar, Robert Koretsky, Syed Ageel Sarwar, UNIX: The Textbook, 2nd edition, Addison-Wesley, 2004.
2. Nicholas Wells, The Complete Guide to Linux System Administration, Thomson Course Technology, 2005.
43