openSAP Suse1-Pc Week 2 All Slides PDF

Week 2 Unit 1:
The Filesystem Hierarchy Standard (FHS)

The Linux Standards Base (LSB) and the FHS
The Filesystem Hierarchy Standard (FHS) is part of the Linux Standards Base. It includes the
following information:
• Which directories must be located on the first level and what they contain
• Defines a two-layer hierarchy
o What’s under the top layer (root or “/”)
o What’s under /usr and /var
The FHS includes the following design factors:
o Compartmentalization – by separating out components of the filesystem, gain security and
order
o Writability – where can users and processes safely store files
o Shareability – who can access what, with and without changes to default permissions
The FHS is maintained by the Linux Foundation
open.sap.com Slide 2
FHS First Layer
/
bin sbin lib lib64 etc usr opt root boot home run mnt var srv tmp dev sys proc
/bin – user binaries /mnt – temporarily mounted filesystems

/var – variable files
/sbin – system binaries
/srv – site-specific data served by the system
/lib – libraries /tmp – temporary files
/lib64* – 64bit libraries /dev – device files
/etc – configuration files /sys – information about devices, drivers, etc.
/proc – virtual filesystem with kernel and
/usr – programs, libraries and more
process information
/opt – optional and third-party applications
/root – root user home directory
/boot – boot loader files
/home – user home directories
/run – run-time variable data
FHS Second Layer - /usr
/
bin
sbin
lib
include
share
local
src
/usr/bin – most executables
/usr/sbin – system admin programs
/usr/lib – libraries and application directories
/usr/share – documentation and man pages
/usr/local – locally installed programs
/usr/src – source code for kernel and programs
FHS Second Layer - /var
/
lib
lock
/var/lib – variable libraries, like databases spool
/var/lock – lock files for multiuser access run
/var/spool – queues (printers, email) log
/var/run – information about running processes

/var/log – service log files
Copyright © SUSE LLC
© 2019 SUSE LLC. All rights reserved. SUSE and the SUSE logo are registered trademarks of SUSE
LLC in the United States and other countries. All third-party trademarks are the property of their
respective owners.
Thank You!
Contact Information:
open@sap.com
Week 2 Unit 2:
Linux File Types
Linux File Types
The Seven File Types
There are 7 different file types in Linux:

o Normal files
o Directories
o Links
o Sockets
o Pipes (FIFOs)
o Block Devices
o Character Devices
Linux File Types
File Types: Normal Files and Directories
• Normal files
o Sets of data addressed with one name
o Examples:
• ASCII text files
• Executable files
• Graphics files
• Directories
o Organize files on the disk
o Contain files and/or subdirectories
o Implement the hierarchical file system
Linux File Types
File type: Introduction to Links
• Hard Links
o Secondary file names for files
o Multiple file names referencing a single inode
o Referenced file must reside on the same filesystem FileB FileA
• Symbolic Links
o References to other files on the system (or over the network)
o The inode contains a reference to another file name
o Referenced files can exist in the same filesystem or in another filesystem
o A symbolic link (sometimes called soft) can reference a non-existent file (broken link)
FileB FileA
Linux File Types
File type: Links Visualized
File1link.txt File1.txt Symlink-to-File1.txt

(hard link)
Filesystem
(inodes)
Data
Volume 1 Volume 2
Linux File Types
File type: Sockets and Pipes
• Sockets
o Logical endpoint for communication between processes
o Used for two-way communication
Process 1234 Process 4321
• Pipes (sometimes called a FIFO – First In First Out)

o Logical endpoint for communication on the filesystem for output from a process
o Used for one-way communication
o Multiple processes can read from the pipe
Process 9876 Process 6789
Linux File Types
File type: Device Files
• Device file represent hardware

o Link between hardware devices and kernel drivers
o Kernel drivers read from and write to the device file
o The kernel gets the data to the hardware in the correct format
o Except network cards (have their own method)
• Types of device files

o Block devices
o Character devices
Device files are automatically created by a system tool called udev. There are tools for and
circumstances when manual creation of device files is necessary.
Linux File Types
File type: Block Device Files
• Block device files are primarily used for storage

o 1st initialized hard drive = /dev/sda
o 2nd initialized hard drive = /dev/sdb
o etc.
Partition numbers are appended to the device name:
Device Name
First primary partition on the first drive /dev/sda1
Second primary partition or an extended /dev/sda2
partition on the first drive
First primary partition on the third hard drive /dev/sdc1
First logical partition on the first hard drive /dev/sda5
Second logical partition o the first hard drive /dev/sda6
Linux File Types
File type: Block Device Files
• Character devices provide unbuffered access directly to a hardware device

o Sometimes referred to as raw devices
o Many different options for character devices, making their use and application wide and varied
• Examples of character devices:

o Keyboard
o Mouse
respective owners.
Thank You!
open@sap.com
Week 2 Unit 3:
User Management
User Management
User ID (UID) and Group ID (GID)
Since operating systems handle numbers better than strings, users and groups are administered as
numbers:
• The User ID, or UID, is the number representing a user
o 0: root
o 1 – 99: System
o 100 – 499: System accounts
o ≥ 1000: Normal (unprivileged) accounts
• The Group ID, or GID, is the number representing a group (with users as members)
o 0: root
o 1 – 99: System groups
o 100 – 499: Dynamically allocated system groups
o ≥ 1000: Normal groups
User Management
User and Group Information: CLI
• There are several tools for viewing user and group information from a command line or shell:
o whoami: who is executing this command
server1:~> whoami
tux
o id <user> : list uid, gid and any groups the user is in
server1:~> id tux
uid=1000(tux) gid=100(users) groups=100(users)
o groups : list the groups the user is a member of
server1:~> groups tux
tux : users
User Management
User and Group Database Files
• Users, groups and passwords are stored in the following files:

o Users: /etc/passwd – contains user account information, with the exception of the user account password
o Password hashes: /etc/shadow – contains user account password hashes and policies
o Groups: /etc/group – stores group information, such as names and members
User Management
Contents of /etc/passwd
• The fields of /etc/passwd are as follows:

o User login name
o Password field
o User ID
o Primary group ID
o Comments (GECOS)
o Home Directory
o Default shell
User Management
Contents of /etc/shadow
• The fields of /etc/shadow are as follows:

o User login name
o Hashed password field
o Last change
o Next possible change
o Must Change
o Warning
o Grace limit
o Expiration/Lock
User Management
Contents of /etc/group
• The fields of /etc/group are as follows:

o Group name
o Group password
o Group ID
o List of secondary group members
User Management
Managing Users and Groups from the Command Line
• Users and groups can be managed via the command line (shell) or through YaST.
Command Description
useradd Create users
usermod Modify existing users
userdel Delete users
groupadd Create groups
groupmod Modify existing groups
groupdel Delete groups
passwd Set/Modify user passwords
gpasswd Set/Modify group passwords
User Management
Managing Users and Groups from YaST
respective owners.
Thank You!
open@sap.com
Week 2 Unit 4:
Filesystem Permissions
Identifying File and Directory Permissions
File and directory permissions and ownership are easily identified from the command line:
o Using the ls –l command, we get something similar to the following:
Type and permissions
Links and contents
Modification time
Ownership
File name
File size
Permissions Explained
Permissions in Linux (and other Unix-like operating systems) use a mode system:
• Files
o Read (r) – File can be opened and read
o Write (w) – File can be modified (but not deleted) -rwxrwxrwx
o Execute (x) – File can be executed (run as a program or script)
• Directories
o Read (r) – Directory contents can be viewed
o Write (w) – Directory contents can be modified (i.e. files can be deleted)
o Execute (x) – Directory can be entered (cd into or through directory)
drwxr-x---
User Group Other
The permissions are listed by User, Group, and Other (meaning everyone else).
User
• The user that has ownership of a file can be given read
(r), write (w), or execute (x) permissions to the file
Other
• The group that has ownership can also be given read,
write or execute permissions
• Anyone that is not the owning user, or in the group that

has ownership, is classified as other and a set of read,
write, and execute permissions applies to them
Group
Binary and Octal Permission Notation
Permissions in Linux can also be expressed in Binary and Octal notation. Binary notation is rarely
used for anything other than calculation.
o Read = 4 in octal notation
o Write = 2 in octal notation
o Execute = 1 in octal notation
Notation User Group Other

Standard rwx rw- r--
Binary 111 110 100
Octal 7 6 4
Modifying File and Directory Modes and Ownership
Permissions in Linux are referred to as the mode and there are tools to change the mode, as well as
the owner and group owner of a file or directory:
o chmod – Change mode
• Can use the regular (rwx) notation or the octal notation
o chown – Change file user and/or group ownership

• Can specify either user or group, or both
o chgrp – Change group ownership
umask
When a file or directory is created in Linux, default permissions are set. Using the umask, an
administrator can limit specifically (via subtraction) what permissions are granted to the user, group
and all others.
Default 666
• Files:
umask 022
Result 644
Default 777
• Directories umask 022
Result 755
Sticky Bit
In addition to the standard read, write, and execute permissions, there are three others: the sticky bit,
SGID, and SUID.
• Sticky bit
o Files: Not applicable
o Directories: A user can only delete files in the directory when the user is root or the owner of the
directory
o There is special notation for the sticky bit:
User Group Other
rwx rwx rwt
rwT
001 111 111 111
110
1 7 7 7
6
Set Group ID (SGID)
• Set Group ID (SGID)

o Files: When a program (the file) is run, this sets the group ID of the process to that of the group
of the file (not the group of the user who executed the file)
o Directories: Files create in this directory belong to the group to which the irectory belongs and
not to the primary group of the user. New Directories created in this directory inherit the SGID
bit
o There is special notation for SGID:
User Group Other

rwx rws rwx
rwS
010 111 111 111
110
2 7 7 7
6
Set User ID (SUID)
• Set User ID (SUID)

o Files: When a program (the file) is run, this sets the user ID of the process to that of the owner
of the file (not the user who executed the file)
o Directories: Not applicable
o There is special notation for SUID:
User Group Other

rws rwx rwx
rwS
100 111 111 111
110
4 7 7 7
6
respective owners.
Thank You!
open@sap.com
Week 2 Unit 5:
Privilege Delegation
Switching Identities
SUSE Linux Enterprise Server administrators frequently need to change system identities in order to
perform daily tasks. There are multiple tools for performing this switch.
o su – Substitute user
• The “-” option gives you a login shell (e.g. su -)
• Execute a single command as a user with the -c option (e.g. su -c “grep tux /etc/shadow”)
o newgrp, sg – Switch primary group
sudo
SUSE Linux administrators will also frequently use the sudo command. Originally it meant “superuser
do”, but has more recently been changed to “substitute user do”.
o sudo – switch to another user (default is root) and perform a task
o On SUSE Linux Enterprise Server, the root password is required by default
• This behavior is different from most other Linux distributions
• Can be changed to the user’s password in the /etc/sudoers file
SUSE default (root’s password) User’s password
sudo’s Configuration File: /etc/sudoers
The primary configuration file for sudo is /etc/sudoers.

o visudo (text based) is the preferred tool for modifying the configuration
• visudo opens /etc/sudoers in the default text editor
• Requires root privileges
o Can be changed to allow user passwords instead of root when performing root-level
tasks
Syntax in /etc/sudoers
The general syntax of the /etc/sudoers file looks like the following:
o <user/%group> <host> = <command1>[, <command2>…]
• User example:
geeko ALL = /sbin/shutdown
geeko ALL = NOPASSWD: /sbin/shutdown
• Group example:
%admins = /sbin/shutdown
sudo Aliases
There are several kinds of aliases that can be used in the /etc/sudoers file:
o User alias – a collection of users
User_Alias <ALIAS NAME> = <user1>[, <user2>, …]
Example: User_Alias POWERUSERS = tux, geeko
o Command Alias – a collection of commands
Cmnd_Alias <ALIAS NAME> = <command1>[, <command2>, …]
Example: Cmnd Alias KPROCS = /bin/kill, /usr/bin/killall
o Host Alias – a collection of hosts
Host_Alias <ALIAS NAME> = <host1>[, <host2>, …]
Example: Host_Alias HOSTS = da1
o Runas Alias – a collection of users that can be reference by UID
Runas_Alias <ALIAS NAME> = <user1>[, <user2>, …]
Example: Runas_Alias RUNASUSERS = tux, geeko
Using sudo Aliases
Aliases are frequently used together to simplify sudo administration.

o Alias use syntax:
<User_Alias> <Host_Alias> = (<user>) <Cmnd_Alias>
Example: POWERUSERS HOSTS = (root) KPROCS
User_Alias POWERUSERS = tux, geeko

Cmnd_Alias KPROCS = /bin/kill, /usr/bin/killall
Host_Alias HOSTS = da1
respective owners.
Thank You!
open@sap.com

openSAP Suse1-Pc Week 2 All Slides PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

openSAP Suse1-Pc Week 2 All Slides PDF

Uploaded by

Copyright:

Available Formats

Week 2 Unit 1:

The Filesystem Hierarchy Standard (FHS)

The FHS is maintained by the Linux Foundation

/bin – user binaries /mnt – temporarily mounted filesystems

/var/spool – queues (printers, email) log

/var/run – information about running processes

There are 7 different file types in Linux:

File1link.txt File1.txt Symlink-to-File1.txt

Process 1234 Process 4321

• Pipes (sometimes called a FIFO – First In First Out)

Process 9876 Process 6789

• Device file represent hardware

• Types of device files

• Block device files are primarily used for storage

Partition numbers are appended to the device name:

• Character devices provide unbuffered access directly to a hardware device

• Examples of character devices:

• Users, groups and passwords are stored in the following files:

• The fields of /etc/passwd are as follows:

• The fields of /etc/shadow are as follows:

• The fields of /etc/group are as follows:

useradd Create users

usermod Modify existing users

userdel Delete users

groupadd Create groups

groupmod Modify existing groups

groupdel Delete groups

passwd Set/Modify user passwords

gpasswd Set/Modify group passwords

Type and permissions

Links and contents

• Anyone that is not the owning user, or in the group that

Notation User Group Other

o chown – Change file user and/or group ownership

o chgrp – Change group ownership

• Set Group ID (SGID)

User Group Other

• Set User ID (SUID)

User Group Other

o newgrp, sg – Switch primary group

SUSE default (root’s password) User’s password

The primary configuration file for sudo is /etc/sudoers.

Aliases are frequently used together to simplify sudo administration.

User_Alias POWERUSERS = tux, geeko

You might also like