Linux/Unix File System

2009 Mar 01

/ Root directory, top of file system
Critical executables needed to boot os
  /dev/ Device drivers
  /etc/ System configuration files
scheduled tasks (sometimes: in /usr/lib/crontab)
    /fstab disk mount table
    /group group definition file
    /hosts.equiv Trusted HostName:IP table
    /inittab boot table
    /rc boot info file?
    /passwd password file
  /home/ User directory sub-tree
    .rhosts Trusted systems
  /lib/ Shared libraries for programs
  /mnt/ Where file systems exported by other systems are mounted
  /proc/ Images of currently executing processess on the system
  /tmp/ Temporary files that are deleted during reboot
  /usr/ Critical system files
    /bin/ Standard system utilities
    /include/ C headers
    /man/ Manual page files
    /sbin/ Sysadmin executables
  /var/ Varying files, often used for administration
    /log/ Log files and temporay storage for services (e.g. spool, pail)
      /cron individual log for cron
      /httpd individual log for httpd
      /messages contains message from kernel and such
      /secure contains information about succesful and failed logins for telnet, rlogin, rsh, and others
(or /adm/)
Log files and temporay storage for services (e.g. spool, pail)
      /lastlog Contains info about and location each user last logged into system - info is shown to user at next login
      /utmp Records who is currently logged into system, man who
      /wtmp Records all logins and logouts, man last

Privileges and Permissions

Every file has privileges or permissions associated with it. These permissions are associated with the: owner of the file, the owner's group, and the world (i.e. every user on the system). The ls -l command will show these as a 10 character pattern. If the first character is a d then the file is actually a directory, otherwise is is a just a file. The next 9 characters in groups of 3 are:

rwx rwx rwx

If the appropriate permission is not allowed then a "-" appears instead of the "d" (directory, "r" (read), "w" (write), or "x" (execute). The permissions can be altered using the chmod command with parameters specified in octal, (e.g. 741 for rwxr----x) followed by a list of file names. Do a man chmod for more options.


Sometimes a process has a legitimate reason for accessing a file that the user normally does not have privilege for. For example, when the user wishes to change their password the program doing that needs to be able to modify (write) the passwd (or shadow) file - but this file can only be changed with root privilege.

The solution is for one more permission flag called SetUID (set user id); which gives the permissions of the owner of the file to a process (or executable) file which has this flag set. Thus the passwd program has this flag set and temporaril allows the user running it to alter (only) their password in the passwd file. The passwd would have permissions of: srwxr-x--x, which in octal is 4751.

There are actually three special flags (from left to right):

Flag Octal Meaning
SetUID 4... Set User ID (file has permsisions of owner)
SetGID 2... Set Group ID (file has permissions of owner's group
Sticky 1... Forces programs to stay in memory and limits deletion of directories

Sysadmins should maintain a list of all SetUID programs and make sure new unexpected ones have not appeared. To find all SetUID program use the following command:

find / -perm -4000 -print
find program
(looks for
in root
look for
files with
SetUID set
print results
on screen