2009 Mar 01
| / | Root directory, top of file system | |||
| /bin/ (and/or /sbin/) |
Critical executables needed to boot os | |||
| /dev/ | Device drivers | |||
| /etc/ | System configuration files | |||
| /crontab |
scheduled tasks (sometimes: in /usr/lib/crontab) | |||
| /fstab | disk mount table | |||
| /group | group definition file | |||
| /hosts.equiv | Trusted HostName:IP table | |||
| /inittab | boot table | |||
| /rc | boot info file? | |||
| /passwd | password file | |||
| /home/ | User directory sub-tree | |||
| .rhosts | Trusted systems | |||
| /lib/ | Shared libraries for programs | |||
| /mnt/ | Where file systems exported by other systems are mounted | |||
| /proc/ | Images of currently executing processess on the system | |||
| /tmp/ | Temporary files that are deleted during reboot | |||
| /usr/ | Critical system files | |||
| /bin/ | Standard system utilities | |||
| /include/ | C headers | |||
| /man/ | Manual page files | |||
| /sbin/ | Sysadmin executables | |||
| /var/ | Varying files, often used for administration | |||
| /log/ | Log files and temporay storage for services (e.g. spool, pail) | |||
| /cron | individual log for cron | |||
| /httpd | individual log for httpd | |||
| /messages | contains message from kernel and such | |||
| /secure | contains information about succesful and failed logins for telnet, rlogin, rsh, and others | |||
| /run/ (or /adm/) |
Log files and temporay storage for services (e.g. spool, pail) | |||
| /lastlog | Contains info about and location each user last logged into system - info is shown to user at next login | |||
| /utmp | Records who is currently logged into system, man who | |||
| /wtmp | Records all logins and logouts, man last | |||
Every file has privileges or permissions associated with it. These permissions are associated with the: owner of the file, the owner's group, and the world (i.e. every user on the system). The ls -l command will show these as a 10 character pattern. If the first character is a d then the file is actually a directory, otherwise is is a just a file. The next 9 characters in groups of 3 are:
| rwx | rwx | rwx |
| owner permissions |
group permissions |
world permissions |
If the appropriate permission is not allowed then a "-" appears instead of the "d" (directory, "r" (read), "w" (write), or "x" (execute). The permissions can be altered using the chmod command with parameters specified in octal, (e.g. 741 for rwxr----x) followed by a list of file names. Do a man chmod for more options.
Sometimes a process has a legitimate reason for accessing a file that the user normally does not have privilege for. For example, when the user wishes to change their password the program doing that needs to be able to modify (write) the passwd (or shadow) file - but this file can only be changed with root privilege.
The solution is for one more permission flag called SetUID (set user id); which gives the permissions of the owner of the file to a process (or executable) file which has this flag set. Thus the passwd program has this flag set and temporaril allows the user running it to alter (only) their password in the passwd file. The passwd would have permissions of: srwxr-x--x, which in octal is 4751.
There are actually three special flags (from left to right):
| Flag | Octal | Meaning |
|---|---|---|
| SetUID | 4... | Set User ID (file has permsisions of owner) |
| SetGID | 2... | Set Group ID (file has permissions of owner's group |
| Sticky | 1... | Forces programs to stay in memory and limits deletion of directories |
Sysadmins should maintain a list of all SetUID programs and make sure new unexpected ones have not appeared. To find all SetUID program use the following command:
| find | / | -perm -4000 | |
| find program (looks for things) |
start looking in root directory |
look for files with SetUID set |
print results on screen |
2005-2009