3D052 2.3
The vi editor
...
Home directory
A directory where the user stores their files, usually the user's current directory at login. Initialization Files - Shell scripts that control how the user's environment is set up and appear when a user logs in to a system.
Hard links
A hard link is actually a normal directory entry, but instead of pointing to a unique file, it points to an already existing file. This gives the illusion that there are two identical files when you do a directory listing. Because the system sees this as just another file, it treats it as such. This is most apparent during backups because hard-linked files get backed up as many times as there are hard links to them. Because a hard link shares an inode, it cannot exist across file systems. Hard links are created with the ln command. For example, given this directory listing using ls -l, we see: -rw———- 1 sshah admin 42 May 12 13:04 hello When you type ln hello goodbye and then perform another directory listing using ls -l, you see: -rw———- 2 sshah admin 42 May 12 13:04 goodbye -rw———- 2 sshah admin 42 May 12 13:04 hello Notice how this appears to be two separate files that just happen to have the same file lengths. Also note that the link count (second column) has increased from one to two. How can you tell they actually are the same file? Use ln -il. Observe: 13180 -rw———- 2 sshah admin 42 May 12 13:04 goodbye 13180 -rw———- 2 sshah admin 42 May 12 13:04 hello You can see that both point to the same inode, 13180.
script
A script, or file that contains shell commands, is a shell program. Your .profile and environment files are shell scripts. Once you have created one, there are two ways to run it. One is to type .scriptname (i.e., the command is a dot). This causes the commands in the script to be read and run as if you typed them in. The second way to run a script is simply to type its name and hit RETURN, just as if you were invoking a built-in command. This, of course, is the more convenient way. This method makes the script look just like any other UNIX command; in fact, several "regular" commands are implemented as shell scripts (i.e., not as programs originally written in C or some other language), including spell, man on some systems, and various commands for system administrators. The resulting lack of distinction between "user command files" and "built-in commands" is one factor in UNIX's extensibility and, hence, its favored status among programmers. You can run a script by typing its name only if the current directory is part of your command search path; i.e., is included in your PATH variable. If it's not on your path, you must type ./scriptname, which is really the same thing as typing the script's absolute pathname. But there is a more important difference between the two ways of running shell scripts. While the "dot" method causes the commands in the script to be run as if they were part of your login session, the "just the name" method causes the shell to do a series of things. First, it runs another copy of the shell as a subprocess; this is called a subshell. The subshell then takes commands from the script, runs them, and terminates, handing control back to the parent shell.
Specifying current and parent directories
A single period (.) is used to refer to the directory you are currently in. This directory is known as the current directory. The pathname /memos/mem1 is the pathname of the file mem1, in the directory memos, which is in your current directory. Two dots (.) are used to refer to the parent directory. The parent directory is the next highest level in the directory tree. For the directory memos in our example, the parent directory is stu2. For stu2 the parent directory is /home. Because the file system is hierarchical, all directories except root have a parent directory. The (.) reference can be used to refer to things far up in the file system. In the following examples we will use the cd command to change directories. We will cover this command in great detail later. The following for example, $ cd ./. refers to the parent of the parent of the current directory. If you are in memos, this would take you to the /home directory, since /home is the parent of stu2, which is the parent of memos. $ cd ././. refers to the parent of the parent of the parent of the current directory. If you are in your memos directory, this would take you through the subdirectories all the way back to the /(root) directory. Now that you have a basic idea of the UNIX™ file structure, how it works, let's take a look at some of the actual commands that allow you to manipulate and work within the file system.
Subdirectories
A subdirectory is a directory within another directory. For example, the traditional UNIX directories are all subdirectories of / (root). Because directories can contain other directories, which can in turn contain other directories, the UNIX System file system is called a hierarchical file system. Basically, a hierarchical file system organizes directories in a top-to-bottom structure. In fact, within the UNIX System, there is no limit to the number of files and directories you can create in a directory that you own. File systems of this type are often called tree-structured file systems, because each directory allows you to branch off into other directories and files. Tree-structured file systems are usually depicted upside-down, with the root of the tree at the top of the drawing. The root of the whole directory tree is at the top of the picture. It is called the root directory, or just root for short. Root is represented with a / (slash). The directory in which you are placed when you log in is called your home directory. Every user on a UNIX System has a unique home directory. In every login session, you start in your home directory and move up and down the directory tree. The UNIX system administrator usually names it for us when we are given an account on the system. When the system administrator establishes your user account, a home directory is also created for you. Whenever the user logs into UNIX, he or she will immediately be placed into their home directory as part of the login process.
Symbolic links
A symbolic link (sometimes referred to as a symlink) differs from a hard link because it doesn't point to another inode but to another filename. This allows symbolic links to exist across file systems as well as be recognized as a special file to the operating system. You will find symbolic links to be crucial to the administration of your file systems, especially when trying to give the appearance of a seamless system when there isn't one. Symbolic links are created using the ln -s command. A common thing people do is to create a symbolic link to a directory that has moved. For example, if you are accustomed to accessing the directory for your home page in the subdirectory www but at the new site, home pages are kept in the public_html directory, you can create a symbolic link from www to public_html using the ln -s command public_html www. Performing an ls -l on the result shows the link. drwx——— 2 sshah admin 512 May 12 13:08 public_html lrwx——— 1 sshah admin 11 May 12 13:08 www -> public_html
Userid
A unique name a user enters to log in to a system. The userid tells who the process belongs to. The UNIX operating system places restrictions on user names. They must contain two to eight alphanumeric characters, not contain a space or underscore, and must be unique for each user on the network. System administrators should establish and use a standard naming scheme. This makes the task of user account administration easier. For example, using the user's whole or first seven letters of their last name and first initial. The user John Smith may have the user account of smithj or jsmith.
User identification number
Additionally, user accounts have a unique UID number to internally identify the user to the system. Like groups, UNIX provides a few built-in user accounts during installation. The root user account is one of these. Its UID is always 0 and the account should never be deleted. Restrict access to this account to only those individuals that are required to have complete control over the system. An individual with limited knowledge can easily destroy a complete system if given root privileges. For those that have the privilege, use of the account should be kept to a minimum. The UNIX operating system allows for three methods to add users: file modification, command, and graphical interface. As with groups, this is for a stand-alone configuration only. Networked environments require additional steps to push the changes to the network and these steps vary considerably on the type of network installation. For this course we will concentrate on the stand- alone configuration.
Relative pathname
As a convenience UNIX™ allows you to specify a path to a file or directory relative to your present directory. This pathname is called a relative pathname. The relative pathname begins at your current working directory. If your current working directory was /home/stu2, the relative pathname to access the file mem1 would be memos/mem1. Each pathname that does not start with the slash symbol is interpreted as relative to the current working directory. All subdirectories and their respective files of the current working directory can be accessed using relative pathnames.
Finding user information
As a system administrator you will often need to know who is on the system and what they are doing. In order to do that, you need to be familiar with the who, finger, rusers -l, whodo, and id commands. You can use any one of four commands (who, finger, rusers -l, or whodo) to find out who is logged onto the system and then use the id command to display user and group IDs. Each command gives you some different additional information about who is logged on.
Partitioning
Before we can actually get into the file system structure, we must first partition our disk. Disks are divided into logical sections called partitions or slices. Each partition of a disk is used for a particular purpose. A partition may contain a file system or may be reserved for another purpose such as swap space or raw data. Swap space is a region of a disk that the operating system uses for temporary storage. If you think of a disk as a pie, a partition would represent one piece of the pie. Some partitions represent multiple pieces of the pie; there is usually one partition that represents the entire pie. Most disks can have up to eight partitions. A partition can be distinct, meaning that it is not a part of any other partition, or partitions can also overlap, so that two partitions can also be part of a larger partition that includes both of them. The general rule is that you never use overlapping partitions simultaneously. This disk-partitioning scheme gives you the flexibility of using parts of a single disk for different purposes. For example, you may have a collection of files that you want to be read-only. You could have one partition containing a file system that is read-only and the other partitions containing file systems that are read-write. By putting the read-only files on the read-only file system, you are assured that they will not be modified or deleted. The disk-partitioning scheme also makes it easier for system administrators to allocate and manage data for various purposes such as backups and restores.
Default permissions
Before you can invoke the shell script by name, you must also give it "execute" permission. Normally, when you create a file with a text editor, the file is set up with read and write permission for you and read-only permission for everyone else.
Block devices
Block devices also share many characteristics with character devices in that they exist in the /dev directory, are used to communicate with device drivers, and have major and minor numbers. The key difference is that block devices typically transfer large blocks of data at a time versus one character at a time. (A hard disk is a block device, whereas a terminal is a character device.) Their permission bits starting with the b character identify Block devices. An ls -l on a block device looks something like this: brw———- 2 root staff 16, 2 Jul 29 1992 fd0c
Directory permissions
Directories use the same permissions as files. UNIX™, however, interprets the language of read, write, and execute for directories somewhat differently. Table 3-7 describes how to think of read, write, and execute permissions as they apply to directories. Permission Description R Read permissions allow someone to list the contents of the files that are in the directory. W Write permissions allow someone to add items to the directory, to create new files in your directory and remove files from the directory. To make use of this permission, however, you also must have execute permissions on the directory - write permission by itself is useless. X Execute permissions allow someone to search the directory and open files in the directory and select it as their current working directory. Table 3-7. Directory permission codes.
Groups
Each UNIX group is a collection of users who can share files and other system resources. Each group must have a name, unique GID number that internally identifies the group to the system, and a list of user names that belong to the group. Groups may be built-in to the UNIX operating system or created by the system administrator to limit access to different parts of the file system. The built-in groups are default groups that support some system-wide task, such as printing, network administration, and electronic mail. Do not delete the built-in groups or primary groups that have users assigned to them! The stability and the security of the system may be compromised if certain groups are inadvertently deleted. Table 3-11 lists a few of these built-in groups, their GID, and a brief description of their use. A user can belong to two types of groups; a primary group and secondary group. Each user is assigned to one, specific primary group by the operating system. Files the user creates are assigned to that user and their primary group. The secondary group specifies one or more groups to which a user also belongs in addition to their primary group. The user may have up to a maximum of 15 other secondary groups. Users can list the groups they belong to with the id command and change groups with the newgrp command. Command : id Description : Lists the group(s) a user belongs to. Syntax : id [-a] Command : newgrp Description : Changes the primary group of the user. Syntax : newgrp [groupname] $ id -a uid=1001 (fosterg) gid=10 (staff) groups=14 (sysadmin), 70 (336files) $ newgrp 336files $ id uid=1001 (fosterg) gid=70 (336files) $ newgrp $ id uid=1001 (fosterg) gid=10 (staff) The id command by itself lists your login name as well as your primary or default group. By using the -a option with the id command you can see all the groups you belong to. In the above example, the id -a lists the UID number (1001), login name (fosterg), their primary group identification number (10) and name (staff), and all the secondary groups identification numbers and names (14-sysadmin and 70-336files) to which the user is currently a member. The command newgrp followed by the group name 336files changes the user's primary group to 336files and makes the original primary group (staff) a secondary group. Now the user can access all the files and resources that belong to the 336files group. Once finished, the user returns to their original primary group at the time the account was created by typing the command newgrp by itself. Adding, modifying, and deleting groups on a UNIX system can be done with one of three methods: file modification, command line, or graphical interface. Each of these methods are for a standalone configuration and will change the local system only. For a networked environment, additional steps beyond these methods are required to push the changes network wide. Because the additional steps vary considerably by network, we will concentrate on the standalone configuration. In addition, the user making these changes must be a member of the system administrator group or logged in as the superuser (root).
Disk naming conventions
Each disk partition has a unique device file by which you access the partition. The device files for disks are found in two places: /dev/dsk and /dev/rdsk. These sections are subdirectories under the root directory. The files in theses two directories reference the same devices but with different interfaces. The files in /dev/dsk access the block interface, and the files in /dev/rdsk access the raw interface.
Users
Each user must have a user account established prior to using UNIX. When you set up a user account, you can add the user to predefined groups of users. These groups allow certain permissions on files and directories, which allows access only to users who are part of that group. A user account includes the information a user needs to log in and use a system (without having the system's root password). User account information consists of four main components, a userid, a password, a home directory, and a userid number.
Viewing and setting environment variables
Every user's environment looks a little different. To see what your environment variables are type env and press return. The output formatting and variable names depend on which shell you are using and how your system is configured. A typical environment might include some of the following: $ env HOME=/u/sartin LOGNAME=sartin MAIL=/usr/mail/sartin MANPATH=/usr/man:/usr/contrib/man:/usr/local/man PATH=/bin/posix:/bin:/usr/bin:/usr/contrib/bin:/usr/local/bin SHELL=/bin/sh TERM=vt100 TZ=CST6CDT $ echo $HOME /u/sartin $ Sometimes the number of variables in your environment grows quite large, so much so that you don't want to see all of the values displayed when you are interested in just one. If this is the case, you can use the echo command to show an environment variable's current value. To specify that a word you type should be treated differently—as a value of an environment variable—you immediately precede the variable name with a dollar sign ($). Be careful not to type any white space between the $ and the word. One of the variables in the example is HOME. You probably have this variable in your environment, too. NOTE: If you use csh, some environment variables are automatically copied to and from csh variables. These include HOME, TERM, and PATH, which csh keeps in home, term, and path. You can create a new environment variable by simply giving it a value. If you give an existing variable a value, the old value is overwritten. One difficulty in setting environment variables is that the way you set them depends on the shell you are using. In order for your screen to display the output correctly, the environment variable TERM needs to have a value the software will recognize. This variable name comes from the times when terminals were used as displays (before PCs and graphics displays were common). Different terminals supported varying output control. Therefore, UNIX™ systems have various terminal types that they support. These are not standard, so you need to find out which terminal type to use from your support personnel. If you are using a PC to connect to a UNIX™ system, your PC is running a terminal emulation tool. Most of these tools have the capability to emulate several types of terminal. The important point here is to make sure that your emulator and your TERM variable are the same (or compatible). You do this by seeing what your TERM variable is set to by entering "echo $TERM." Refer to your PC terminal emulation manual to find out the emulation software setting for your PC.
File permissions
Files (whether data files or program files) can have any of the four mentioned permissions assigned to them. For each of the three classes of users, the owner of the file can grant four permissions, each of which controls whether or not you are allowed to perform a specific type of operation. Permissions for regular files are straightforward. Table 3-6 breaks down the file permissions by their codes. Permission Description R Read permissions allow someone to read or make a copy of the contents of the file, but not modify it. W Write permissions allow someone to write (modify) changes to the file. X Execute permissions allow someone to execute the file. This permission is required for a file to behave as an executable program. UNIX ignores this permission for files that are not executable programs. - No permissions to read or modify or access the resource. Table 3-6. File permission codes. To find out the permissions on either a directory or a file, you initiate the command ls -al. This command will return the information on a directory and/or a file. This depicts the owner, user group and others that will have either read, write, and/or execute permissions on a directory or a file. Notice in the directories the user has read "r" write "w" and execute permissions but in some instances for the files the user only has read "r" permissions. This is because the owner has only provided access to the data in the file but not the permission to change the data.
Files
Files are the basic unit for storing and manipulating a collection of logically related information known as data. Files can be symbolic, which means that the data within the file can be recognized by people (e.g., letters, numbers, special characters, etc.). Files can also contain executable programs written in machine language (i.e., binary digits (bits) of ones and zeros).
Graphical user interface (GUI) method
For the novice system administrator, Admintool is a graphical user interface that lets the system administrator accomplish several tasks on a local system, to include adding, modifying, and deleting groups by directly linking itself to the /etc/group file. No knowledge of vi editor or commands is necessary to use Admintool because it is a GUI method to get the same results as the previous two methods. To use Admintool you must: • Have a bit-mapped display monitor. • Be running an X Window environment, such as Common Desktop Environment (CDE). • Be a member of the sysadmin group. You start Admintool in one of two ways: workspace menu - right click, select Tools, then select Admintool; or through a terminal window by typing Admintool. The default Users window appears when it is started. To change to the Groups window select Groups from the Browse menu. Groups are added using an Add Group Window. You open it by selecting Add from the Edit menu. Once opened, you fill in the Group Name field with the name of the group, the Group ID field with the unique group identification number and the Members List field with all the usernames of the user that will belong to the group (separated by commas) or leave blank to add no users. There is no need to add the groupadd userid for each user for whom that group will be their primary group because that information is kept elsewhere.
Permissions
Having permissions on the computer does not mean you are permitted to perform all functions or to access all data on the system. Almost every operation performed on a UNIX computer involves accessing one or more files. Each time you attempt to run a program or access a file, UNIX permissions are used to grant or refuse access for users. Permissions apply not only to programs and data files, but also to directories. UNIX offers four types of permissions: read (r), write (w), execute (x) and none (-). The restrictions applied by each type of permission depend on whether you are talking about file or directory permissions. It is critical to understand the way UNIX handles permissions.
Matching specific characters
If users have a large number of files with similar filenames, they can pinpoint action on just a select few by using the square brackets. For example, if a user has a group of documents in a directory named: letter1, letter2, letter3, and letter8. And if the user feels letterl, letter2, and letter3 are obsolete, deletion is easy with the following command: $ rm letter[123] $ These three files are deleted. The user can also specify a range. To delete all of the documents except letter8 the user incorporates the following command: $ rm letter[1-7] $
Different privileges for different users
If you are administering your own personal system, it is still important for you to set up a personal account for yourself, even though your system will come configured with some type of administrative account. This account should only be used to do system-wide administrative actions. It is important to be careful when using this account because it has special privileges. UNIX systems have built-in security features. Most users cannot set up a new user account or do other administrative procedures. The user "root" is a special user, sometimes called super-user, which means they have complete control and access to the entire system. This high degree of power is necessary to fully administer a UNIX system, but it also allows its user to make a mistake and cause system problems. For this reason, you should set up a personal account for yourself that does not have root privilege. Then, your normal, day-to-day activities will affect only your personal environment and you will be in no danger of causing system-wide problems. In a multiuser, nonpersonal environment, you will most likely have only user (and not super-user) privileges. This measure is even more important when more than one person is involved because one mistake by the root can affect every user and the entire system. UNIX™ also has security to help prevent different users from harming each other on a multiuser system. Each user "owns" his or her environment and can selectively let groups or all others have access to this work. If you are doing private work in one area that no one else should be allowed to see, then, restrict access to the owner (you). If you and your team members are working on a group project, you can restrict access to the owner (you) and everyone in your group. If this work should be shared with many or all people on the system, then allow access to everyone.
Quitting shells (exit)
If you change your shell from the command line, you can quit that shell and return to the old shell by typing exit and pressing Return. If you have started multiple shells, exit will return you to the previous shell you had open. $ exit Sysname% One important thing to remember: if you open multiple shells, you must exit each shell you have opened or it will remain an active process in the system.
whence
If you need to know the exact source of a command, there is an option to the whence built-in command. whence by itself will print the pathname of a command if the command is a script or executable program, but it will only parrot the command's name back if it is anything else. If you type whence -v commandname, you get more complete information, such as:
Configuring your environment
In order to make using the shell easier and more flexible, UNIX™ uses the concept of an environment. Your environment is a set of values that controls your user environment. You can change these values, add new values, or remove existing ones. These values are called environment variables—environment because they describe or define your environment, and variables because they can change.
File names
It is most practical to make your filenames short enough to be easily typed, yet descriptive enough to remind you what the file does or contains. Filenames in UNIX can include letters, numbers and special characters like the period (.), underscore ( _ ), hyphen ( - ), and some others. There are, however, some restricted characters you should not use. Some of these include: ! { } [ ] @ ' ( ) # " $ / \ * < > ^ % & | : ? Again, it is recommended you keep your names short, yet descriptive, and stick to alphanumeric characters, the period, underscore and hyphen. Most UNIX system administrators and users tend to use 14 character filenames, primarily for "readability" and not the limitation on the operating system. This should provide most users with plenty of flexibility when naming files.
Wildcards
Many of the UNIX commands can operate on more than one file. One way to accomplish this is by listing each filename on the command line, separated by a space. This can prove time consuming. An easier way is wild cards. Three varieties of wild cards are the question mark (?), the asterisk (*), and the character set ([]).
Group
Most users in a multi-user system can belong to groups. Groups are a collection of users who share areas of responsibility and may work together as a team (or work shop, duty section, etc.) on projects. UNIX recognizes this group of users and provides you with the ability to allow members of your group to access your files. You, as the owner, have the ability to limit their permissions.
cat (concatenate)
One very pervasive concept in UNIX is the redirection of commands' input and output. Before looking at redirection, though, it is a good idea to look at input and output without modification. UNIX uses the word standard in this subject to mean the default or normal mode. Thus, UNIX has the term standard input, which means input coming from the default setting, and the term standard output, which means output going to the normal place. When you first log in to the system, and your shell executes, your standard input is set to be what you type at the keyboard and your standard output is set to be your display screen. The cat command takes any characters from standard input and then echoes them to standard output. For example, type the cat command, with no arguments. Your cursor should be sitting on the next line without a prompt. At this point, the cat command is waiting for you to enter characters. You can enter as many as you like; then, specify that you are finished. Type a few words and then press Return. Now type the special character, Control+D (hold down the Control key while typing the D key). This is the end of file (eof) control character. The words you typed on your screen should be listed twice: once caused by you entering them from the keyboard; and next as the cat command outputs them to your screen. This first step used standard input (from you typing on the keyboard), and standard output (the command results being printed on the screen). $ cat s A few words <CTRL><D> A few words $ cat > scotty Meow, whine meow <CTRL><D> $ cat < scotty Meow, whine meow $ cat scotty Meow, whine meow $ Although this simple case may not seem terribly useful yet, wait to see its use as you add redirection. UNIX shells have special characters that signify redirection. We cover only the basics here. Refer to Part II for details on each shell's redirection syntax. Output redirection is signified by the > character and input redirection is signified by the < character. Output is commonly redirected to and input is redirected from a file. Now, let's continue with the rest of the example. Next, try the cat command using output redirection, leaving standard input alone. Enter cat > filename. The filename is a name of your choice. Once again, the cat command should be waiting for input (coming from standard input, which is your keyboard) at the beginning of the next line. Enter a few words, as you did before, press Return, and then, at the start of the next line, press Control+D. The words you typed didn't show up on your screen because you redirected the output of the cat command. The output was directed to go to the file filename. How do you know it is there? In order to verify this, use the cat command with input redirection—which is the next order of business. The cat command reads and displays the contents of files to the terminal screen. It is also used to create new files and to append multiple files. For example, to display the contents of the file yourfile, the command line is: $ cat /home/stu2/bill/yourfile If the contents of the file are more than what the screen can handle, the top of the file scrolls off the screen. There are several control sequences used to alleviate this problem. The control key and S key depressed at the same time suspends the scrolling on the screen in order to read the contents. To continue scrolling, the control key and Q key are used. (NOTE: The more command, discussed later in this unit eliminates the need for control characters). The cat command is also used to create files by using the greater than symbol (>): $ cat > filename A user can now begin to input lines of data using the return key after each line. When all data is input, the file is closed by using the control key and D key as the following shows: $ cat > /home/stu2/bill/filename abcdefg hijklmn Another use of the cat command is to create files, i.e., to place the contents of one file into another file. Be careful because this causes the contents of the receiving file to be overwritten. For example: $ cat yourfile > filename The contents of the file, "yourfile" is now in a new file named filename. The file yourfile still exists as well. To append yourfile without overwriting the existing data, the append notation (>>) is used: $ cat yourfile >> filename The contents of the yourfile file have been appended to the end of the filename file.
Pathnames
Pathnames that trace the path from the root directory to the name of the file are called full or absolute pathnames. Specifying a full pathname provides a complete and unambiguous name for a file. This can be somewhat awkward on some systems. Because people use files and directories to categorize and organize their work, it would not be unusual for you to have many levels of directories in a pathname. It is common to have as many as five to ten levels. A full pathname in such a system might be: /home/stu2/letters/family/mom/recipes/letl Using this full pathname requires a good memory and a large amount of typing. In a full pathname, the first slash (/) refers to the root of the file system, all the other slashes separate the names of directories, and the last slash separates the filename from the name of the directory.
Named pipes
Similar to sockets, named pipes enable programs to communicate with one another through the file system. You can use the mknod command to create a named pipe. Named pipes are recognizable by their permissions settings beginning with the p character. An ls -l on a named pipe looks something like this: prw———- 1 sshah admin 0 May 12 22:02 mypipe
Sockets
Sockets are the means for UNIX to network with other machines. Typically, this is done using network ports; however, the file system has a provision to allow for inter-process communication through socket files. (A popular program that uses this technique is the X Windows™ system.) You rarely have to deal with this kind of file and should never have to create it yourself (unless you're writing the program). If you need to remove a socket file, use the rm command. Socket files are identified by their permission settings beginning with an s character. An ls -l on a socket file looks something like this: srwxrwxrwx 1 root admin 0 May 10 14:38 X0
Traditional UNIX™ directories
Some of the traditional directories provided with the UNIX operating system are root, bin, dev, tmp, etc, usr, and lib. These directories contain the UNIX operating system software, and are maintained by system administrators. • / (root) - The root directory is the master directory and highest level directory of the UNIX file system. All other files and directories are located within or subordinate to the root directory. The root directory is identified by the slash symbol (/). • /bin - The bin (binary) directory contains executable files for the most commonly used UNIX commands. • /dev - The dev (device) directory contains device drivers such as printers, disks, terminals, and modems. • /tmp - The tmp (temporary) directory is used by the system for temporary storage files. • /etc - The etc (et cetera) directory contains miscellaneous files primarily used for system administration tasks such as boot and shutdown. • /usr - The usr (user) directory contains common files used by all users. • /lib - The lib (library) directory contains library files used for programming.
Simplicity
Some older operating systems required several command lines to accomplish one task. UNIX uses one command line and basic commands to accomplish the same tasks. Once these commands are mastered, UNIX becomes a very straightforward and powerful system.
File modification method
The /etc/group file is located on every system and contains the names and members of the groups for that system. Each line is in the following format: groupname:password:gid:user-list • groupname - The name assigned to the group. Group names can have a maximum of eight characters. • password - The password to access the group if required. An .*. indicates a password is not required. • gid - The group's unique numerical ID (GID) within the system. It must be unique on the local system and should be unique across the organization. A maximum value of 2137483647 and 0-99 are reserved by the operating system. • user-list - A comma-separated list of users allowed in the secondary group. User names are not added to the user's primary group. You use vi Editor to add, modify, or delete a group. NOTE: a colon separates each field (:) with no spaces in the file. It is good practice to first backup the file in case it is corrupted during editing and always save the changes when finished. In the following example /etc/group original and edited files, the primary group for all users is staff and thus does not require the usernames to be listed. The system administrator uses vi editor to create and add users to a new group called instructors making sure not to duplicate the GID, delete the group printer2, and modify the group printer1 by adding the user darlingm. Remember when deleting groups there is the possibility a user's access may be denied to files or resources. Make sure the group is no longer required prior to deleting it. Example of original /etc/group file: root:*:0: staff:*:10: sysadmin:*:14:estensem,aulwesk students:*:101:browng,fosterg,darlingm,smithj printer1:*:6001:browng,fosterg printer2:*:6002:darlingm Example of edited /etc/group file: root:*:0: staff:*:10: sysadmin:*:14:estensem,aulwesk students:*:101:browng,fosterg,darlingm,smithj instructors:*:102:estensem,aulwesk,robinsod,beckp,peayd printer1:*:6001:browng,fosterg,darlingm
which shell is activated for your session
The /etc/passwd file determines which shell takes effect during your interactive UNIX session. When you log in, the system checks your entry in the /etc/passwd file.
Functions
The Korn shell's function feature is an expanded version of a similar facility in the System V Bourne shell and a few other shells. A function is sort of a script-within-a-script; you use it to define some shell code by name and store it in the shell's memory, to be invoked and run later. Functions improve the shell's programmability significantly, for two main reasons. First, when you invoke a function, it is already in the shell's memory (except for autoloaded functions; see section titled "Autoloaded Functions"); therefore a function runs faster. Modern computers have plenty of memory, so there is no need to worry about the amount of space a typical function takes up. For this reason, most people define as many functions as possible rather than keep lots of scripts around. The other advantage of functions is that they are ideal for organizing long shell scripts into modular "chunks" of code that are easier to develop and maintain. If you aren't a programmer, ask one what life would be like without functions (also called procedures or subroutines in other languages) and you'll probably get an earful. To define a function, you can use either one of two forms: function: functname {shell commands} or: functname () {shell commands} There is no difference between the two. Perhaps the first form was created to appeal to Pascal, Modula, and Ada programmers, while the second resembles C; in any case, we will use the first form in this book. You can also delete a function definition with the command unset -f functname. When you define a function, you tell the shell to store its name and definition (i.e., the shell commands it contains) in memory. If you want to run the function later, just type in its name followed by any arguments, as if it were a shell script. You can find out what functions are defined in your login session by typing functions. The shell will print not just the names but the definitions of all functions, in alphabetical order by function name. Since this may result in large amount of output, you might want to pipe the output through more or redirect it to a file for examination with a text editor. functions is actually an alias for typeset -f; Apart from the advantages, there are two important differences between functions and scripts. First, functions do not run in separate processes, as scripts are when you invoke them by name; the "semantics" of running a function are more like those of your .profile when you log in or invoke any script with the "dot" command. Second, if a function has the same name as a script or executable program, the function takes precedence.
File system
The UNIX file system provides a logical way to organize, store, retrieve, manipulate, and manage data. The files are organized into a hierarchical file system, which logically groups files together into directories. These directories are arranged in a tree-like structure.
Changing shells
The UNIX operating system allows you to change from one shell to another from the command line prompt by simply typing the name of the shell you want to use. To change to the C shell, type csh and press Return. The default C shell prompt will appear. It will be the system name followed by a percent sign (%). $ csh Sysname% To change to the Korn shell, type ksh and press Return. The default Korn shell prompt is a dollar sign System name% ksh $ To change to the Bourne shell, type sh and press Return. The Bourne shell prompt also is a dollar sign ($). $ sh $
Portability
The UNIX operating system can run on many different types of hardware with a few relatively minor changes. Most other operating systems were designed to run on a specific vendor's computer system. This is one of the most attractive features of the UNIX operating system.
cWtXdYsZ
The W following the c represents the controller. A controller is a piece of hardware that resides in your system, often a controller card, and controls one or more disks. If you have only one controller, then W is 0. The X following the t represents the bus target number for the device on that controller. For some controllers, such as SCSI (Small Computer System Interface), the target number should match the target address set by the switch on the back of the device. The Y following the d is the drive number attached to the target. The drive numbers are not necessarily numbered sequentially from zero. The Z following the s is the partition (slice) number. Table 3-5 shows some examples of device names.
cat (concatenate)
The cat command is used to create short files or to append a small amount of text to an existing file. To create files using the cat command: Type cat > <filename> and press "Return" Type the text into the new file. Press "Return" Press "Control-D." The text is now saved and the shell prompt is redisplayed. Follow these steps to append text to an existing file: Type cat >> <filename> and press "Return" Type the text to be appended to the file. Press "Return" Press "Control-D" The text is saved and the shell prompt is redisplayed.
cd (change directory)
The cd command is used to move to different directories within a file system using absolute or relative pathnames. For example, to move from the root directory to /home/stu2 using a relative pathname, the command is: $ cd home/stu2 To move back to the parent directory home: $ cd . To move to the stu2 subdirectory of home using an absolute pathname, the command is: $ cd /home/stu2 To move back to the home directory regardless of the location within the file system, simply type: $ cd
Command Line Method
The command line method to add, modify, and delete groups uses groupadd, groupmod, and groupdel to configure the /etc/group file. This method is preferred over file modification for those unfamiliar with the use of vi editor. However, the commands are not able to add, modify, or delete user membership in the groups. Command: groupadd Description: Add a new group definition on the system. Syntax: groupadd -g gid groupname Command: groupmod Description: Modify a group definition on the system. Syntax: groupmod [-g gid] [-n newname] groupname Command: groupdel Description: Delete a group definition on the system. Syntax: groupdel groupname Examples: # groupadd -g 102 teachers # groupadd -g 105 students # groupmod -g 110 teachers # groupmod -n instructors teachers # groupdel students Admintool-groups In the examples above, the first two lines use the groupadd command to create new groups. The -g option allowed you to change the GID number for each new group. The groupadd command created a new group named teachers (with a GID of 102) and students (with a GID of 105). The third line used the groupmod command along with the -g option to change the GID for the teachers group to 110. The fourth line used the groupmod command along with the -n option to change the group name from teachers to instructors. And finally, the last line used the groupdel command to delete the students group.
cp (copy)
The cp command copies files or directories from one location in the file system to another, duplicating the source file and leaving it unaltered. If no new filename is specified, the existing filename remains the same. For example: $ cp /home/stu2/myfile /home/stu2/bill A duplicate of the source file myfile now exists in /home/stu2/bill. To rename the file when copying, simply specify a new filename in the command line: $ cp /home/stu2/myfile /home/stu2/bill/yourfile The -r option recursively copies all files within a directory to a new location in the file system. The -i option prompts a yes/no response for each file.
Current working directory
The current working directory is the directory presently being used. When you first log on to the system, the current working directory is the home directory; from there, moving in and around the tree structure using pathnames accesses the file system hierarchy.
find
The find command enables the user to find files, regardless of their location. The format is: $ find pathname condition(s) Where find is the command, pathname is absolute or relative pathname to search, and condition(s) are similar to options, only they are longer than just one letter. Many conditions are available; we consider the four below: • name. Used to look for a specific name. • print. Displays the result of the find command to standard output (i.e. terminal). • user. Used to search for files belonging to a particular user. • group. Used to search for files belonging to a particular group. Here are a few examples: $ find /home -name myfile -print /home/stu0/myfile $ The shell will return with the absolute pathname giving the location of the file myfile. In the above example, the find command looked in the /home directory and all directories under it to see if any of them had a file named myfile. If the command excludes the -print option, nothing would appear on the screen. Consider another example: $ find / -user stu1 -print /home/stu1/alpha /home/stu1/myfile $ Starting at the root directory (/), find searched all directories under the root (the entire system) for any files owned by stul and displayed the results on the screen. One more: $ find /home -group students -print /home/stu0/alpha /home/stu0/myfile /home/stul/alpha /home/stul/myfile /home/stul/prog.5 $ Here, find started at /home and looked for files belonging to the group students. After looking through all of the directories under /home, it found the above five files. The find command is a good tool for locating files. A typical system may have hundreds of directories. The find command enables the user to locate one particular file or a group of files.
finger
The finger command displays a list of the login names of users logged onto the system, along with the user's complete name (from the information field of their /etc/passwd entry), the TTY port, the day of the week, the login time, and the remote system name if the user is logged in remotely. To use the finger command, type finger and press Return. In this example, stu2 logged on from a remote terminal: $ finger Login Name TTY idle When Where root 0000-Admin(0000) console 24 Wed 07:14 stu2 Smith, J. pts/0 wed 07:30 misfitl $
grep
The grep command looks at an individual file and finds a specified pattern (string). It stands for Globally find the Regular Expression and Print. It simply looks for patterns (strings) in files. Note the following example: $ grep Sgt alpha Sgt Clark Sgt Smith Sgt Jones Sgt Williams $ Here grep looked at file alpha (note the use of the relative pathname) and displayed the lines of the file containing the word Sgt. It can be as simple as that, but options are available to enhance the information returned: • -c Count. Gives the number of lines where it finds the pattern of text. The -c option overrides the other options. When it is used along with other options, it only returns the number. • -i Ignore case. Will include upper and lower case of the pattern. • -n Number. Shows the line number in the file for each line. • -v Invert. Works grep backwards. Displays the lines that do not match the pattern. This is handy for a very common pattern. Let's look at another example: $ grep -c 'the' alpha 27 $ Here, grep found the word the in 27 lines of file alpha. Note the single quotation marks ('). This tells grep to take whatever is in-between the quotes literally. This is helpful when a special character such as $ or & is present in the pattern. The grep command does not confuse the character as a control statement. Here's another one: $ grep -ni 'one' alpha 2: as he paid the bill for one hundred dollars. 5: just for a one-time fee of $59.95. 22: One day you will be a leader, my son. $ grep found the word one in three lines of file alpha (lines 2, 5, and 22). Note that when the user incorporates the -i option, the search ignores case. Last one: $ grep -v 'the' bravo since Congressman Smith could not explain his dealings as his press conference wound down. $ In this case, grep found just two lines that did not contain the word the in file bravo.
Kernel
The kernel is the basic memory-resident portion of the operating system. It is loaded into main memory whenever the system is booted and remains there while the system is up and running. It interacts directly with the system hardware. Its major functions include: Memory management - Assigning and managing what part of memory a program will execute in to ensure two programs will not occupy the same place in memory at the same time. Additionally, the kernel frees the memory for use by other programs when the currently active program is finished executing. System access - This feature controls the access to the system by users and hardware. File system management - Naming conventions, directory structure, and type of file system. Error handling - Recovering from errors in the file system and/or operating system and notification to the user of these errors and possible corrective actions. Input and output - The transfer of information (bits) throughout the computer system, such as output to a printer and input from the keyboard. Resource allocation - Verifying hardware resources are available and what process/program has priority in accessing that hardware. The Kernel also executes the UNIX shells that allow the users to run processes and execute their commands. A process is any actively executing program or command. The user does not need to know anything about the kernel in order to use a UNIX system - that process is accomplished by the user's shell.
ls (list)
The ls command lists the contents of directories. To find which files are listed in the home/stu2 directory from root: $ cd home/stu2 $ ls Using pathnames in conjunction with the ls command eliminates the need to change directories. For example, to list the contents of the home/stu2 directory from root, simply type: $ ls /home/stu2 An option often used with the ls command is -l. This option provides a "long" or detailed listing of directories and files displaying information such as permissions, owners, sizes, and dates created/modified.
mkdir (make directory)
The mkdir command creates new directories. Absolute and relative pathnames allow creation of directories from anywhere within the file system: $ mkdir /home/stu2/bill The pathnames specify the new directory to be a subdirectory of the current working directory. For example, if the current working directory is home/stu2, to create a new directory simply type: $ mkdir bill
more
The more command is used to display data one screen full at a time. After each screen is displayed, press RETURN to display the next line or press the spacebar to display the next screen full. It is used whenever a file is large enough to scroll off the screen when using commands such as ls or cat. For example: $ more myfile
mv (move)
The mv command relocates files or directories from one location in the file system to another.Files being moved can retain their original filename or be renamed: $ mv /home/stu2/bill/yourfile /home/stu2 In this example, the file yourfile is relocated to the stu2 directory, and is now no longer located in the /home/stu2/bill directory. The -i option is used to prompt the user for a yes/no response if the file already exists in the destination directory.
Owner
The owner of a file is usually the person who created it, although the creator can transfer ownership to another user. They have the ability to decide things like who can read their file, who can write to their file, and who can execute (run) their file. As a person who has been assigned an account on a UNIX system, you will be the owner of some files and will have that type of control on the permissions you allow to members of your group, or others (outside of your group). Interestingly, you can also limit and control your own permissions. For example, you may create a program and give yourself permissions to read and execute the program, but not to write (or delete) it. This is often done to protect us from ourselves, and keeps some accidents (like accidental erasure of files) to a minimum. As the owner, you can change these permissions any time you like.
Password
The password authenticates the user during the login process. It is a secret combination of characters, numbers, and special symbols. Air Force Instructions place certain restrictions on the selection and use of passwords.
pg
The pg command is used to display the contents of a file one page at a time. After each screen is displayed, you are prompted to display the next page by pressing the RETURN key. It is very similar to the more command and also has several options available. For example: $ pg myfile
pr
The pr command formats a file according to the options to standard output. Each page includes a heading that consists of the page number, filename, date, and time. There are several options for this command. For example: $ pr myfile
pwd (print working directory)
The pwd command is used to display the current working directory. This will show you exactly where you are in relation to the overall file system. To display your working directory, type pwd at the prompt: $ pwd /home/stu2
rm (remove)
The rm command deletes files from within a directory. For example, to delete the file yourfile: $ cd /home/stu2/bill $ rm yourfile The -i (interactive) option prompts the user for a yes/no response before invoking the remove command. The -r (recursive) option deletes all files within a directory as well as the directory itself. For example, to remove the directory stu2/bill and all files within, the command line is: $ cd /home/stu2/bill $ rm -r bill
rmdir (remove directory)
The rmdir command removes, i.e., deletes existing "empty" directories. If a directory contains subdirectories and/or files, UNIX does not allow that directory to be removed. For example: $ rmdir /home/stu2/bill If bill is not empty, an error message appears stating the directory is not empty. Once the contents of the bill directory are deleted, the directory itself can then successfully be removed.
rusers
The rusers command shows you the users logged on to other machines on your network. Typing the rusers command by itself displays each machine on the network and the user(s) logged in to them. To find out who is logged on and doing what, type rusers and press Return: $ rusers misfit1 dan misfit2 bill instructor john Kevin simon $ The -l option for rusers provides more detailed information, including user names, machine and terminal names, the time each user logged in, how long each user has been idle (if more than one minute), and the name of the machine that each user logged in from (if any). To find out more information about who is logged into instructor, type ruser -l instructor and press Return: $ rusers -l instructor james instructor:ttyd8 Feb 10 08:12 5:29 mike instructor:console Feb 10 09:16 lisa instructor:ttyp0 Feb 10 11:56 36
Shells
The shell is simply a program that allows the system to understand your commands. That's why the shell is often referred to as a command interpreter. For many users, the shell is invisible. Their only concern is that the system does what they want it to do. There are three main uses for the shell in UNIX. They are interactive use, customization, and programming. Interactive use When a shell is used interactively, the system waits for you to type a command at the UNIX™ prompt. Your commands can include special symbols that allow you to abbreviate filenames or redirect input and output. Customization A UNIX shell defines variables to control the behavior of your UNIX session. Setting these variables will tell the system which directory to use as your home directory or which file to store your mail in. Some variables are preset by the system; you can define others in start-up files that are read when you log in. Start-up files can also contain UNIX commands or special shell commands that will be executed every time you log in. Programming UNIX shells provide a set of special commands that can be used to create programs called shell scripts. Scripts are useful for executing a series of commands. This is similar to batch files in MSDOS. Scripts can also execute commands repeatedly or conditionally, as in many high-level programming languages.
Autoloaded functions
The simplest place to put your function definitions is in your .profile or environment file. This is fine for a small number of functions, but if you accumulate lots of them (as many shell programmers eventually do), you may find that logging in or invoking shell scripts (both of which involve processing your environment file) takes an unacceptably long time and that it's hard to navigate so many function definitions in a single file. The Korn shell's autoload feature addresses these problems. If you put the command autoload fname in your .profile or environment file, instead of the function's definition, then the shell won't read in the definition of the command fname until it's actually called. How does the shell know where to get the definition of an autoloaded function? It uses the built-in variable FPATH, which is a list of directories like PATH. The shell looks for a file called fname that contains the definition of function fname in each of the directories in FPATH.
touch
The touch command is used to set access and modification times for each file to the current time. If the file does not exist, an empty one is created. The touch command can be used to create an empty file to check permissions and ownership or to create a file to which you will add text at a later time. To create an empty file, type touch <filename> and press Return. A new empty file is created. If the file exists, then its modification time is updated to the current date and time. $ touch myfile $
who
The who command displays a list of the users logged onto the system, with the login teletypewriter, or TTY port and the date and time. If a user is logged on remotely, the remote system name for that user is also displayed. To use the who command, type who at the prompt and press Return. In this example, stu2 is logged on from a remote terminal (as shown by the system name) and root is logged on from the server console. $ who stu2 ts/0 Jan 31 08:15 (misfitl) root console Jan 31 09:35 $
whodo
The whodo command displays the date, time, and operating system name. For each user logged on, the device name, user id (UID), and login time are shown, followed by a list of active processes associated with the PID. The list includes the device name, PID, CPU minutes and seconds used, and process name. To find out who is logged on and doing what, type whodo and press Return: $ whodo Wed Jan 31 13:50:59 1994 SunOS console root 7:14 console 191 0:00 ksh console 279 0:00 whodo $
Directories
These are a special kind of file that contains a list of other files. Although there is a one-to-one mapping of inode to disk blocks, there can be a many-to-one mapping from directory entry to inode. When a directory is located in another directory, we refer to it as a subdirectory. The directory it is located in we refer to as its parent directory. The only directory that does not have a parent directory is the root directory. The root directory is at the top of the file structure, and all files of any kind fall below this directory. The root directory is represented by a forward slash (/). When viewing a directory listing using the ls -l command, you can identify directories by their permissions starting with the d character. An ls -l on a directory looks something like this: drwx——— 2 sshah admin 512 May 12 13:08 public_html
Ordinary files
These are the files you use the most. They can be either text or binary files; however, their internal structure is irrelevant from a System Administrator standpoint. A file's characteristics are specified by the inode in the file system that describes it. User information is stored as an ordinary file. These files are aggregates of characters that are treated as a unit by the UNIX™ file system. They can contain normal ASCII characters such as text for manuscripts or programs. Ordinary files can be created, changed, or deleted as you wish. Using an (ls -l) on a normal file will look something like this: -rw———- 1 sshah admin 42 May 12 13:09 hello
Character devices
These special files are typically found in the /dev directory and provide a mechanism for communicating with system device drivers through the file system one character at a time. Character device files are easily noticed by their permission bits starting with the c character. Each character file contains two special numbers, the major and minor. These two numbers identify with which device driver that file communicates. An ls -l on a character device looks something like this: crw-rw-rw- 1 root wheel 21, 4 May 12 13:40 ptyp4
Matching any number of characters
To match any number of characters in a filename, use the asterisk (*). This is similar to the DOS™ use of the asterisk. Suppose the following files are in the user's working directory: data1, data11, data22, datamisc, data, letterdoc, letterloc, graphimage, projectionsjan, projectionsfeb, and projectionsmar. To copy the files beginning with projections to the directory work, do the following: $ cp projections* /home/work $ The directory work now has a copy of files projectionsjan, projectionsfeb, and projectionsmar with the same names. To move all of the files beginning with data to a directory called suspense, do the following: $ mv data* /home/suspense $ A quick ls of /home/suspense would show: $ ls /home/suspense datal datall data22 datamisc data Using wild cards can save numerous keystrokes. Users have a lot of flexibility in file management with the use of wild cards.
Matching a single character
To match any single character in a filename, use the question mark (?) in the desired position of the filename. For example, to list the privileges of files alpha.1, alpha.2, alpha.3, and alpha.4, perform: $ ls -l alpha.? alpha.1 rwxr-xr-x alpha.2 rwxr-xr-x alpha.3 rw-r—r— alpha.4 rw-rw-rw $
Multi-user
UNIX allows many users to work on the same computer system at the same time by sharing the computer's resources. To each user it appears that they are the only one on the system when in reality there are several users working. Even if you are the only user, a multiuser system can do a lot of things for you that a simpler operating system can't. For one thing, you can run several programs at the same time: you don't have to wait for one program to finish before you start the next.
Flexibility
UNIX allows the user to choose from many different commands that give them the flexibility to manage the system to its maximum potential. There are numerous options available for these commands that allow the user to perform specific functions.
Categories of users
UNIX divides system users into three categories: file owners, group members, and all others (owner, group, and others). It's somewhat like real life in a way. If you play on a ball team, you may own some personal equipment. Depending on how much you trust your team, you may desire to share some of your personal possessions with them. Truly trusting people may even allow persons other than their team members to use some of their property. Typically, you consider yourself to have unlimited permission to use your own property (glove, bat, etc.). You may place some limits on your team members (like giving them the ability to borrow your stuff, but not allowing them to throw it away when they are done with it). And the others, (those not on your team) might have stricter limits placed on them, or no permissions at all. This decision is left up to you, the owner.
Multitasking
UNIX has the capability to execute numerous programs at the same time through a process called time-sharing. Due to the high speed of the CPU, it appears to the user as if their program is the only one executing on the system. However, in reality, a slice of time is given to each program to utilize and accomplish some amount of the process until completion or termination of the program. UNIX also allows users to run programs in the background on their system while they are running something else in the foreground. Even if you don't have a fancy windowing terminal or a workstation, you can still run jobs in the background. Instead of waiting until the program finishes, UNIX allows you to initiate another command immediately. It then runs both programs at the same time, along with the other programs that are running. You are time sharing with yourself.
Directories
UNIX provides a method for keeping track of files using a directory system. A directory is a file that holds other logically related files and contains information about the location and attributes of these other files. For example, a directory includes a list of the files and subdirectories, as well as their addresses, characteristics, file types, and other attributes. Directories, like files, are created and accessed by users, but there are some traditional directories provided in every UNIX operating system.
Access to directories
UNIX uses the same mode bits for directories as for files, but they are interpreted differently. This interpretation will make sense if you remember that a directory is nothing more than a list of files. Creating a file in a directory, renaming a file, or deleting a file from a directory requires changing this list: therefore, you need "write" access to the directory to create or delete a file. Modifying a file's contents does not require you to change the directory; therefore, you can modify files even if you don't have "write" access to the directory (providing that you have "write" access to the file). Reading a directory is relatively straightforward: you need read access to be able to list the contents of a directory (find out what files it contains, etc.). If you don't have read access, you can't list the contents of the directory. However, surprise, you can still access files in the directory, provided that you already know their names. Execute access for a directory has no meaning per se, so the designers of UNIX have reassigned this bit. It is called the search bit. Search access is needed to perform any operation within a directory and its subdirectories. In other words, if you deny execute access to a directory, you are effectively denying access to the directory and everything beneath it in the directory tree.
User characteristics
UNIX was designed from the beginning to be accessed by more than one person simultaneously. To each user it appears they are the only one on the system, when in reality there are several users working. Because UNIX is a multi-user system, it needs ways to protect your files from other users. It also must allow you to share files with other users when you desire to do so; otherwise the whole point of having a multi-user system is lost. UNIX had to overcome some serious security problems when it came to sharing files between users.
Pipes
UNIX was developed with the philosophy of having simple commands that do well-defined, simple things. Then, by combining these simple commands, the user could do very powerful things. Pipes are one of the ways UNIX allows users to combine several commands. The pipe is signified by the vertical bar ( | ) symbol. A pipe is a means of taking the output of one command and redirecting it as the input of another command. Say that you want to know how many files you have in your current directory. Recall that the ls command will list all the files in your current directory. You could then count the number of files. But UNIX has a command that counts the number of characters, words, and lines of input and displays these statistics. Therefore, you can combine these two commands to give you the number of files in your directory. One way you could do this is as follows: ls -l | wc -l. Analyzing this command, you can see that the first part is something familiar. The ls -l command gives a directory listing in long format. In fact, it prints one file per line. The wc -l command gives the number of lines in the input. Combining the two commands by way of a pipe takes the output of the first command (the long directory listing) and gives it to the input of the second command. The output of the second command (which is not redirected—it goes to standard output) is displayed on your screen. These basic forms of redirection allow you to be very versatile as you learn a few commands at a time. Try to learn a command and use it with various options and arguments, then add redirection of input and output. And finally, combine commands with pipes. This approach should help you to feel comfortable with the commands and their varied uses. Knowing these commands will greatly enhance your ability to administer your system. They are the building blocks that will allow you to go forward on the UNIX system.
lpr
Unix has numerous commands concerning printing, and to facilitate a UNIX system acting as a print server. Below we will cover some of the basic commands. The basic print command is lpr. An example of it is as follows: $ lpr scores This command would print out the contents of the file "scores". To select a specific printer to print to, as opposed to the default printer, you would use the "printer" flag, which specifies a printer by name, for example: $ lpr UUA8000 scores To check to see what printers are available, and to see what is in the print queues, use the lpstat command, as follows: $ lpstat lpstat has several flags, some of which are listed in Table 3-8. For a complete listing, reference the online manual. Flag Description -E Forces encryption when connecting to the server -a Shows the accepting state of printer queues. If no printer is specified, then all printers are displayed. -d Shows the current default destination. -l Shows a long listing of printers, classes and jobs. -o [destination(s)] Shows the jobs queue on a specified destination. If no destination is specified, then all jobs are shown. Table 3-8. lpstat flags. To cancel or stop a print job in a print queue, you would use the lprm command as follows: $ lprm scores The flags in Table 3-9 table below are associated with the lprm command. Flag Description -P destination Specifies the name of the printer, or class of printers you are removing the print job from. - Removes all print jobs associated with the user. If used by a super user, removes all jobs from the print queue. request-ID Removes a specific print job. user Removes print requests associated with a specific user. This option can only be used by a super-user. Table 3-9. lprm flags. To see the status of all of the available printers, you would use the lpq, or line printer query command. In this example, the name of the printer is specified. $ lpq UUA8000 The following flags in Table 3-10 are associated with the lpq command: Flag Description -P destination Displays information about a printer, or class of printers. destination can be given in either (server:destination) format or (.../service/printer/UUA8000) format. -l Displays the information in long format, which includes which host sent the print job. user List all jobs associated with a specific user. printer Shows the status of a specific printer that you know about. Table 3-10. lpq flags. To set a default printer, use the PRINTER= command, and follow that up with the export command. The export command takes the setting just specified, and makes it an environmental variable, which means that if any other process looks for PRINTER, it will use the specified printer, in the following case, UUA8000: $ PRINTER=UUA8000 $ export PRINTER Now that we have covered administering your system in Unix, to include some basic commands and printing in Unix, we will take a look at another important aspect of Unix, Account Administration.
File modification method
Unlike the file modification method for group accounts, the file modification method for user accounts is a little more complicated. It involves editing two files /etc/passwd and /etc/shadow followed by setting the user's password with the passwd command. Then, you create the user's home directory with the mkdir command and copy the initialization files into the user's home directory using the cp command. Next, you change ownership of the home directory and initialization files to the user using the command chown and finally set appropriate permissions for the user's home directory using the chmod command. You will likely not use this method often, however, familiarity with the files /etc/passwd and /etc/shadow is in order since these are the files that are modified using the command and GUI methods. The /etc/passwd file contains a list of all user account information for the users on the local system. Each line is in the following format: username:password:uid:gid:comment:home_directory:shell • username - A unique name a user enters to log in to a system, also called a login name. • password - Encrypted password or an .x. to represent a placeholder for the user's encrypted password, which is kept in the /etc/shadow file. • uid - The user's unique numerical identification number for the system. A maximum value of 2137483647 and 0-99 are reserved by the operating system. • gid - The unique numerical identification number of the group to which the user belongs. The user's primary group identification number. • comment - Identify the user. A comment generally contains the full name of the user and any other optional information. • home directory - A directory in which the user is placed after login for creating and storing files. Identifies the user's home directory in an absolute path. • shell - The user's work environment is set up by the initialization files defined by the user's login shell. This is the user's default login shell. The /etc/shadow file is a UNIX security feature that hides a user's encrypted password in a file only accessible to the superuser of the system. Each line is in the following format: username:password:date_change:min:max:warning:inactivity:expiration:unused • username - Login name for the user. • password - Contains a 13-character encrypted password. • date_change - Date the password was last changed. • min - Contains the minimum number of days required between password changes. • max - Contains the maximum number of days the password is valid before the user is prompted to enter a new password at login. • warning - Contains the number of days the user is warned before the password expires. • inactivity - Contains the number of inactive days allowed for that user before the user's account is locked. • expiration - Contains the date when the user accounts expires. After it is exceeded, the user can no longer log in. • unused - Reserved for future use. Command line method The command line methods to add, modify, and delete user's accounts uses useradd, usermod, and userdel commands to configure the /etc/passwd file. In addition, the passwd command can set the new user's temporary password. Command: useradd (to create a new account). Description: Administer a new user login on the system. Syntax: useradd [-c comment] [-d home_dir] [-g pri_group] [-G sec_group] [-m create home directory] [-u UID][ -s shell login] Command: useradd (to view or set default values). Description: View or set default values for new user account creation. Syntax: useradd -D [-b base dir] [ -s shell][ -g group] The useradd command has two uses in UNIX. It can either create a new user account or be used to display and change the default values for specific fields in the /etc/passwd file. This setting of default values is done in preparation for the creation of new user accounts. Prior to creating a user account, it is good practice to see what the default values are for the command. Table 3-12 shows a few of the default values set during UNIX installation. Field Value Description Group other (GID of 1) The primary group the user will become a member of. base_dir /home The directory where a user's home directory is created using the username of the user as the name of the home directory (i.e. /home/john.smith). Shell /bin/sh The Bourne shell environment for the user. Table 3-12. Default values for useradd command. The default values can be displayed by typing the useradd command with the -D option by itself or changed with the -D option followed by the option to change the corresponding default value. For example, type in the following to make sure all new users that are created belong to the primary group staff: $ useradd -D -g staff Several options exist for the useradd command. We will cover eight of these options: • -c Comments. Any text string comments, inside of quotation marks • -b Base directory. The directory where a user's home directory is created using the username of the user. • -d Home directory. Defines the full path name for the user's home directory • -g Primary group. Specifies a predefined group's ID or name • -G Secondary groups. Defines the new user's secondary group memberships; maximum of 15, separated by commas • -m Create home directory. Creates the new home directory if it does not already exist • -u UID number. The UID defaults to the lowest unused number if one is not specified. • -s Default login shell. /bin/sh, /bin/ksh, /bin/csh $ useradd -d /export/home/smithj -m -s /bin/ksh smithj In this example, the user smithj was added to the system. The home directory was set with the -d option to /export/home/smithj and created with the -m option. In addition, the default shell at login was set to the Korn shell with the -s option. The command would also set the primary group to the default value, create the UID using the next available number above the highest UID currently assigned, not add the user to any secondary groups, and have no comments. Command: passwd Description: Change login password. Syntax: passwd [login] Now that the user has been created, they must be given a temporary password to login to the account the first time. Failure to assign a temporary password will leave the user's password as .null. until first login. This is a security risk on a system and is not good practice. You use the command passwd to set passwords. You must be a superuser (root) or be a privileged member of the root group in order to set a password for a user other than yourself. Type in the command passwd followed by the user's username to set the password: $ passwd smithj New password: Re-enter new password: Command: usermod Description: Modify users login information on the system. Syntax: usermod [-c comment][-d home_dir][ -g pri_group ][-G sec_group][ -m create home dir][-u UID][ -s shell][ -l new_name] login You use the command usermod to modify user accounts in UNIX. This command follows the same syntax as the useradd command, but with the addition of the -l option to change a users login (username). $ usermod -l doej smithj In the above example, the user smithj username is changed to doej. Command: Userdel Description: Delete user logins from the system. Syntax: userdel [-r] login The userdel command deletes a user account from the system. When used, the -r option removes the user's home directory and files. Be careful when using this command because other users on the system may still require access to the user's files. If this is the case, copy any required files to another location first and then proceed with deleting the user. This command does not remove files owned by this user that are located elsewhere in the file system. Those files must be located using the find command and subsequently deleted. The following example deletes the home directory and user doej: # userdel -r doej Graphical User Interface Method The easiest methods to add, modify, and delete user accounts is through Admintool. The same requirements to run and start Admintool apply as they did with groups, but the process of user account administration involves a few more fields. The default Users window appears when started. Select Add from the Edit menu and then add users using the Add User Window. Assigning privileges and permissions Now that you are familiar with how to administer the group and user accounts in UNIX, we must discuss how to assign privileges and permissions to the new users. The first step to providing system privileges was taken when the user was assigned to a primary and any secondary groups. Additionally, the chmod command can be used to grant permissions for a file to one group of users or the entire network community (others) as a whole. This alone may be all that is necessary, but there might be a need to provide more stringent controls. Access Control Lists (ACLs) are a security feature within UNIX that allows a system administrator to limit access to files and resources to specific users, specific groups, file owners, file groups from multiple groups. ACLs provide greater control over file permissions than what is available with the chmod command and the traditional UNIX file permissions of read, write, and execute for the categories of users owner, group, and others. For example, smithj is a member of the group students and fosterg is a member of the group instructors. The user smithj creates a new file and uses the chmod command to allow full permission for owner, read permissions for group, and none for others. He would also like to allow user fosterg to have read and write permissions for the file. In this scenario, fosterg is considered a part of the other category of users for the file. Granting permissions to just the user fosterg is not possible with the chmod command. Using an ACL alleviates this dilemma. Many UNIX systems have added ACLs to a file or directory to equip users with a more specific means of controlling access to their files. This control has been implemented using different commands, syntax, and behavior depending on which version of UNIX is being used. Let's look at two different ways to configure the access control lists. Command line method You use the getfacl and setfacl commands to set, add, modify, and delete ACL entries on files. The getfacl command displays ACL entries on files. The setfacl command is used to set, add, modify, and delete ACL entries on files. $ getfacl alpha (to examine the ACL for a file) #file:alpha #owner:instruct #group:students user::rwx group::r-x #effective:r-x mask:r-x other:r-x $ setfacl -m user::r— alpha (to modify the ACL entry on the user) $ getfacl alpha #file:alpha #owner:instruct #group:students user::r— group::r-x #effective:r-x mask:r-x other:r-x Graphical user interface method Using the File Manager is easiest way to display, create, set, add, modify, and delete an ACL for a file. To create an ACL for a file, open File Manager and browse through the directories until you locate the correct file. Then, right click on the file, select Properties from the menu that appears and then click on the Show Access List button to display the Properties window with current access lists for the file. Click on the Add button to open the Add Access List Entry Window. Fill in the fields as necessary, choose the permissions to grant, and then click on the Add button in the Add Access List Entry Window. Now that we have covered the creation of ACLs using File Manager, we must briefly discuss file masks which play an important role on how permissions work with ACLs as well as with the normal file permissions. Masks The mask indicates the maximum permissions allowed for users (other than the owner), groups, and ACLs. For example, a file owner would like to grant another user read and write permissions. The mask is mask:r-x. The owner creates an ACL and assigns read and write permissions to the user. The effective permissions on the file are read only because the mask would deny the write permission. A mask for a file is never created or deleted, only modified. This is because every file already has a mask of rwx assigned to it. It is modified in the same way an ACL is.
id
Use the id command to display the UID and group ID (GID) number for a user who is logged on. This information can be helpful for troubleshooting problems when users cannot access files they think they own, or when users want to find out which group they belong to. To use the id command, have the user log on, then type id and press Return. If the UID or GID does not match those for the troublesome file, you may need to change the ownership or group on the file or add the user to the appropriate group. The su command allows one to become another user without logging off. The default user name is root (super user). Note the user ID is identified as root. $ id uid=6693(winsor) gid=10(staff) $ $ su Password: xxxxxxx uid=0(root) gid=l(other) $ As you can see these commands are very helpful when you're trying to keep track of who is on the system or when you need to troubleshoot file problems.
Other
Who are the "others"? Others are anyone outside the identified group that has access. These privileges apply to anyone else on the system. If you desire to do so, you can allow users from other groups to read, write, or execute your directories and files. As owners, we usually place very tight restrictions on what those permissions are. Often, we give no permissions to "others" because we are concerned about what they might do to our files and directories if we gave them full permissions. Giving full permissions to "others" would be like posting a large sign in your front yard telling everyone who passed by where you kept your house keys.
Clearing a shell window (clear)
You can clear the contents of a shell window and redisplay the prompt to the top of the window. To do this, type clear and press Return. $ clear The window is cleared and the prompt is redisplayed at the top. As you work on the system you will learn more of the shell commands needed to effectively manage the UNIX system.
chgrp
chgrp [options] newgroup files This command changes the ownership of one or more files to newgroup. newgroup is either a group ID number or a group name located in /etc/group. You must own the file or be a privileged user to succeed with this command. Options: • -h: Change the group on symbolic links. Normally, chgrp acts on the file referenced by a symbolic link, not on the link itself. • -R: Recursively descend through the directory, including subdirectories and symbolic links, setting the specified group ID as it proceeds.
chown
chown [options] newowner files This command is similar to chgrp; however, chown changes the ownership of one or more files to (newwoner). (Note: The BSD version lets you change the group as well.) newowner is either a user ID number or a login name located in /etc/passwd. Options: • -h: Change the owner on symbolic links. Normally, chown acts on the file referenced by a symbolic link, not on the link itself. • -R: Recursively descend through the directory, including subdirectories and symbolic links, resetting the ownership ID.
chmod
command to change permissions of a file.
File security—crypt
crypt [password] < file> encryptedfile Encrypt a file to prevent unauthorized access. The password is either a string of characters you choose or the flag -k, which assigns the value of environment variable CRYPTKEY as the password. The same password is used to encrypt a file or to decrypt an encrypted file. If no password is given, crypt prompts for one. crypt is available only in the United States (due to export restrictions).
The Korn shell
which is a surrogate of the Bourne shell that allows you to edit the command, line.
The Bourne (or standard) shell
which is the most compact and simplest shell. It is most often used for writing shell scripts.
The C shell
which uses C syntax and has many conveniences