Directory structure and installation under Linux

Directory structure and file permissions under Linux

1. Directory structure under Linux

I believe that friends who have installed Windows know that when installing Windows systems, they often consider how much space is appropriate for the C drive and how much space is appropriate for the D drive. In fact, this often needs to be considered when installing the system. That is, the problem of partitioning.

In fact, there is a similar structure on Linux, which we call a directory tree structure.

Why do you call it that? This actually has a certain origin with the Unix system to a large extent.

(1) Directory tree structure under Linux

As we all know, all data in Linux is stored in the form of files . Therefore, the directory tree structure can be compared to the skeleton of the Linux system, which is the most important part of the entire Linux system.

The so-called directory tree structure: it is a file structure based on the root directory, and then presents a branched directory structure downwards

The most important thing in the entire directory tree structure is the root directory, and the representation method of the root directory is "/"

And all the files are related to the directory tree. A simplified directory tree is shown below:

• All the above files /start from the root directory and are derived from the root directory.
• And it is worth noting that .the beginning of the above picture belongs to the file, and the others are directories (directory)
• For example if we want to access .bashrca file the path would be/home/dmstail/.bashrc

The above is a simple explanation of the file structure of the Linux system. But there is a problem. In fact, our file data is often stored in disk partitions (such as C drive and D drive in Windows), so how can we establish the connection between the file system and the disk?

At this time, the issue of mounting needs to be involved .

(2) The relationship between the file system and the directory tree - mount

The so-called mounting means using a directory as an entry point to store the data of the disk partition in this directory. ** That is: when entering the directory, it is equivalent to reading the data of the partition.

Then the directory where a certain partition is mounted becomes the mount point .

As the core of the entire system, the root directory naturally needs to be mounted accordingly (this is a must!), which mainly depends on the actual situation. In addition to the root partition, users of other partitions can perform corresponding mounting operations according to their actual needs. (The same windows also uses the concept of mounting.)

So how to judge which partition the file is in through the path name of a file?

In fact, it is very simple, you need to use reverse search and tracking . For example, the path of a certain file is /usr/local/bin/redis.conf, then we can find out through reverse tracing that the partition it mounts is actually the root partition/

Two, Linux users (groups) and file permissions

Understand the related architecture of the Linux file system, I believe many people will be amazed by it. In fact, what is fascinating is not only its rigorous directory structure, but also the permission settings of the Linux file system.

In fact, the file permission settings of the Linux system are also quite rigorous, and often even give people an illusion of redundancy, but in fact , the security and coordination of the system are largely guaranteed .

(1) Users, user groups and others

Before introducing the concepts of users and user groups, it is necessary to make it clear that Linux is essentially a multi-person and multi-tasking system . Therefore, there are often situations where many people use the same host at the same time. Considering personal privacy and the need to give everyone a preferred working environment, Linux has designed the relevant permissions of users and user groups.

The following concepts are introduced one by one.

1. User

The so-called user is actually an account to log in to the Linux system for Linux users. The system administrator (root user) needs to assign an account to each user, and the user logs in to the system based on this account. **It is worth mentioning that although it is the same system, some content presented after logging in with different accounts is different. **That is to say, some private files of account B cannot be seen after account A logs in. This is also in line with the relevant requirements of multi-person multi-tasking systems.

For example, in this machine, there are related files of another user

Of course, in addition to viewing through the graphical interface, you can also view the users on the machine through the command line.

cat /etc/passwd
...相关用户信息

2. User groups

The so-called user group, for Linux, is a collection of accounts that log in to the system. Each user has a user group, and the system can centrally manage all users in a user group. It is equivalent to the concept of our current group and team.

For example, suppose the leader is in charge of two teams, and team A has members A, B, and C. The members of team B are D, E, and G. The two teams each need to complete a project, and the project has a certain degree of competition and needs to be evaluated. So how can we ensure that the project details of our team are not seen by people from another team.

At this time, in order to ensure the fairness of the competition between the two teams, the Leader sets the corresponding permissions for the two teams, that is, members of team A cannot view any content of the project of team B, and vice versa. Members of the team can view public content within the team, and if the content is private to team members, even members of the same team cannot view it.

Of course, the Leader must also set a permission, so that he can view all the content of Team A and Team B at the same time. That is to say, the Leader has ceiling authority.

From this point of view, it seems that setting up user groups can indeed bring many benefits. Of course, the most useful feature of user groups is team collaboration.

And the same account can also have the support of multiple user groups. (The Leader in the above example has the permissions of both team A and team B)

And there is no limit to the number of user groups that each user can join , that is to say, you can join as many user groups as you need. Form a huge user network.

3. Others

The permissions of other people, in simple terms, are permissions other than those of the file owner (user) and file user group (user group).

It may be a bit ambiguous to say so, let's look at a picture:

Compared with ABC, D is someone else, because he does not belong to the ABC user group, so he cannot directly access the public content in the ABC user. If you want D to access the information of the user group, you can choose to add the user D to the corresponding user group, and then you can realize the access to the shared information.

What needs to be mentioned here is that this D is just an ordinary user, not root.

So what is root?

It can be said that root is the ceiling of the current system authority, and there is no place it cannot reach. In other words, in front of the root administrator, all users, user groups, and others have no privacy at all. But with great power comes great responsibility . The root user is the core user of the entire Linux system, so it is necessary to use the root account reasonably to avoid unnecessary troubles to the system.

(2) Linux user identity and user group records

In the Linux system, by default, all accounts, general identity users, and root user information on the system are stored in /etc/passwdfiles. (If you are interested, you can check it out)

Individual user passwords are stored in /etc/shadowfiles.

All Linux group names are recorded in /etc/group.

• Take this machine as an example to view all users.

cat /etc/passwd
# cat表示查看某一个文件，后跟文件的路径
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
..........

• Take this machine as an example to view individual user passwords

sudo su
# 切换到管理员查看（此处是强制进行的）

# 查看个人密码文件
cat /etc/shadow
root:*:18717:0:99999:7:::
daemon:*:18717:0:99999:7:::
bin:*:18717:0:99999:7:::
.......

And in order to ensure security, Linux uses the SHA512 hash encryption algorithm for the password file, each line corresponds to a user, and its specific meaning is as follows:

Username: Encrypted Password: Last Modified Time: Minimum Modified Interval: Password Validity Period: Number of Days Warning Before Password Needs to Be Changed: Grace Time After Password Expires: Account Expiration Time: Reserved Field

• Take this machine as an example to view all user groups

# 以普通用户的身份查看
cat /etc/group

# 以下是所有的用户组
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
..........

(3) Linux file permissions

I believe that friends who are new to Linux have experienced Permission deny after entering commands in the terminal (at least it appeared many times when I was a beginner). It means that the permissions are insufficient and the permissions need to be increased. (If you have never encountered it, it means that you have a good enough grasp of permissions) This situation often occurs because you do not have a good understanding of Linux file permissions.

1. Linux file permissions

So how to view the relevant permissions of existing files? It's easy, just one command ls.

Take this machine as an example

# 切换到管理员用户
sudo su

# 进入到根目录
cd /

# 查看当前目录下的文件
ls -al

drwxr-xr-x   4 root   root     4096 4月  10 14:54 home
lrwxrwxrwx   1 root   root        7 3月  31  2021 lib -> usr/lib
lrwxrwxrwx   1 root   root        9 3月  31  2021 lib32 -> usr/lib32
lrwxrwxrwx   1 root   root        9 3月  31  2021 lib64 -> usr/lib64
lrwxrwxrwx   1 root   root       10 3月  31  2021 libx32 -> usr/libx32
drwx------   2 root   root    16384 9月  20  2021 lost+found
drwxr-xr-x   6 root   root     4096 4月  10 14:58 media
drwxr-xr-x   2 root   root     4096 4月  10 15:35 mnt
........
[权限]	[链接][拥有者][用户组]  [文件容量]  [修改日期]   [文件名] 

# 切换到普通用户
exit

• You can switch from a common user to an administrator user in this machine sudo su, but it is not recommended to use the administrator to operate directly.
• The ls command means list, that is, list, and althe option means to display all files in detail, including hidden files (this type of file starts with . and is invisible by default.)

(1) Detailed explanation of file output

It can also be seen from the above output that almost all file output formats are similar. Let's briefly introduce the meaning of the following formats

• The first column lrwxrwxrwx indicates the file type permission , and there are 10 characters in total.
  • The first character indicates the type of file, such as directory, file, link or others (the first character in this example is l, which means link file).
  • Directory files dare represented using .
  • -Indicates a file.
  • lIndicates a linked file.
  • bIndicates the peripheral devices that can be stored in the device file (devices that can be read and written randomly by block)
  • cIndicates the serial port device in the device file , such as keyboard, mouse (one-time read device).
• The second column indicates the number of links , that is, how many file names are linked to this node. It should be noted that the concept of a node: inode, in the Linux system, each file will record its own attributes and permissions to the file system inode.
• The third column indicates the file owner .
• The fourth column indicates the user group to which the file belongs . Under the Linux system, an account will join one or more user groups.
• The fifth column indicates the capacity of the file , and the default unit is bytes
• The sixth column indicates the date the file was created or last modified . And if a file was modified too far ago, only the year is displayed.
• The seventh column indicates the file name . What is special is that if the column .starts with , it means that the file is a hidden file.

(2) Detailed explanation of file type permissions

The above mentions all the relevant information that a file has when it is listed. I think the most striking is the file type permission. The following describes the file type permissions in detail.

Among the ten characters of the file type, they can be roughly divided into 4 groups. The first character is a group by itself. After that, every 3 characters are a group.

Among them, rmeans the read permission, wmeans the write permission, and xmeans the executable permission. And the positions of these three permissions are constant. If a certain location does not have this permission, use - instead, and it is impossible not to write.

• The first group still represents the type of the file.
• The second group indicates the permissions of the file owner . If the permissions appear in the second group rw-, it means that the file owner can read and write the file, but cannot execute it because there is no execution permission.
• The third group represents the permissions to join the current user group .
• The fourth group represents the permissions of other users who are not themselves and have not joined the user group.

Regardless of the set of permissions, the corresponding permissions are basically designed for certain accounts.

(3) The importance of the Linux file system

The Linux file system is different from the Windows system. Linux adds many attributes to files. Obviously, these properties actually guarantee data security to a large extent .

• System protection function
• Team development data or data sharing functions
• Ensure data security

2. Modify file attributes and permissions

Earlier we introduced the significance of file attributes and permissions to the Linux file system. In fact, although the attributes or permissions of some files restrict certain behaviors of some users, we can still modify them through corresponding methods to make a certain file Attributes or permissions changed.

Similar to the concepts of Linux users, user groups and others, modification permissions will naturally exist to modify different attributes. There are three main categories:

• Change file owner
• Modify the user group to which the file belongs
• Modify the specific permissions of the file

Many people may wonder why the permissions of others are not modified. The reason is very simple, because if you want others to obtain certain permissions, you only need to add the user (account) to the user group.

So, why do we need to modify users, user groups and corresponding file permissions?

The reason is mainly for security reasons. For example, when you need to copy a certain file to another user, but in Linux, when copying a file, the attributes and permissions of the current user are often copied while copying the file. **This can easily cause a permission problem. The receiver of the file may not be able to access the file you copied to him due to some permission problems. At this time, it is necessary to modify the relevant attributes or permissions of the file.

(1) Modify the group to which the user belongs

To modify the group to which the user belongs, use the command chgrp , which is simply the abbreviation of change group. Although the chgrp command can modify the group to which the user belongs, it should be noted that the group name to be modified must be in /etc/group to be successful, otherwise an error will be reported .

The command syntax of chgrp is as follows:

chgrp [-R]  dirname/filename

In fact, the syntax is relatively simple. It should be noted that [-R]the option means recursive operation, that is to say, if there are subdirectories or subfiles under the modified directory, these files or directories will be updated synchronously.

Let's look at an example: This example changes the user group of the 123.txt file to root (the user group /etc/groupexists in )

# 切换到管理员用户
sudo su

# 此处以文件为例，可以看出，123.txt文件属于lambda用户及用户组
ls -l
-rw-r--r-- 1 lambda lambda       61 9月  26  2021 123.txt

# 修改123.txt文件的用户组
chgrp root 123.txt

#再次查看123.txt文件的相关属性，用户组由lambda变为root
ls- l
-rw-r--r-- 1 lambda root         61 9月  26  2021 123.txt

# 尝试将该文件修改到不存在的用户组中
chgrp  test  123.txt
chgrp: invalid group: 'test'

We can chgrpmodify the user group of some files or directories through commands, but if the modified user group is not in it /etc/group, an error will be displayed (as above chgrp: invalid group: 'test').

(2) Modify the file owner

So how to modify the owner of a file? In fact, it is similar to the user group for modifying files, but the commands are different. Obviously, the full name of the command to modify the file owner should change ownerbe chown . Similar to chgrp , we also need to ensure that the target user must /etc/passwdbe recorded in the file when modifying the file owner . Otherwise a corresponding error will also occur.

One thing to note here is that chown has slightly more uses than chgrp .

This is because chown can not only modify the file owner, but also modify the user group name by the way . It sounds unbelievable, but it is actually achievable. At the same time, if you need to modify the owner together with all the files in the directory, you only need to add the -R option.

Let's have a look at the relevant syntax:

chown [-R] 帐号名称（用户） 文件或者目录
chown [-R] 帐号名称（用户）：用户组名称 文件或者目录

The same [-R]option indicates recursive modification, which means that all files in its subdirectories need to be modified synchronously.

Here, in order to better show the role of chown, we can change the owner of the 123.txt file to root, and change the user group back to lambda

# 首先查看123.txt文件当前的所有属性
ls -l
-rw-r--r-- 1 lambda root         61 9月  26  2021 123.txt

#修改123.txt文件的属性：将拥有者改为root，将用户组改回lambda
chown root:lambda 123.txt

# 再次查看123.txt文件的所有属性
-rw-r--r-- 1 root   lambda       61 9月  26  2021 123.txt

It can be seen that after the command is executed chown root:lambda 123.txt, the file owner of the 123.txt file becomes root, and the user group it belongs to becomes lambda

In fact, when using the chown command to modify the file owner, there is another way to modify the user group to which the file belongs by the way, namely: chown user.group filename/dirname, that is to say, it is also possible to add between the user and the user group .. However, it is not recommended to use this method, because it may cause misjudgment by the system, so the most recommended method is to ：separate users and user groups.

(3) Modify file permissions

Speaking of file permissions, there are actually 9 file permissions in Linux, which are the read, write, and execute permissions of the file owner, the user group to which the file belongs, and others . Each identity has 3 different types of permissions, a total of 9 permissions.

Naturally, these permissions can also be changed accordingly. But changing file permissions is not as straightforward as modifying user names and user groups. It needs to first understand the meaning of each permission (this is to prevent abnormal permissions from appearing), and the number representing permissions (that is, to modify file permissions The time is to use the corresponding number to indicate the corresponding permission type).

The command to modify file permissions is chmod.

Number type modifies file attributes

Because the positions occupied by our different permissions are constant, we can have the following correspondence between permissions and numbers

# 读权限
r：4

# 写权限
w：2

# 执行权限
x：1
# 因此某个文件属性拥有所有的权限时，该位置上所对应的数字为7=4+2+1

That is to say, the permissions corresponding to each identity need to be accumulated.

Let's look at an example:

owner =rwx=4+2+1=7
group=rw-=4+2+0=6
others=r--=4+0+0=4
# 也就是说我们可以为某一个文件设置相应的属性为764,该文件所对应的权限为： rwx  rw- r--

chmodThe syntax is as follows

chmod [-R] xyz 文件或者目录

• [-R]It still means recursive modification, that is to say, when the permission is modified, the permissions of its subfiles are also changed accordingly.
• xyz: It still represents the permission attribute of the digital type , which is the sum of the corresponding three permission attributes.

Let’s look at an example, assuming that the 123.txt file is modified to be readable, writable and executable only by the file owner, and other user groups or others do not have any permissions.

# 查看123.txt文件的权限
ls -l
# 此时表示文件拥有者有读写权限，用户组成员有读权限，其他人有读的权限
-rw-r--r-- 1 root   lambda       62 4月  30 20:45 123.txt

# 对权限进行修改
chmod 700 123.txt

# 再次查看123.txt的权限
ls -l
# 此时123.txt表示拥有者有读写执行权限，用户组或者其他人没有任何权限，即只有root可以对文件进行操作。
-rwx------ 1 root   lambda       62 4月  30 20:45 123.txt

symbol type modify file permissions

There are three identities in the Linux file system, namely the file owner (owner), the user group to which the file belongs (group) and others (othrs). In fact, u, g, and o can be used to represent the permissions of the three identities, and an a is added to represent all identities.

It can be expressed roughly like this, as shown in the following figure:

Let’s look at an example, let’s take the 123.txt file as an example. At this time, we can set the permissions of the file to be readable and writable by the owner of the file but not executable. Set the file user group as readable and executable, and executable by others .

# 查看文件的权限
ls -l

# 此时文件只有root可以读写执行，其他用户均无权限
-rwx------ 1 root   lambda       62 4月  30 20:45 123.txt

# 进行相应的权限更改
chmod u-x,g=rx,o+x 123.txt
# 再次查看权限
ls -l
# 修改成功
-rw-r-x--x 1 root   lambda       62 4月  30 20:45 123.txt

3. A brief explanation of directory and file permissions

The following is just a table to briefly introduce the meaning of different permissions for directories and files:

components	content	r	w	x
document	Detailed data data	read file content	Modify file content	Execution file content
Table of contents	file name	read filename	modify file name	Permission to enter the directory (key)