Previous | Next
Objectives|
Philosophy and Format of UNIX Commands|
A Command for Everything|
The Basic Commands|
File Permissions|
Symbolic and Absolute Modes|
Changing File Permissions|
When is a Command not a Command?|
The Shell|
Executing a Command|
Other Special Characters|
Conclusion|
Review Questions
Section 2
BASIC UNIX
Before you can become a UNIX Systems Administrator you have to become a competent if not expert UNIX user. This section starts you on the metamorphosis into an expert UNIX user.
At the end of this section you should
- be familiar with the command format used by UNIX
- be aware of the role of a shell
- have gained an understanding of some of the intricacies of using a shell including special characters, I/O redirection, wildcards and shell variables
- become familiar with the UNIX file and directory manipulation commands
- received an introduction to the UNIX directory hierarchy,
- become familar with some of the UNIX commands that report the status of the machine
- have used the UNIX on-line help system at least once
A UNIX system comes with hundreds of executable commands and programs (it is quite easy to get to a count of 600 without really looking hard). Typically each of these programs carries out a particular job and will usually have some obscure and obtuse name that means nothing to the uninitiated.
There are no set rules about UNIX commands however there is a UNIX philosophy that is used by many of the commands, but not all.
- small is beautiful,
UNIX provides the mechanisms to join commands together so commands should do one thing well.
- 10 percent of the work solves 90 percent of the problems,
UNIX was never designed to solve all problems, it was designed to solve most requirements without too much hassle on the programmer's part.
- solve the problem, not the machine, and
Commands should ignore any machine specific information and be portable.
- solve at the right level, and you will only have to do it once.
The key to UNIX problem solving is only to do it once e.g. pattern matching is only implemented once, in the shell, not in every command.
A fairly intelligent and experienced would be computer professional has just started using UNIX seriously. He gets to a stage where he wants to change the name of some files.
Being an MS-DOS junkie from way back what command does he look for? rename of course. It doesn't work! "That's a bit silly!", he thinks, "You would think that UNIX would have a rename command."
It just so happens that this person has just completed a C programming subject in which one of the assignments was to write a rename command. So he spends the next day trying to write and compile this program. After much toil and trouble he succeeds and follows good administration policy and informs all the other users of this brand new wonderful program he has written. He goes into great detail on how to use the command and all the nice features it includes.
They all write back and tell him about the UNIX command mv that does the same thing.
The moral of this story is that if you want to do something under UNIX, then chances are that there is already a command to do it.
The following readings provide an introduction and revision to some of the basic UNIX user commands. It is necessary that you as a Systems Administrator know these commands intimately, not only because you will use them but because the Systems Administrator is often expected to also be the expert user of the system, capable of and responsible for answering any question about any program on the system.
-
Reading.
UNIX is a Four Letter Word... and VI is a Two Letter Abreviation. Section 2.4.
Purpose.
Revise and introduce the basic UNIX commands.
Exercise 2-1. What is the output of the following commands?
-
a) echo *
b) echo *[!0-9]
c) echo m[a-df-z]*
d) echo [A-Z]*
e) echo jan*
f) echo *.*
g) echo ?????
h) echo *89
i) echo jan?? feb?? mar??
j) echo [fjm] [ae] [bnr] *
Exercise 2-2. What do the following commands do?
-
a) ls wc -1
b) rm ???
c) who wc -1
d) mv progs/* /usr/steve/backup
e) ls *.c wc -1
f) rm *.o
g) who sort
h) pwd
i) cp memo1 ..
j) plotdata 2>errors &
As well as being associated with a filename each file has in addition a number of other attributes. Some of these other attributes can be seen by using the -l flag of the ls command. An explanation of the output of the command ls -l is shown below.
-rw-rw-rw- 1 david staff 227 Dec 12 19:33 note
1. 2. 3. 4. 5. 6. 7.
1. File access permissions, who can do what to the file/directory
2. The number of links to this file.
3. The owner's user name.
4. The group owner's group name.
5. The size of the file in bytes.
6. The date and time the file was last modified.
7. The name of the file.
Figure 2.1. Explanation of the output of the ls -l command.
Numbers five, six and seven should by now be fairly self-explanatory. The following sections aim to explain numbers one, three and four.
Users, Groups and Others
As mentioned in the text book UNIX provides a very simple but powerful protection mechanism for files which is based on the concept of individual users and groups of users.
Access to a UNIX file is grouped into three categories
- user
The individual user who owns the file (by default the user that created the file). In figure 2.1 the owner is david.
- group
The collection of people that belong to the group that owns the file (by default the group to which the user owner belongs). In figure 2.1 the group owner is staff.
- other
Anybody that doesn't fall into the first two categories.
The first field (the permissions field) from Figure 2.1 holds the information that restricts what actions the users from each of the above three categories can perform on the file or directory. The permissions field consists of 10 single letters that are separated into four separate fields. The meanings of those fields is summarised in Figure 2.2.
The very first character is used to indicate the type of file. Some of the possible file types are listed in table 2.1.
tuuugggooo
t = type of file
u = permissions for user who is the owner of the file
g = permissions for the group that owns the file
o = permissions for everyone else
Figure 2.2. Format of File Permissions.
-
File Type Meaning
- a normal file
d a directory
l symbolic link
b block device file
c character device file
p a fifo or named pipe
s a XENIX semaphore
m a XENIX shared data section
Table 2.1. Different File Types.
Table 2.1 outlines some of the different file types on a UNIX system. Two types mentioned are block and character special files (sometimes known as block and character device files). These files will be discussed elsewhere.
The three remaining fields for user, group and others all use the same format. The first entry is the read attribute, the second is the write attribute and the third is the execute attribute. If there is a - character in a particular spot then that attribute is turned off (i.e. the user can't do it). If there is a r, w or a x in the appropriate spot then the attribute is turned on and the user is allowed to perform the associated operation.
For example:
- if a particular file had the permissions -rwx-w---x
Then the owner of the file has the attributes rwx which means they can read, write and execute the file.
Users in the group have the attributes -w- which means they can only write to the file.
All other users have the attributes --x which means they can only execute the file.
File permissions have slightly different meanings when applied to a directory.
Table 2.2 summarises the meanings of the three basic attributes for both files and directories.
There are two other possible letters which may appear in the permissions field for a file.
- s - the set user/group id bit (set uid/ set gid bit)
When someone runs a program the resulting process runs with the privileges of the user who ran it (both user and group).
If the set user/group bit are set the resulting process will run with the privileges of the user/group owner of the file.
-
e.g. The passwd command has the set uid bit set,
and is owned by root. This means that whoever runs
can write their new password to the passwd file.
YOU MUST BE CAREFUL WHEN SETTING THESE BITS.
They are a common source of security problems.
- t - the sticky bit
When you run a program UNIX reads the program code from disk into memory and creates a process. This takes time. If you have a large program which you run frequently it might make more sense to keep it in memory all the time. To do this you set the sticky bit.
Figure 2.3. Special Permission Bits.
Attribute Type Meaning for a file Meaning for a directory
r the contents of the ability to obtain
file can be viewed a directory listing
w the contents of the ability to create and remove
file can be changed files from directory
x the file can be ability to change into that
executed as a command directory, and access its
contents
Table 2.2. The Meanings of Permissions.
Exercise 2-3. Using the following directory hierarchy and the following facts.
jonesd rwxr-w--x
|
| all owned by jonesd
| group owner admin
__________|_______________________
| |
assign r-x------ docs rwxr-xrwx
- astudent belongs to the group users
- astaff belongs to the group admin
Answer the following-
a) Can astudent obtain a directory listing of the jonesd directory?
b) Can astaff obtain a directory listing of the docs directory?
c) Can astudent obtain a directory listing of the docs directory?
d) Can astudent create a file in the docs directory?
So far you have only seen symbolic modes in action. That is where the symbols r, w and x are used to represent access permisions. UNIX recognises another method called absolute mode that uses numbers instead.
In absolute mode each access class (user, group and other) are represented by a number no bigger than seven. This number is arrived at by converting the symbolic permissions into a binary digit as shown in figure 2.4
Converting Symbolic to Numeric.
r w x r - - r - x symbolic
1 1 1 1 0 0 1 0 1
7 4 5
754 numeric
Figure 2.4. Converting Symbolic Permissons to Numeric.
Exercise 2-4. Convert the following symbolic permissions into numeric.
-
a) rw----r-x
b) rwxrwxrwx
c) ---rwx-wx
Exercise 2-5. Convert the following numeric permissions into symbolic.
-
a) 111
b) 550
c) 750
The UNIX system provides a number of commands for users to change the permissions associated with a file. Table 2.3 provides a summary.
Command Purpose
chmod change the file permissions for a file
umask set the default file permissions for any files to be created.
Usually run as the user logs in.
chgrp change the group owner of a file.
chown change the user owner of a file.
Table 2.3. File Permission Commands.
The chmod Command
The command to change the permissions for a file or a directory is the chmod command.
For example:
- chmod u+rwx temp.dat
turn on all permissions for the owner of the file
chmod gw-rwx temp.dat
turn off all permissions for all the users except the owner of the file
chmod -R a-rwx /
turn off all permissions for everyone for all files
chmod -R a= /
turn off all permissions for everyone for all files
chmod 770 temp.dat
allow the user and group read, write and execute and others no access
- chmod Command Format.
chmod [-R] operation files
-R recursively descend each directory
operation can be either symbolic or absolute permissions.
When using absolute permissions operation is simply the
numeric permissions e.g. 770 200
When using symbolic permissions operation takes the form of
whooppermission where:
who u for owner of file
g for group
o for others
a for all categories
op + add permission
- remove permission
= set permission
permission r read
w write
x execute
s set uid/gid
t set sticky bit
Figure 2.5. chmod Command Format.
The chown and chgrp Commands
There are times when you are required to change the owner of a file or the group owner of a file. One such time is when the root user creates a home directory for a new user. When root creates the directory the owner of the directory will be root, when in fact we really want the owner of the directory to be the new user.
There are some limitations on how you can use chown and chgrp. Only the root user or the current owner of the file can use chown to change the ownership of a file. Only the root user can arbitrarily change groups. The owner of a file can only change the group to another group to which the owner belongs.
On some systems you cannot give away ownership of files at all, only root can. Two reasons with this are
- in a filesystem with quotas (quotas place an upper limit of how many files and how much disk space a user can use) a person could avoid the quota system by giving away the ownership to another person
- if anyone can give ownership of a file to root they could create a program that is setuid to the owner of the file and then change the owner of the file to root.
- chown/chgrp Command Format.
chown [-R] owner files
chgrp [-R] group files
-R change the ownership on all sub-directories and the files
within them
owner is either a numeric user identifier or a user name listed
in /etc/passwd .*
group is either a numeric group identifier or a group name listed
in /etc/group.
files is a list of files of which you wish to change the ownership
Figure 2.6. chown/chgrp Command Format.
* Some systems allow owner to take the format owner.group this allows you to change the owner and the group owner of a file with one command.
The umask Command
Everytime a file is created it is automatically given some default access permissions. The purpose of the umask command is to set these default access permissions. One of the responsibilities of a Systems Administrator is to ensure that by default files are provided with secure access permissions.
For example imagine what would happen if all the files and directories that were created were given the default access permissions 777. Anyone could read, write or execute those files.
For example:
- When files are created with the following umask values
umask 027
the user will have all permissions, group will not have write and others will have none
umask 022
the user will have all permissions, group and others will not have write.
- The umask Command.
umask [ ooo ]
With no parameter the current umask value is displayed.
ooo are octal digits (numbers ranging from 0-7). The specified
digits are subtracted from the default access permissions.
e.g. 027 will subtract write permission for the
group and all permissions for others
Figure 2.7. umask Command.
Most UNIX operating systems supply a command called which or one called whereis. The purpose of these commands is to search through all the directories in the user's current search path for a particular command.
For example, the command which ls on my machine aldur returns /usr/bin/ls. This means that the program for ls is in the directory /usr/bin. If which can't find the command it reports no command in path. This implies one of two things
- there is no such program, or
- your search path does not include the directory in which the program is located.
Try the command which umask. The reason you can't find the program for umask is that umask is recognised by the shell and the shell performs its operation. (The code for umask is part of the shell there is no program for it).
When people say that the UNIX operating system is difficult to use they are wrong. Most of them will never have used the UNIX operating system. What most people find difficult to use is the interface UNIX presents them, the shell.
A shell is a program that has been written to perform a number of tasks (outlined below) including taking commands from the user.
The shell you will more than likely use under Linux is called bash (Bourne Again Shell). The basic syntax used by bash is identical to the Bourne shell but it also provides additional abilities including command line editing using cursor keys.
Different people have their favourite shells. As a Systems Administrator you will have to know the Bourne shell syntax. This is because almost all of the shell programs that are used to maintain a UNIX operating system are written using the Bourne shell syntax.
All of the commands talked about in the previous readings are actually executable programs stored somewhere in the directory hierarchy. When you ask the shell to cd /home it runs the executable program cd to perform the task.
The shell itself is just an executable program. Table 2.4 lists some of the program names for the various shells. If you enter one of these program names, for example csh, it will execute the program csh and start a version of the C shell. (You exit the shell program by typing logout, exit or using the key combination CTRL-D.)
Shell Program Name Description
Bourne shell sh the original shell from AT&T,
available on all UNIX machines
C shell csh shell developed as part of BSD
Korn shell ksh AT&T improvement of the Bourne shell
Bourne again bash Shell distributed with Linux, version
shell of Bourne shell that includes command
line editing and other nice things
Table 2.4. Examples of UNIX Command Shells.
Exercise 2-6. Type the following command set. set displays all the shell variables that are currently set. You should see one called SHELL. This variable is defined to contain what shell you are using. What shell are you using?
Exercise 2-7. Execute one of the other shells on your system? Does it change the variable shell?
Among the shell variables displayed by entering the set command you should see PATH or path. This is the shell variable that holds your current search path, the list of directories UNIX looks in to find executable programs.
Shell Responsibilities
A UNIX shell is responsible for the following
- executing programs or commands as requested by the user,
- performing variable and file name substitution,
It is the shell that performs the translation of let* into the list of filenames that start with let.
- performing I/O redirection,
Making sure that input/output ends up in the correct place as specified by the user's use of the > >> << and other characters.
- environment control, and
The shell also controls and stores settings about the type of terminal being used amongst other information.
- providing an interpreted programming language.
Shells provide the ability to write programs using UNIX commands. The shell provides the looping and conditional commands necessary for a programming language.
As part of executing a command a shell performs the following tasks.
- takes a line of text from the user,
- parses the text and performs the necessary I/O redirection,
- replaces any shell variables in the text with the actual value,
- replaces any wild card characters with the appropriate file names, and then
executes the command.
Read the command line
The shell waits until the user hits the enter key. The shell places what the user types into the following format program_name arguments.
Perform I/O Redirection
Table 2.5 outlines the different type of redirection that the shell must recognise. As part of this step the shell must recognise which arguments are commands.
Character Meaning
command < file Take standard input from file.
command > file Put the output of command into file.
Overwrite file if it already exists.
command >> file Put the output of command into file. Append the
output onto the end of file if it already exists.
command << label Take standard input for command from the following
lines until a line that contains only label
`command` Execute command and replace `command` with the
standard output of the command.
command1 | command2 Use the standard output of command1 as the standard
input of command2
Table 2.5. Types of I/O Redirection.
For example:
ls | cat > hello.dat
Replace Shell Variables
To the shell a $ signifies that what follows is a shell variable. The shell must replace that shell variable with its actual value. (Section 3 covers the use of shell variables in more detail.)
For example:
- echo $SHELL
will display on my system /bin/bash
What happens is the shell sees the $ and replaces the shell variable name SHELL with its value.
Replace Wildcard Characters
It is also the shell that replaces the wildcard characters * ? etc with the list of filenames that match them.
Execute the Command
The last step in the process is to actually find the executable program, load it into the computer's memory and run it.
Order is Important
It is important to remember the order in which the shell carries out the above tasks.
- I/O redirection
- Shell variables, and then
- Wildcard characters
For example:
- pipe=\|
creates a shell variable called pipe. The \ character is explained in
the following section
echo cat $pipe more
remember I/O redirection is checked for first. What would happen if the shell variable
substitution was done first?
Doing it Twice
Under some circumstances you may wish the shell to evaluate a command line twice (some examples of when will be demonstrated later). To force the shell to evaluate a line twice you use the eval command.
For example:
- name="david"
variable=name
echo $variable
these three commands will produce the output
name
replace the last command with
eval echo \$$variable
will produce the output
david
It works because the shell first evaluates the line echo \$$variable. This produces the line echo $name (replace \$ with $ and $variable with name). The shell then evaluates that line to produce echo david and then it executes the command.
So far we've seen that the shell recognises characters such as $ > and | as having special meaning. There are many more, some of which are summarised in table 2.6
Character(s) Meaning
white space Any white space characters (tabs, spaces) are used
to separate arguments (multiple white space
characters are ignored)
newline character used to indicate the end of the command-line
' " \ special quote characters which change the way the
shell interprets special characters
& Used after a command, tells the shell to run the
command in the background e.g. ls &
< >> << ` | redirection characters change where I/O is sent
$ used to indicate a shell variable name
(more on these later)
; used to execute more than one command in
one command line
Table 2.6. Special Shell Characters.
For example:
- echo hello there my friend
displays
hello there my friend
the shell ignores multiple spaces
ls ; cd /etc ; ls
the ; is used to separate the three commands which are executed one after the other
Quotes
What happens when you want to use some of these special characters as a normal character? For example, what if you wanted to display on the screen the message 6 * 5 = 30. Theoretically you might try echo 6 * 5 = 30 but remember what the shell does to *?
Exercise 2-8. What's the output from this command?
- echo Multiply is signified by the * symbol
Exercise 2-9. What's the output from the following shell program?
- string=hello there how are you
echo $string
There are obvious problems in instances where you want to use one of these special characters. The shell does provide mechanisms by which these problems can be surmounted. This is done by using some other special characters called quotes.
Character Name Purpose
' single quote causes the shell to ignore all special
characters contained within a pair of
single quotes
" double quote causes the shell to ignore all special
characters EXCEPT $ ` \ contained within
a pair of double quotes
\ backslash causes the shell to ignore any special
character immediately following a backslash
Table 2.7. The Quote Characters.
Examples of Using Quote Characters
hello_string='hello there'
echo $hello_string echo '$hello_string'
echo "$hello_string" echo \$hello_string
echo "\$hello_string"
echo * echo I\'m David.
echo '*' echo \*
echo one two three four
echo 'one two three four'
echo "one two three four"
echo hello there \
my name is david
Here the \ is used to ignore the special meaning of the newline character at the end of the first line
echo > temp.dat echo \> temp.dat
Exercise 2-10. Create files with the following names
- a) stars*
b) hello my friend
c) "goodbye"
d) Now delete them from the file system.
Exercise 2-11. What is the output of the following commands? Explain the output.
- b) echo "** hello **"
b) echo this is a star *
b) echo ain\\\\'t you my friend
b) echo "the output of the ls command is `ls`"
b) echo 'the output of the pwd command is `pwd`'
Getting Help
The UNIX operating system comes with its own on-line help system referred to as the man pages. It is not the best designed help system and some of the documentation can be a little difficult to understand. The main reason for this is that the man pages have been written more as reference material than as learning material.
UNIX People have a Sense of Humour?
Some people say that UNIX warps the mind of its users. The following
is a list of comments taken from actual UNIX man pages.
"Acts oddly on nights with full moon."
"This manual page is confusing."
"This manual page is still confusing."
(next release of same command)
"It can be used if a disk or the processor is on fire."
Figure 2.8. UNIX People have a sense of humour.
Getting access to the manual pages is relatively simple, you use the man command. For example man ls will get you the manual page on ls. Finding something useful from the man pages or finding a man page if you don't know the command can get frustrating.
If you are not sure of the exact word to give the man command you can use one of man -k or apropos (same command different name). This command searches for occurrences of a given keyword in the manual pages and displays the proper word for use with man.
The manual pages are divided into sections with each section dealing with a specific area. Table 2.8 provides a summary of the major sections. These can differ slightly from machine to machine. In particular, manufacturers will add sections specific to commands they add to the operating system.
Section Number Purpose
1 User Commands
2 System Calls
3 Library routines
4 Device drivers
5 File formats
6 Games
7 Miscellaneous: ASCII, macro packages etc.
8 Commands for system administration
Table 2.8. Section Numbers for Manual Pages (BSD).
For example:
- Under a Linux box the following command can be used to display all the contents of a specific manual section.
ls /usr/man/preform/catn | -F \. '{ print $1 }'
Where the n is replaced with the number of the section.
Manual pages are stored in a special format called troff or nroff. It is difficult to read a manual page on the screen and use that information at the same time. It is often preferable to print the manual page or produce a file with the manual page in it. The formatting language used by manual pages can make the result difficult to read.
The following sequence of commands should produce a file containing a man page that can be read. (It is up to you to use the man command to figure out what is going on here)
man manpage | ul -tlp > filename
- manpage represents the manual page you require
filename represents the file in which to place the output
Figure 2.9. Printing a man page.
The man Command
Is used to display on-line help pages of commands and files. Example usage includes
1. man [ section ] title
2. man -k keyword
3. man -f filename
1. Displays an entire manual page (page at a time) with the title title. section refers to the section of the manual the manual page will come from. Refer to Table 2.8 for more information on manual sections.
2. Display a one-line summary of a manual page which discusses the keyword. Exactly the same as the apropos command.
3. Display a one-line summary of a manual page which refers to the file with name filename.
By now you have commenced the long and interesting journey of becoming an expert UNIX user. The more you use UNIX the better you will become at it. You have been introduced to
- the UNIX commands to manipulate files and directories,
- the concepts of filename substitution and I/O redirection,
- the concept of a shell and its responsibilities,
- commands to list users and processes on a UNIX machine,
- commands to display the status of a machine,
2.1. Write commands to carry out the following tasks:
- a) change into the directory /usr/local
b) produce a file called listing that contains the names of all the files in the
/etc directory
c) count the number of words in the file /etc/passwd
2.2. What is a link?
2.3. What are the major responsibilities of a UNIX shell?
2.4. What do the following commands do?
- a) echo 'the *'s are out tonight\'
b) ls | cat | wc -l > count
c) ls `cat file.list`
2.5. Explain what filenames the following file specifications will match
- a) ?*
b) [!a-z]??[a-z]
c) *\*?
d) '*?*?'abc*
Previous | Next
David Jones (author)
Chris Hanson (html 22/08/96)