Special Permissions in Linux (Attributes)

Special Permissions in Linux

As we have already learned from previous parts of this article, every file or directory have three types of permission (read, write, and execute) for three types of user (owner, group and other). If attributes are not set, access will be granted based on this permission set, but if attributes are set, this permission set will be ignored while processing access request. In this article, we will learn the types of attribute and the way they are set on file/directory in detail with example.

Append (a) attribute is used to control the file operation. If this attribute is set, file can only be appended. Regardless how much permission a user have, he cannot perform other file operations (such as move, edit or delete) except append operation.

To understand it practically, let’s create a directory /Projects and a test file test-file under this directory.

[root@localhost~]# mkdir /project

[root@localhost~]# chmod 777 /project

[root@localhost~]# vim file1 /project

[root@localhost~]# ls -la /project/file1

[root@localhost~]# lsattr /project/file1

Note: No attributes are set bydefault

[root@localhost~]# chattr +a /project/file1

[root@localhost~]# lsattr /project/file1 

Note: Now it will show attribute (a) in this file.

============================

Denied file operation (delete, edit, rename, move, hard link)

Delete operation:

[root@localhost~]# rm -f /project/file1

rm: cannot remove '/project/file1' : operation not permitted

Edit operation:

[root@localhost~]# vim /project/file1

Type some words ...

:wq  (to save)

"/project/file1" can't open file for writing

:q!    (to quit without save)

Rename or move operation:

[root@localhost~]# mv /project/file1 /project/file2

operation not permitted

Hard link operation:

[root@localhost~]# ln /project/file1 /project/file1hardlink

operation not permitted

Allowed file operation (read, append, copy, soft link)

[root@localhost~]# cat /project/file1

[root@localhost~]# cat >> /project/file1

[root@localhost~]# cp /project/file1 /project/file2

[root@localhost~]# ln -s /project/file1 /project/file1softlink

[root@localhost~]# cat /project/file1softlink

File Compression and Decompression with Zip and Gzip

File Compression and Decompression with Zip and Gzip

Compressed files use less disk space and download faster than large, uncompressed files. You can compress Linux files with the open-source compression tool Gzip or with Zip, which is recognized by most operating systems.

By convention, compressed files are given the extension .gz. The command Gzip creates a compressed file ending with .gz; Gunzip extracts the compressed files and removes the .gz file.

To compress a file, type the following command:

[root@host~]# vim file1

[root@host~]# ls -la

[root@host~]# gzip file1

[root@host~]# ls -la

Note: The command Gzip creates a compressed file ending with .gz

To decompress a file,  type the following command:

[root@host~]# gunzip file1.gz

[root@host~]# ls -la

Note: The command Gunzip remove .gz   extension  and  replace file1.gz to file1

=================================================================

If you exchange files with non-Linux users, you may want to use zip to avoid compatibility problems. Red Hat Linux can easily open zip or gzip files, but non-Linux operating systems may have problems with gzip files.

To compress a file with zip, type the following: 

[root@host~]# zip -r file1.zip file1

[root@host~]# ls -la

Note: In this example file1.zip represents the file you are creating and file1 represents the file you want to put in this file.

To extract the contents of a zip file, type the following command

[root@host~]# unzip file1.zip 

[root@host~]# ls -la

=======================================================

tar file

The utility tar (for Tape ARchive) is a good way to package up multiple files into a sinfle package. tar is available for all platforms and is installed by default on most Linux/Unix systems and Mac.

Suppose you have file1, file2, and file3

[root@host~]# vim file1

[root@host~]# vim file2
[root@host~]# vim file3

Now we create a tar file named myproject.tar including file1, file2, and file3

[root@host~]# tar -cvf myproject.tar file1 file2 file3

To list the contents of a tar file, type:

[root@host~]# tar -tvf myproject.tar

To extract the contents of a tar file, type: 

[root@host~]# tar -xvf myproject.tar

Now I shall want to use gzip to compress the tar file for fastest upload:

[root@host~]# gzip myproject.tar

[root@host~]# ls -la

Note: This command will create a file named myproject.tar.gz

Other option is:

[root@host~]# tar -cvzf myproject.tar

Compressed tar files are conventionally given the extension .tgz and are compressed with gzip. 

To expand a compressed tar file type:

 [root@host~]# tar -xvzf myproject.tgz

Alternately most versions of tar allow you to create a gzipped tar file in one action. Using the above example to create a gzipped tar file called myproject.tar.gz

[root@host~]# tar -cvzf myproject.tar.gz file1 file2 file3
[root@host~]# ls -la

Advanced File Permissions in Linux (Sticky Bit)

Advanced File Permissions in Linux

There are 3 special attributes other than the common read/write/execute.

1. Sticky bit

2. Set User ID (SUID)

3. Set Group ID (SGID)

Example:

drwxrwxrwt - Sticky Bits - chmod  1777

drwsrwxrwx - SUID set -   chmod  4777

drwxrwsrwx - SGID set -   chmod  2777

Here we will discuss about Sticky bit

Sticky bit

Sticky bits are mainly set on directories. If the sticky bit is set for a directory, only the owner of that directory or the owner of a file can delete or rename a file within that directory.

PRACTICAL STEPS TO UNDERSTAND STICKY BIT

Create a directory

[root@localhost]# mkdir /test

Check permissions of this directory

[root@localhost]#ls -la /

Now change permissions of this directory

[root@localhost]# chmod 777 /test

(This gives permissions for all the users to read, write and execute)

Check again permissions of this directory

[root@localhost]#ls -la /

Set Sticky Bit of this directory

[root@localhost]# chmod +t /test

Now only owner of directory or owner of file can rename or delete files in this directory

Check again permissions of this directory


[root@localhost]#ls -la /

Open a new terminal

login u1 user

[u1@localhost]$ 

create a file named file1 in /test 

[u1@localhost]$ vim file1 /test

Note: only owner of directory (root) or u1 can rename or delete file1

Open a new terminal

login u2 user

[u2@localhost]$ 

create a file named file2 in /test 

[u2@localhost]$ vim file2 /test

Note: only owner of directory (root) or u2 can rename or delete file2. u2 can not rename or delete file1 of u1.

Advanced File Permissions in Linux (SGID)

Advanced File Permissions in Linux

There are 3 special attributes other than the common read/write/execute.

1. Sticky bit

2. Set User ID (SUID)

3. Set Group ID (SGID)

Example:

drwxrwxrwt - Sticky Bits - chmod  1777

drwsrwxrwx - SUID set -   chmod  4777

drwxrwsrwx - SGID set -   chmod  2777

Here we will discuss about SGID

SGID (Set Group ID)

If a file is SGID, it will run with the privileges of the files group owner, instead of the privileges of the person running the program.

You can also set SGID for both files or directories.

[root@localhost]# mkdir /home/projects

[root@localhost]# chmod 777 /home/projects

[root@localhost]# logout

login u1 user

[u1@localhost]$ mkdir /home/projects/myproject

[u1@localhost]$ chmod 2777 /home/projects/myproject

Note: Any files created by any users under myproject directory will under group owner that is u1

now lets me check

[u1@localhost]$ logout

login u2 user

[u2@localhost]$ vim file1 /home/projects/myproject

[u2@localhost]$ ls -la /home/projects/myproject

-rw-rw-r-- u2 u1 0 jan 24 8:20 file1

In the above example you can see that the owner of the file1 is u2 and the group owner of file1 is u1, so both u1 and u2 can edit, rename or delete file1. other users can not edit file1 but they can delete this file. to prevent this set sticky bit on myproject directory

[u2@localhost]$ logout

login u1 user (owner of myproject)

[u1@localhost]$ chmod +t /home/projects/myproject

Now only owner of directory or owner of file can delete or rename files.

Now let’s make this more interesting and complicated.
Create a directory "test". Chmod it to 2777. Add sticky bit to it.

Example:
mkdir test
chmod 2777 test
chmod +t test

ls -al test
drwxrwsrwt 2 a1 a1 4096 Jun 13 2008 test

From the above permission set you can understand that SGID and sticky bit is set for the folder "test".
Now any user can create files under the test directory.

Example:
drwxrwsrwt 2 a1 a1 4096 Jun 13 2008 .
-rw-rw-r-- 1 b2 a1 0 Jun 11 17:30 1.txt
-rw-rw-r-- 1 c3 a1 0 Jun 11 17:30 2.txt
-rw-rw-r-- 1 d4 a1 0 Jun 11 17:30 3.txt

So all the a1 user has access to all the files under the test directory. He can edit, rename or remove the file.
b2 user has access to 1.txt only, c3 has access to 2.txt only...

If sticky bit was not set for the test directory, any user can delete any files from the test directory, since the test directory has 777 permissions.
But now it not possible.

Example:
If d4 tries to remove 1.txt
rm -f 1.txt
rm: cannot remove `1.txt': Operation not permitted

HUB (Networking Device)

ABOUT HUB

1. HUB is a physical layer device that connects multiple networking device in a LAN.

2. It broadcasts signals because it can`t learn any address for uni-casting.

3. It provides a single broadcast domain and single collision domain.

4. It creates physical star and logical BUS topology.

4. It operates in half duplex mode.

5. It has no processor, RAM, iOS therefore cheaper than network switch.

6. Ports may 8, 16, 24, and 48 for connecting end devices and some hubs have uplink port for connecting one to another.

Types of hub based on technology

There are two types of hub

1. Active Hub

2. Passive Hub

Active hub: Active hub regenerates weak input signals before sending it to all other ports. This type of hub need power to operate.

Passive hub: Passive hub does not regenerate weak input signals before passing it to all other ports and needs no power to operate.

Intelligent hub: It is also known as manageable hub. Hub ports can be configured, monitored, enable or disable. 

Hub Configurations

1. Standalone hubs

2. Stackable hubs

3. Modular hubs

Standalone hubs:  It is a single hub for small network. hub can be linked (cascaded) to other standalone hubs by connecting individual ports using twisted pair cable.

Stackable hubs:  These types of hubs can be operate like standalone hubs except that they can be stacked or connected together using uplink ports. After stacking they can be managed as a single unit. If a manageable hub is connected within a stack, all other hubs in stack can be managed. 

Modular hub: It is a network hub that is configured by adding different modules, each supporting a topology, such as Ethernet, Token Ring, FDDI, etc.

Disadvantages of network hub

It always broadcasts signals that occurs collision in the network and reduce the network bandwidth efficiency.  It is recommended for small network and nowadays it replace by the network switch.

EIGRP PART-3 (EIGRP Tables)

EIGRP Tables

EIGRP uses table to maintain its database. It builds 3 tables, they are:

1. Neighbor Table

2. Topology Table

3. Routing Table

1. Neighbor Table

As its name suggests this table consists of information of neighbor routers. Router collects this information from same AS by sending hello packets.

To show neighbor table

Router# show ip eigrp neighbor

H (handle) : It indicates that which neighbor adjacency is formed. The first router will have "0" the following one will have "1" and so on.

Address: IP address of the neighbor.

Interface: Interface that connects router to its neighbor.

Hold Time: It is a time that a router holds its neighbor if a hello is not received. 

Up time: It specifies the time since the neighbor is up.

SRTT: Smooth Round Trip Time, It shows the time taken for the packet to reach the neighbor and get an acknowledgement back.

RTO: Re-transmission Time Out, It show the time taken by a router to wait before re transmit a packet to the neighbor.

Q Cnt: Queue Count, It shows the number of packets that are waiting to be transmitted. Any number greater than 0, signifies some congestion in the network.

Seq Number:  It is the sequence number of the last packet received from neighbor.

2. Topology Table

Topology table stores every EIGRP route inside the autonomous system learned from neighbor routing tables. The topology table also holds the metrics for each of the listed EIGRP routes, the feasible successor and the successor.

To show neighbor table

Router# show ip eigrp topology

3. Routing Table

 This is the table that has the best possible route to a destination. 

To show routing table

Router# show ip route eigrp

 

 

EIGRP PART-2 (EIGRP Neighbors Relationship)

EIGRP NEIGHBORS RELATIONSHIP 

Router running EIGRP must become neighbors before exchanging routing information. To establish a neighbor relationship, routers multicast hello packets "keepalives" using RTP (Reliable Transport Protocol) and reserve IP address 224.0.0.10 in the network to ensure that the neighbor relationship is active or not. These hello packets are sent every 5 seconds in LAN and in every 60 seconds in WAN.

The following fields in a hello packet must be the identical in order for neighbor relationship:

1. Authentication (if used) 
2. ASN (Autonomous System Number)

2. Subnet Number

3. K value 

Bandwidth      (K1)
Load               (K2)
Delay              (K3)
Relaibility       (K4)
MTU                (K5)

The EIGRP hello timer can be adjusted on per interface basis:

Router(config)# interface s1/0

Router(config-if)# ip hello-interval eigrp 1 6          (For,   AS no=1, hello timer=6 seconds)

Hold-down Timer

By default, routers considers the neighbor to be down after a hold-down timer has expired. Hold-down timer is, by default tree times the hello interval. For LAN 3*5=15 seconds and for WAN 3*60=180 seconds.

The Hold-down timer can also be adjusted on a per interface basis:

Router(config)# interface s1/0

Router(config-if)# ip hold-interval eigrp 1 18           (For,   AS no=1, Hold-down=6 seconds)