More on Files and Directories

More on Files and Directories

When you create a file, you must give it a name. File names in unix can be up to 256 characters long and can consist of the letters A - Z (upper and lower case), the numbers 0-9, the underscore (_), the period(.), or a comma(,). Be careful when using the period in a file name, as often this means something to unix. Periods or dots are also used to give extensions to file names.

As we begin introducing commands in unix, you should note that most commands can have options added to them; options are usually single characters that are preceded by a dash (-). Throughout this handout, as we introduce commands, we will also introduce some of the more popular options for use with that command.

Listing Files Using the "ls" Command

The "ls" command lists the contents of your current directory. The "ls" command, used by itself with no options, simply lists files horizontally across your screen. The command does not list all files in your working directory (such as hidden or "dot" files).

You may not have many files in your home directory, but do an "ls" and you should have something similar to the following:

	unity% ls [return]
       	News/ bin/ test1 file2_test

Four files are listed on the screen. In this example, two of the files are followed by a "/"; the "/" indicates that it is a directory not a file. Your account may or may not show directories with a "/".

The "ls" command by itself doesn't give us much information. We can add options to this command to receive more information on the files and sub-directories contained in this directory. Remember, options normally follow the command and begin with a "-".

Adding a "-l" to the command produces a long listing of files:

	
	unity% ls -l [return] 
	total 4
	drwxr-xr-x 2 unix# 2048 Dec 7 12:04 News/
	drwxr-xr-x 2 unix# 2048 Dec 7 12:04 bin/
	-rw-r--r-- 1 unix# 11844 16 Feb 11 10:30 file2_test
	-rw-r--r-- 1 unix# 11844 17 Feb 11 10:30 test1

The "ls -l" command shows the same files, but they are listed length-wise and we have more information displayed about the files. This information provides us with access permissions, links, owner, size, date of last modification, and file name.

The access permissions (first set of information) consist of 10 characters (drwxr-xr-x). The first character, if it is a "d", indicates that the "file" is a directory. The next nine characters indicate the permission or rights associated with those files or directories.

These rights are broken down into three categories: the first category lists the rights you as a user have to your own directory/file, the second one shows the rights that have been granted to a group and the last category gives the rights that have been granted to the "world" (all other users).

In the example above (drwxr-xr-x):

"d" indicates that the "file" is a directory
"rwx" indicates that you, the user, have read, write, and executable privileges
"r-x" indicates that a group has read and executable privileges, but cannot modify it
"r-x" indicates that all users have read and executable privileges

Note: In a stand-alone unix environment, you modify these permissions to grant or deny access to files and directories. Since we use the AFS system, we must use AFS commands to change permissions associated with files and directories. AFS permissions are discussed later.

Adding one more option, -a to the l option produces the following output (ls -la):

	unity% ls -la  [return]

	total 28
	drwxrwxrwx 5 unix#  2048  Dec 7 12:04  ./
	drwxr-xr-x 2 daemon 2048  Dec 7 12:05  ../
	-rwxr-xr-x 1 unix#  7123  Nov 2 13:19  .Xdefaults*
	-rw-r--r-- 1 unix#  336   Nov 2 13:19  .cshrc
	drwxr-xr-x 2 unix2  2048  Jan 22 09:09 .elm/
	-rw-r--r-- 1 unix2  329   Nov 2 13:19  .login
	-rw-r--r-- 1 unix2  1237  Nov 2 13:19  .mycshrc
	-rw-r--r-- 1 unix2  0     Nov 2 13:19  .mylogin
	-rwxr-xr-x 1 unix2  378   Nov 2 13:19  .xsession*
	-rw-r--r-- 1 unix2  4271  Nov 2 13:19  .zwgc.desc
	drwxr-xr-x 2 unix2  2048  Dec 7 12:04  News/
	drwxr-xr-x 2 unix2  2048  Dec 7 12:04  bin/
	-rw-r--r-- 1 unix#  11844 Feb 11 10:30 file2_test
	-rw-r--r-- 1 unix#  11844 Feb 11 10:30 test1

The ls -la command gives you a length-wise listing of all files. Notice the addition of some "." (dot) files (including the "." and ".."). Dot files are files that you need, though they remain fairly constant and don't need to be listed all the time. Examples are:

 
	.mylogin  - personal settings  
	.login    - reads information from .mylogin; contains global settings
        .xsession - contains setup information for users on an X workstation

When you are listing files, you can use the wildcard character (*) in combination with other letters to list specific files. The "*" takes the place of letters. For example, if you want to list only files that begin with a "c", you enter "ls -la c*". Unity would locate all files and directories beginning with the letter "c" and any other characters that follow.

	unity% ls -la c* [return]
	-rw-r--r-- 1 unix#  11844 Jul 11 10:30 call_for_papers
	-rw-r--r-- 1 unix#  11844 Jul 11 10:30 CAUSE96_conference

File and Directory Permissions

Under AFS, you can set permissions for both your directories and files. In general, when you create files or subdirectories, they inherit the access rights associated with their parent directory. This means that if you move a file to a new directory, the file inherits the rights of the new directory.

In AFS, there are two types of access rights; directory and file. The directory rights are lookup, insert, delete, and administer. File rights are read, write and lock. Each of the access rights for either directories or files has a single character abbreviation which can be used when changing or modifying rights. Users must have lookup rights before they can access either files or directories.

Directory Rights

The following list defines some terms that will assist you in understanding these rights and how they function:

	l LOOKUP	
	allows the possessor to issue an "ls" command, examine the 
	directory, or access directories and subdirectories
	
	i INSERT
	allows the possessor to add new files to the directory 
	(creating new ones or copying existing files into it); can also 
	create new subdirectories
	
	d DELETE	
	allows the possessor to remove files and/or subdirectories 
	or move them to another directory or subdirectory
	
	a ADMINISTER	
	allows the possessor to change access rights for the 
	directory. Users always have this right in their home directory.  You
	should never consider giving administer rights to anyone for your home
	directory.

File Rights

The commands below allow you to give others access to work with files in directories you own:

	r READ	
	allows the possessor to look at the contents of the file

	w WRITE	
	allows the possessor to modify the contents of the file

	k LOCK	
	allows the possessor to run programs that need to "flock" files 
	in the directory

To see what the permissions are for your home directory, enter the command fs la .; fs stands for file system, the la stands for list acl; the acl stands for access control list which is the phrase for user rights. The dot tells the system that you want to list the permissions for your current directory.

	unity% fs la . [return]
	Access list for . is
	Normal rights:
	 system:administrators rlidwka
	 noell rlidwka
	unity%

The system:administrators rlidwka tells us that the system administrators of Unity have all rights to the directory and the last line lets us know that we, the user, (userid "noell") has all rights to this directory, which makes sense since it is our home directory. No one else has been granted rights to our home directory.

When dealing with rights and permissions, AFS works at the directory level, not the file level. This means that you don't change permissions for individual files, you change them for directories. This concept can be confusing to new users, since we specifically mention rights associated with files. However, you assign file rights at the directory level, meaning that all files within that directory will have the same access level; you cannot set different access levels for individual files.

An example for giving someone else access to your directory and/or files might be that you have some files that user joe is interested in; however, you only want him to have read and look access; you do not want him to have the ability to modify or delete the files in that directory. Under AFS, we use the setacl (to set access control) command to grant rights.

The format is

        fs sa directory userid rights_granted

where fs stands for file server, sa stands for set access, directory (indicated by a "." if we are in that directory) indicates the directory in which they will have these rights (normally indicated by a "." for the current directory), userid is the id of the user we are giving rights to, and rights granted is a listing of rights we are giving.

	unity% fs sa . joe rl [return]
	unity%

If you did an fs la . you would see that user joe now has read/look access in your home directory:

	unity% fs la . [return]
	Access list for . is
	Normal rights:
	system:administrators rlidwka
	noell rlidwka
	joe rl
	unity%

To remove rights, use the same format as above, but instead of listing rights to grant, use the word "none" to indicate no rights granted.

	unity% fs sa . joe none [return]
	unity%

A word of caution is necessary here. While you may grant rights for others to modify, create, and delete files, you should never give another user administer rights in any of your directories. They could then take away your rights to that directory. There is really no reason that they would need the administer right for directories you own.

Go on to next section, Directory structures

Return to Table of Contents