Understanding File Structures and User Accounts on Computers

a tour of files on a computer generic stuff which applies to all files files containing data files containing executables files which represent stuff

Some notable files of interest: / /etc etc/ /passwd passwd ls -l /etc/passwd -rw-r--r-- 1 root root 6173 Feb 10 20:15 /etc/passwd ;always readable by world 1 line == 1 user account on the system it is a colon separated list: amy: :x: :1008: :1008: :,,, : :/home/amy: :/bin/bash mdonaldson: :x: :1009: :1009: :,,, : :/home/mdonaldson: :/bin/bash itec345: :x: :1010: :1010: :,,, : :/home/itec345: :/bin/bash (+ many schemes for sharing; it s too painful to add a user to every computer on campus one at a time)

PASSWD(5) File Formats and Conversions PASSWD(5) NAME NAME passwd - the password file DESCRIPTION DESCRIPTION /etc/passwd contains one line for each user account, with seven fields delimited by colons ( : ). These fields are: login name optional encrypted password numerical user ID numerical group ID (primary group is shown) user name or comment field user home directory optional user command interpreter The encrypted password field may be blank, in which case no password is required to authenticate as the specified login name. However, some applications which read the /etc/passwd file may decide not to permit any access at all if the password field is blank. If the password field is a lower-case x , then the encrypted password is actually stored in the shadow shadow(5) file instead;

user shell what program to run when they log in (usually a shell, or nothing, but not always) root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin

add user line to /etc/passwd make id uniq, make group == id editor, copy/change line make shell /bin/sh, ksh, bash, csh, xsh, add password line to /etc/shadow cp root line, change name editor, copy/change line steps to create a new user add group to /etc/group editor, add line create home directory for new user mkdir /home/newUserName make the new user the owner of their home directory chown newUserName /home/newUserName change the group of the new home directory to be the group of the new user chgrp newUserName /home/newUserName

/ /etc etc/shadow /shadow SHADOW(5) File Formats and Conversions SHADOW(5) NAME NAME shadow - shadowed password file DESCRIPTION DESCRIPTION shadow is a file which contains the password information for the system's accounts and optional aging information. This file must not be readable by regular users if password security is to be maintained. Each line of this file contains 9 fields, separated by colons ( : ), in the following order: login It must be a valid account name, which exist on the system. login name name encrypted encrypted password Refer to crypt password crypt(3) for details on how this string is interpreted. If the password field contains some string that is not a valid result of crypt . . . crypt . . .

/ /etc etc/shadow /shadow ls -l /etc/shadow -rw------- 1 root shadow 26810 Feb 16 14:24 /etc/shadow ;never readable by world again, 1 line per user another colon separated list, contains encrypted/hashed passwords (in some older *nix you will find this in the passwd file, and shadow won t exist) pollinate:*:18190:0:99999:7::: rick:$6$V/cX.Wnl$Nktq7W/2u7BeI53TiMW.mLLN3UN5c8tFL.7KZ1OujdUjHFds9uBQTeRuBXWcgS.uuLTwCccflCr7Vcyv2Quij.:19026:0:99999:7::: itec345:$6$hbo/dPQS$7.Jf3wHHK/ZqdEcngPHVAX0lCZFPoGwg2vaBOlk67/veGuZZOCERrK1Mfj4hZ6EP3/kSrfgJwOV89TnFdqDon0:18285:0:99999:7::: itec00:$6$9RCx5h36$KK21/i5Gmd6FOUaXe8pDJWkfWkmxrV4xYMjFb0gWMqmcViYlOjlFRqdBmbJpR1mhUvCygKZmTa98yZzwxBBrD0:19017:0:99999:7::: itec03:$6$i.6WLgV8$FjoebksfLb1Zi0hfflikqks4HLRPyp8G9O3EgpYqs.I37QHytlpDynVYA9kyBID0X/G5wu952fRELkmelbv5w1:19017:0:99999:7::: itec04:$6$y7pDAdm8$.zjRH.WVPjl4TqVMb.sMaU1UTsuR.tjmWmNJxesjv8I/UIzWWrgZeKe4RZJRg5kP4TFFThxZbDzUGkPcTKgf10:19017:0:99999:7::: itec05:$6$SP3LM650$45mmSY6XFtuAsRWLbQ1lzY/a40.PEXbua/krSl2ux6M4UU7eWaZK7jbx/nlc9AjHSNlnOwQquFxGOmdzrs2PX/:19017:0:99999:7::: itec06:$6$eqvIFO69$XNKkNmAZFcixjzZGldVle8paoYC1iiW6ttUTcLHc44IszJ.HB4rKgNm5FKM/X5J6MLCZfIcoL7h91iem80i2j.:19017:0:99999:7::: itec07:$6$GDhfLMUW$1KYDyZODs42W/b56rHGHYKF.LcAd4lcLzBS0y.pPkc23ImODMSEUadacvhT78pDlUOfhga6PanzjafB5n7kAV1:19017:0:99999:7::: itec08:$6$RYW.d7d6$2pvY5O0dUgTD8a0eRGexjjSYmtjv9gC7lbyi2sPCVlAFVx23sjWG0XMV/bQn7voDOlAK1hYxAYl1PtL93/QNc1:19017:0:99999:7::: itec09:$6$BTsXFJHp$1BhJi2hT7Du55b/mb3cHy2mwEe8BvFt6DTdE9q/Fe63SnXdtUJdAQWiF4aYcSYpHp4GJo0B6Jua03orer.sx50:19026:0:99999:7::: itec10:$6$YwfdWpNk$LHiV3CBGRPENQn9sT3qMIbQtCgHF9Rb7awHc0HY6otmDBKUy9JP1l/nbU3HiZ7CCrQbmpRFdGQ4VFdxMjUNLL1:19017:0:99999:7::: itec11:$6$UXaiqaJz$zuMqaPLHWCqqiFC9qDoLHNkiHeym75b.zPyq1bL6BoRl6FA4TJkRS1NxSuRBFaHvhc1QfdYyQX3fadBCyFWWJ1:18506:0:99999:7::: itec12:$6$0BI4P.J7$9FjrOG/j5a9r21ipi2ZRNUFkJkZZNv1Kxp0yyru0fCWypslpzVqf6/7CXQTMqCKV7MmA/kGtWPWjp8Y2BAxiT0:18506:0:99999:7::: itec13:$6$0rwVAA9o$iFA6aNSj/CqQdXUEOcyik8E/2LH4ZSW83OeCnVIQ0qE4iS/t55AYZ2HRSfUoFWhcXIgfqwOYc5.4VKqeHH/SS0:18506:0:99999:7:::

crontab file run programs on schedule in the future everybody has their own it is a space separated list (with comma separated lists inside):

# crontab -l # Edit this file to introduce tasks to be run by cron. # # Each task to run has to be defined through a single line ... # # For example, you can run a backup of all your user accounts # at 5 a.m every week with: # 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/ # # For more information see the manual pages of crontab(5) and cron(8) # # m h dom mon dow command #* * * * * /root/update #* * * * * /root/update2 #* * * * * /usr/sbin/chpasswd < /root/plist #5,10,15,20,25,30,35,40,45,50,55,0 * * * * wget -O - http://178.128.44.132/salts when you want it to run what you want to run

CRON(8) System Manager's Manual CRON(8) NAME NAME cron - daemon to execute scheduled commands (Vixie Cron) SYNOPSIS SYNOPSIS cron [- -f f] [- -l l] [- -L L loglevel] DESCRIPTION DESCRIPTION cron is started automatically from /etc/init.d on entering multi-user runlevels. OPTIONS OPTIONS - -f f Stay in foreground mode, don't daemonize. - -l l Enable LSB compliant names for /etc/cron.d files. This setting, however, does not affect the parsing of files under /etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly or /etc/cron.monthly. - -n n Include the FQDN in the subject when sending mails. By default, cron will abbreviate the hostname. - -L L loglevel Tell cron what to log about jobs loglevel jobs (errors are logged regardless of this value) as the sum of the following values: 1 1 will log the start of all cron jobs 2 2 will log the end of all cron jobs 4 4 will log all failed jobs (exit status != 0) 8 8 will log the process number of all cron jobs The default is to log the start of all jobs (1). Logging will be disabled if levels is set to zero (0). A value of fifteen (15) will select all options.

more notable files of interest: (which you will be expected to know about) /tmp /home /var/log /var/www/html /dev /mnt /proc /bin /sbin /etc/rc* //world-writable, always available //home directories for users //log files for many long-lived programs //often the head of the website //files which represent devices //mount points for mount/umount //a subtree of files for each process //executables man (1) //administration-oriented executables //start/end procs during boot/shutdown

Some important system files /etc/hosts /etc/services /etc/netconfig /etc/networks /etc/fstab /etc/hosts.allow /etc/hosts.deny (iptables, firewalls, application level, nat s + other stories) /etc/hostname /etc/machine-id - static hostname lookup - port number services mapping - other networking info - names for networks - file system information - network traffic allowed from these - network traffic denied from these - the name of this computer - unique identifier for this computer

Some important system files They: are mostly text files (some can be binary) have 1 entry per line space/tab separated fields need root privileges to change are changed/managed via a text editor If a running program uses one, and you change it, you probably have to notify the program

awk the text file, 1 per line, space separated files are so commonly used, we have a programming language just for them and, you don t need to know how to program to write programs in it

AWK (gawk, nawk) A standard issue text/file processing language available on most all *nix systems An AWK program is a collection of patterns and actions pattern1 { action; } pattern2 { action; }

Processing text files is very common for all lines in the file(s) { read the next line split into tokens do what the program says }

/ /etc etc/ /passwd passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin this is your program one of more of these awk reads a file line by line if this is true { do this action} for each line it looks at your program (pattern) (action) if you leave out the pattern it does the action for every line in the file

$1, $2, $3, are the tokens on each line You have a data file, and a file containing your program: 68> cat data firstname lastname age alive John adams 189 no Alice jones 23 yes William smith 50 yes George Washington 220 no Here is awk in action: 68> awk -f myFirstProgram data age age 189 189 23 23 50 50 220 220 68> cat myFirstProgram {print $3} (there is no if-this-is-true (a pattern ) in your, program so your action happens on each line)

You have a data file, and a file containing your program: 68> cat data firstname lastname age alive John adams 189 no Alice jones 23 yes William smith 50 yes George Washington 220 no Here is awk in action: 68> awk -f mySecondProgram data 23 yes 68> cat mySecondProgram $1=="Alice" {print $3; print $4}

Sometimes the tokens are separated by something other than spaces: 68> head -5 /etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync Here is awk in action: 68> awk -f p3 /etc/passwd /root /usr/sbin /bin /dev /bin /usr/games /var/cache/man /var/spool/lpd . . . 68> cat p3 BEGIN {FS=":"} {print $6} FS stands for field separator , here we change it to a colon character, instead of the default whitespace BEGIN is a special pattern, true before we get started

looping through all tokens on a line: 68> head -5 /etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync awk output: awk f p3 /etc/passwd root:x:0:0:root:/root:/bin/bash 1 root:x:0:0:root:/root:/bin/bash 5 68> cat p3 BEGIN {FS=":"} {for(i=1; i<=NF; i++) {if($i=="root") print $0,i}} why are there two lines of output from awk for this program?

awk check the code/awk directory on the class website for awk examples. Run each of these (same for ex2sh vs awk f ex2): ./ex1sh < /etc/passwd or awk f ./ex1 /etc/passwd What is the difference?

sed the stream editor (an fyi) https://www.geeksforgeeks.org/sed-command-in-linux-unix-with-examples/

sed the stream editor (an fyi) make a copy of the password file, name the copy pcopy run each of the following. What is different for each? sed 's/usr\/sbin\/nologin/bin\/bash/ sed 's/usr\/sbin\/nologin/bin\/bash/ < ./pcopy sed 's/usr\/sbin\/nologin/bin\/bash/ ./pcopy sed 's/usr\/sbin\/nologin/bin\/bash/' < ./pcopy > pc2 sed 's/usr\/sbin\/nologin/bin\/bash/' ./pcopy > pc2

more tidbits for upcoming work interacting with the shell $ programToRun commandLineArgument1 commandLineArgument2 e.g. $ ls -l -a -tr run the program found in the file named ls, pass in the strings -l show me the long listing -a show me hidden files -tr sort them by time, in reverse order

$ programToRun commandLineArgument1 commandLineArgument2 See the code in showLetters.c on the class website at code/awk/showLetters.c then run each of: $ ./showLetters $ ./showLetters rick $ ./showLetters -a t rick $ ./showLetters z rick $ ./showLetters n rick

redirecting output $ ls $ date Thu Feb 16 18:23:17 UTC 2023 $ date > dout $ ls dout $ cat dout Thu Feb 16 18:24:08 UTC 2023 $ //no files here //run the date program //output from the date program //run the date program again, this //time send output to the file dout //show me files again //now we have one //show me the contents one: > - overwrite two: >> - append to the end

redirecting input If a program reads standard input to get data: $ xyz enter your name: you can put the data into a file (multiple lines for multiple prompts), then redirect input and the program will take the data from the file: $ xyz < dataFile

the pipe - | multiple programs can be launched with a single line the standard output of one is connected to the standard input of the next note how this differs from standard input/output redirection

what /etc/group looks like: to edit your to edit your crontab crontab file: file: $ $ crontab crontab - -e e netdev:x:119: lxd:x:120: btime:x:1000: rick:x:1001: to edit text files in general: to edit text files in general: $ vi(m) $ vi(m) filename filename $ $ nano nano filename filename $ $ emacs emacs fileName fileName

generic stuff which applies to all files files containing data files containing executables files which represent stuff before we move on system files, file systems