EXPERIMENT 3

AIM:
File system hierarchy in a common Linux distribution, file and
device permissions, study of system configuration files in /etc,
familiarizing log files for system events, user activity, network
events.

Linux Filesystem Hierarchy Standard (FHS)

Filesystem hierarchy standard describes directory structure and its
content in Unix and Unix like operating system. It explains where files
and directories should be located and what it should contain.

Its current version is 3.0 released on June 3rd 2015 and is maintained
by Free Standards Group. In Unix like operating system everything is
considered as a file.

Only Linux distributions follow the FHS and that too partially.
Because every distro have their own policy due to which you may
notice some differences in the directory tree structure of different
distros.

If you want to find out information about your system's FHS, enter
the command man hier. It will display directory structure of your
system.

The Root Directory

All the directories in the Linux system comes under the root directory
which is represented by a forward slash (/). Everything in your system
can be found under this root directory even if they are stored in
different virtual or physical devices.
Look at the above snapshot, we have shown you the root directory of
our system i.e; Ubuntu with the help of the command "ls /". Here, we
have written (/) to represent root directory.

Linux Directories
We have categorize the directories according to the type of file as given below:

Directory type Types of files stored

Binary directories Contains binary or compiled source code files, eg, /bin, /sbin, e

Configuration directories Contains configuration files of the system, eg, /etc, /boot.

Data directories Stores data files, eg, /home, /root, etc.

Memory directories Stores device files which doesn't take up actual hard disk spa
/sys.

Usr (Unix System Contains sharable, read only data, eg, /usr/bin, /usr/lib, etc.
Resources)

var (variable directory) Contains larger size data, eg, /var/log, /var/cache, etc.

Non-standard directories Directories which do not come under standard FHS, eg, lost+fo

Linux Binary Directory

Binary files are the files which contain compiled source code (or
machine code). They are also called executable files because they can
be executed on the computer.

Binary directory contains following directories:

o /bin
o /sbin
o /lib
 o /opt

/bin

The '/bin' directory contains user binaries, executable files, Linux

commands that are used in single user mode, and common
commands that are used by all the users, like cat, cp, cd, ls, etc.

The '/bin' directory doesn't contain directories.

/sbin

The '/sbin' directory also contains executable files, but unlike '/bin' it
only contains system binaries which require root privilege to perform
certain tasks and are helpful for system maintenance purpose. e.g.
fsck, root, init, ifconfig, etc.

Example:

1. ls /sbin
/lib

The '/lib' directory contains shared libraries which are often used by
the '/bin' and '/sbin' directories. It also contains kernel module. These
filenames are identable as ld* or lib*.so.*. For example, ld-linux.so.2
and libfuse.so.2.8.6

Example:

1. ls /lib
/opt
The term 'opt' is short for optional. Its main purpose is to store
optional application software packages. Add-on applications from
individual vendors should be installed in '/opt'. And so in some
systems '/opt' is empty as they may not have any add-on application.

Linux Configuration Directory

The configuration directory contains configured files which
configures the parameters and initial settings for some computer
programs.

Configuration directory have following sub-diectories:

o /boot
o /etc

/boot

The '/boot' directory contains boot loader files which are essential to
boot the system. In other words, they only contain files which are
needed for a basic Linux system to get up and going.

You may find '/boot/grub' directory which contains

'/boot/grub/grub.cfg' (older system may have
/boot/grub/grub.conf) which defines boot menu that is displayed
before the kernel starts.

Example:

1. ls /boot

Look at the above snapshot, command "ls /boot" displays the list of
'/boot' directory.

/etc

All the machine related configurtion files are kept in '/etc'. Almost
everything related to the configuration of your system is placed here.
It also contain startup and shutdown shell script which is used to start
and stop a program. All the files are static and text based and no
binary files can be placed in this directory.

The meaning of 'etc' is very controversial. Earlier it was referred to

as 'Etcetera' because it could contain all the files that did not belong
from anywhere else. But recently its most likely meaning is 'Editable
Text Configuration' or 'Extended Tool chest'.
Configuration files will have an extension of .conf.

Some common directories of /etc are:

o /etc/init.d/: The term 'init' is short for initialization. This directory
contains script to control the system or to start and stop the
daemons (background process). The 'init' is a daemon process
that continues running until the system is shut down.
o /etc/X11/: The X Window system configuration files are stored
in this directory. The configuration file of graphical display
(xorg.conf) is also stored here.
o /etc/skel/: The term 'skel' is short for skeleton. Everything in the
system has a skeleton which is called hidden file and is stored in
this directory. It is not an important part in the system and can
be deleted but still it serves a specific purpose. Its purpose is to
serve the basic set of files, a basic framework which can be used
in the creation of a new user.

Linux Data directory

Data directory is used to store data of the system.

Data directory contains following directories.

o /home
o /root
o /srv
o /media
o /mnt
o /tmp

/home

The '/home' directory stores users personnel files. After the '/home'
there is a directory which is generally named at the user's name like
we have '/home/sssit'. Inside this directory we have our sub-
directories like Desktop, Downloads, Documents, pictures, etc.
Example:

OOPs Concepts in Java

1. ls /home
2. ls /home/sssit

/root

The '/root' directory is the home directory of the root user.

Please note that '/root' directory is different from (/) root.

/srv

The term 'srv' is short for service. The '/srv' directory contains server
specific data for services provided by the system like www, cvs,
rysync, ftp, etc.

/media

The '/media' directory acts as a mount point for removable media

devices such as CD-Rom, floppy, USB devices, etc.

This is newly introduced directory and hence a system can run

without this directory also.

/mnt

The term 'mnt' stands for mount. The '/mnt' directory should be
empty and sysadmins can only mount temporary filesystems.

/tmp

The term 'tmp' stands for temporary. Data stored in '/tmp' is

temporary and may use either disk space or RAM. When system is
rebooted, files under this directory is automatically deleted. So it is
advisable that never use '/tmp' to store important data.

Linux Memory Directory

Memory directory contains files of the whole system. All the device
information, process running indata or system related information
are stored in this directory.

Memory directory contains the following directories.

o /dev
o /proc
o /sys

/dev

The term 'dev' is short for device. As you know in Linux operating
system everything is a file. It appears to be an ordinary file but
doesn't take up disk space. Files which are used to represent and
access devices are stored here including terminal devices like usb. All
the files stored in '/dev' are not related to real devices, some are
related to virtual devices also.

o /dev/tty and /dev/pts: The '/dev/tty' file represents the

command line interface that is a terminl or console attached to
the system. Typing commands in a terminal is a part of the
graphical interface like Gnome or KDE, then terminal will be
represented as '/dev/pts/1' (here 1 is replacable by any another
number).
o /dev/null: The '/dev/null' file is considered as black hole, it has
unlimited storage but nothing can be retrieved from it. You can
discard your unwanted output from the terminal but can't
retrieve it back.

/proc

The term 'proc' is short for process. Same as '/dev', '/proc' also
doesn't take up disk space. It contains process information. It is a
pseudo filesystem that contains information about running
processes. It also works as virtual filesystem containing text
information about system resources.

6.4M
 155
How to find Nth Highest Salary in SQL
o /proc conversation with the kernel: The '/proc' displays view of
the kernel, what the kernel manages and it is a means to directly
communicate with the kernel.

Example:

1. ls /proc

Look at the above snapshot, command "ls /proc" displays content of

'/proc'. Many files are named as numbers and some named files are
also there.

The '/proc' has some file properties like date, which keeps on
updating as shown in the below snapshot.

Also most of the files in '/proc' are of 0 bytes yet they contain a lot
of data. Most of the files are readable only, some require root
privileges and some are writable.

o /proc/interrupts: The '/proc/interrupts' displays the interrupt.

Example:

1. cat /proc/interrupts
/sys

The term 'sys' is short for system. Basically it contains kernel

information about hardware. It was created for Linux 2.6 kernel. It is
a kind of '/proc' and is used for plug and play configuration.
File Permissions in Linux

Linux is a clone of UNIX, the multi-user operating system which can be

accessed by many users simultaneously. Linux can also be used in
mainframes and servers without any modifications. But this raises
security concerns as an unsolicited or malign user can corrupt, change or
remove crucial data. For effective security, Linux divides authorization
into 2 levels.

1. Ownership
2. Permission

Ownership of Linux files

Every file and directory on your Unix/Linux system is assigned 3 types of
owner, given below.
User

A user is the owner of the file. By default, the person who created a file
becomes its owner. Hence, a user is also sometimes called an owner

Group

A user- group can contain multiple users. All users belonging to a group
will have the same Linux group permissions access to the file. Suppose
you have a project where a number of people require access to a file.
Instead of manually assigning permissions to each user, you could add all
users to a group, and assign group permission to file such that only this
group members and no one else can read or modify the files.

Other

Any other user who has access to a file. This person has neither created
the file, nor he belongs to a usergroup who could own the file.
Practically, it means everybody else. Hence, when you set the permission
for others, it is also referred as set permissions for the world.

Now, the big question arises how does Linux distinguish between these
three user types so that a user 'A' cannot affect a file which contains
some other user 'B's' vital information/data. It is like you do not want
your colleague, who works on your Linux computer, to view your images.
This is where Permissions set in, and they define user behavior.

Let us understand the Permission system on Linux.

Permissions

Every file and directory in your UNIX/Linux system has following 3

permissions defined for all the 3 owners discussed above.

• Read: This permission give you the authority to open and read a
file. Read permission on a directory gives you the ability to lists its
content.
• Write: The write permission gives you the authority to modify the
contents of a file. The write permission on a directory gives you the
authority to add, remove and rename files stored in the directory.
Consider a scenario where you have to write permission on file but
do not have write permission on the directory where the file is
stored. You will be able to modify the file contents. But you will not
be able to rename, move or remove the file from the directory.
• Execute: In Windows, an executable program usually has an
extension ".exe" and which you can easily run. In Unix/Linux, you
cannot run a program unless the execute permission is set. If the
execute permission is not set, you might still be able to see/modify
the program code(provided read & write permissions are set), but
not run it.

Here, we have highlighted '-rw-rw-r--'and this weird looking code is the one
that tells us about the Unix permissions given to the owner, user group and
the world.

Here, the first '-' implies that we have selected a file.p>

Else, if it were a directory, d would have been shown.

The characters are pretty easy to remember.

r = read permission
w = write permission
x = execute permission
- = no permission

Let us look at it this way.

The first part of the code is 'rw-'. This suggests that the owner 'Home' can:

• Read the file

• Write or edit the file
• He cannot execute the file since the execute bit is set to '-'.

By design, many Linux distributions like Fedora, CentOS, Ubuntu, etc. will
add users to a group of the same group name as the user name. Thus, a user
'tom' is added to a group named 'tom'.

The second part is 'rw-'. It for the user group 'Home' and group-members
can:

• Read the file

• Write or edit the file

The third part is for the world which means any user. It says 'r--'. This
means the user can only:

• Read the file

Changing file/directory permissions with 'chmod'
command
Say you do not want your colleague to see your personal images. This can
be achieved by changing file permissions.

We can use the 'chmod' command which stands for 'change mode'. Using
the command, we can set permissions (read, write, execute) on a
file/directory for the owner, group and the world. Syntax:

chmod permissions filename

There are 2 ways to use the command -

1. Absolute mode
2. Symbolic mode

Absolute(Numeric) Mode
In this mode, file permissions are not represented as characters but a three-
digit octal number.

'764' absolute code says the following:

• Owner can read, write and execute

 • Usergroup can read and write
• World can only read

This is shown as '-rwxrw-r--

This is how you can change user permissions in Linux on file by assigning an
absolute number.

Symbolic Mode
In the Absolute mode, you change permissions for all 3 owners. In the
symbolic mode, you can modify permissions of a specific owner. It makes
use of mathematical symbols to modify the Unix file permissions.

Changing Ownership and Group

For changing the ownership of a file/directory, you can use the following
command:

chown user filename

In case you want to change the user as well as group for a file or directory use
the command

chown user:group filename

Changing Ownership and Group
For changing the ownership of a file/directory, you can use the following
command:

chown user filename

In case you want to change the user as well as group for a file or directory
use the command

chown user:group filename

In case you want to change group-owner only, use the command

chgrp group_name filename

'chgrp' stands for change group.

The term 'opt' is short for optional. Its main purpose is to store optional
application software packages. Add-on applications from individual
vendors should be installed in '/opt'. And so in some systems '/opt'
is empty as they may not have any add-on application.

SYSTEM CONFIGURATION FILES

The kernel itself may be considered a “program.” Why does the
kernel need configuration files? The kernel needs to know the list
of users and groups in the system, and manage file permissions
(that is, determine if a file can be opened by a specific user,
according to the permissions, UNIX_USERS). Note that these files
are not specifically read by programs, but by a function provided
by a system library, and used by the kernel. For instance, a
program needing the (encrypted) password of a user should not
open the /etc/passwd file. Instead, it should call the system library
function getpw(). This kind of function is also known as a system
call. It is up to the kernel (through the system library) to open the
/etc/passwd file and after that, search for the password of the
requested user.

Most of the configuration files in the Red Hat Linux system are in
the /etc directory unless otherwise specified. The configuration
files can be broadly classified into the following categories:

Access files
Tells the network domain server how to look up hostnames.
(Normally /etc/hosts, then name server; it can be changed
/etc/host.conf through netconf.)
Contains a list of known hosts (in the local network). Can be
used if the IP of the system is not dynamically generated. For
simple hostname resolution (to dotted notation),
/etc/hosts.conf normally tells the resolver to look here
/etc/hosts before asking the network nameserver, DNS or NIS.
/etc/hosts.allowMan page same as hosts_access. Read by tcpd at least.
/etc/hosts.deny Man page same as hosts_access. Read by tcpd at least.

Log Files
Log files are the records that Linux stores for administrators to keep track
and monitor important events about the server, kernel, services, and
applications running on it. In this post, we’ll go over the top Linux log files
server administrators should monitor.
What are Linux log files

Log files are a set of records that Linux maintains for the
administrators to keep track of important events. They
contain messages about the server, including the kernel,
services and applications running on it.

Linux provides a centralized repository of log files that can be

located under the /var/log directory.

The log files generated in a Linux environment can typically be

classified into four different categories:

• Application Logs
• Event Logs
• Service Logs
• System Logs

/var/log/messages

• This log file contains generic system activity logs.

• It is mainly used to store informational and non-critical system
messages.
• In Debian-based systems, /var/log/syslog directory serves the
same purpose.
How can I use these logs?:

• Here you can track non-kernel boot errors, application-related

service errors and the messages that are logged during system
startup.
• This is the first log file that the Linux administrators should
check if something goes wrong.
• For example, you are facing some issues with the sound card. To
check if something went wrong during the system startup
 process, you can have a look at the messages stored in this log
file.

/var/log/auth.log

• All authentication related events in Debian and Ubuntu server

are logged here.
• If you’re looking for anything involving the user authorization
mechanism, you can find it in this log file.
How can I use these logs?:

Suspect that there might have been a security breach in your server?
Notice a suspicious javascript file where it shouldn’t be? If so, then
find this log file asap!

• Investigate failed login attempts

• Investigate brute-force attacks and other vulnerabilities related
to user authorization mechanism.

/var/log/secure
RedHat and CentOS based systems use this log file instead of
/var/log/auth.log.

• It is mainly used to track the usage of authorization systems.

• It stores all security related messages including authentication
failures.
• It also tracks sudo logins, SSH logins and other errors logged by
system security services daemon.
How can I use these logs?:

• All user authentication events are logged here.

• This log file can provide detailed insight about unauthorized or
failed login attempts
• Can be very useful to detect possible hacking attempts.
 • It also stores information about successful logins and tracks the
activities of valid users.

/var/log/boot.log
• The system initialization script, /etc/init.d/bootmisc.sh, sends
all bootup messages to this log file
• This is the repository of booting related information and
messages logged during system startup process.
How can I use these logs?:

• You should analyze this log file to investigate issues related to

improper shutdown, unplanned reboots or booting failures.
• Can also be useful to determine the duration of system
downtime caused by an unexpected shutdown.

/var/log/dmesg

dmesg
• This log file contains Kernel ring buffer messages.
• Information related to hardware devices and their drivers are
logged here.
• As the kernel detects physical hardware devices associated with
the server during the booting process, it captures the device
status, hardware errors and other generic messages.
How can I use these logs?:

• This log file is useful for dedicated server customers mostly.

• If a certain hardware is functioning improperly or not getting
detected, then you can rely on this log file to troubleshoot the
issue.
• Or, you can purchase a managed server from us and we’ll
monitor it for you.
/var/log/kern.log
This is a very important log file as it contains information logged by
the kernel.

How can I use these logs?:

• Perfect for troubleshooting kernel related errors and warnings.

• Kernel logs can be helpful to troubleshoot a custom-built kernel.
• Can also come handy in debugging hardware and connectivity
issues.

/var/log/faillog

This file contains information on failed login attempts.

How can I use these logs?:

It can be a useful log file to find out any attempted security breaches
involving username/password hacking and brute-force attacks.

/var/log/

cron
This log file records information on cron jobs.

How can I use these logs

• Whenever a cron job runs, this log file records all relevant
information including successful execution and error messages
in case of failures.
• If you’re having problems with your scheduled cron, you need to
check out this log file.
/var/log/yum.log
It contains the information that is logged when a new package is
installed using the yum command.

How can I use these logs?:

• Track the installation of system components and software

packages.
• Check the messages logged here to see whether a package was
correctly installed or not.
• Helps you troubleshoot issues related to software installations.

Suppose your server is behaving unusually and you suspect a recently

installed software package to be the root cause for this issue. In such
cases, you can check this log file to find out the packages that were
installed recently and identify the malfunctioning program.

/var/log/

maillog or /var/log/mail.log
All mail server related logs are stored here.

How can I use these logs?

• Find information about postfix, smtpd,

MailScanner, SpamAssassain or any other email related
services running on the mail server.
• Track all the emails that were sent or received during a
particular period
• Investigate failed mail delivery issues.
• Get information about possible spamming attempts blocked by
the mail server.
• Trace the origin of an incoming email by scrutinizing this log
file.
var/log/httpd/
• This directory contains the logs recorded by the Apache server.
• Apache server logging information are stored in two different log
files – error_log and access_log.
How can I use these logs?:

• The error_log contains messages related to httpd errors such as

memory issues and other system related errors.
• This is the place where Apache server writes events and error
records encountered while processing httpd requests.
• If something goes wrong with the Apache webserver, check this
log for diagnostic information.
• Besides the error-log file, Apache also maintains a separate list
of access_log.
• All access requests received over HTTP are stored in the
access_log file.
• Helps you keep track of every page served and every file loaded
by Apache.
• Logs the IP address and user ID of all clients that make
connection requests to the server.
• Stores information about the status of the access requests, –
whether a response was sent successfully or the request resulted
in a failure.

/var/log/mysqld.log or /var/log/mysql.log

• As the name suggests, this is the MySQL log file.

• All debug, failure and success messages related to the [mysqld]
and [mysqld_safe] daemon are logged to this file.
• RedHat, CentOS and Fedora stores MySQL logs
under /var/log/mysqld.log, while Debian and Ubuntu maintains
the log in /var/log/mysql.log directory.
How can I use this log?

• Use this log to identify problems while starting, running, or

stopping mysqld.
• Get information about client connections to the MySQL data
directory
• You can also setup ‘long_query_time’ parameter to log
information about query locks and slow running queries.