Linux File Permissions and ACL Guide
Uploaded by
Rimpal JohalLinux File Permissions and ACL Guide
Uploaded by
Rimpal JohalCommon questions
Powered by AIThe primary differences between MBR (Master Boot Record) and GPT (GUID Partition Table) partitioning schemes lie in their partition limits and capabilities. MBR, which is older, supports up to four primary partitions, or three primary partitions and one extended partition, with a hard disk size limit of 2 TB. On the other hand, GPT is more modern and supports theoretically unlimited partitions—practically up to 128—and supports disks larger than 2 TB. Additionally, GPT ensures better integrity by storing multiple copies of the partitioning data across the disk and uses CRC for error-checking, offering improved reliability over MBR .
Creating and initializing a RAID 5 array in Linux involves several critical steps. First, partitions need to be set up on at least three disks using tools like fdisk. These partitions are marked with the RAID partition type code, such as 'fd' . Next, the 'mdadm' tool is used to create the RAID array by specifying the level as 5 and including the required partitions. After creation, a filesystem is made using tools like mkfs.xfs, and the new RAID device is mounted on a directory to make it accessible. It's crucial to update the fstab file for persistence across reboots . Finally, details are saved using 'mdadm --detail --scan' for reconstruction purposes .
Special permission bits in Unix/Linux systems provide additional security and functionality. The Set User ID (SUID) allows executables to run with the file owner's privileges, not the user's. For example, applying SUID to /usr/sbin/fdisk allows a normal user to execute it with root privileges . SGID (Set Group ID) allows executables to run with the file's group privileges or ensures that new files created in a directory inherit the group of that directory, useful for collaborative directories . The sticky bit, when set on a directory, allows only the file owner, directory owner, or root to delete or modify a file, which is crucial for shared directories like /tmp to prevent users from deleting files they do not own .
LVM enhances flexibility in Linux storage management by allowing administrators to allocate storage more dynamically than traditional partitioning methods. It uses logical volumes instead of physical partitions, enabling resizing of file systems without unmounting them. This is particularly useful in production environments where downtime can be costly . LVM allows for extending volume group sizes by adding new physical volumes and logical volumes can be resized to meet changing needs, facilitating better disk space management .
Configuring a user profile and home directory without using the useradd command involves several manual steps. First, a home directory is manually created using 'mkdir' and permissions are appropriately set to ensure security . The '/etc/passwd' and '/etc/group' files must be manually edited to add user and group entries, specifying attributes like user ID, group ID, home directory path, and shell. Ownership of the home directory is then set to the new user using 'chown'. Additionally, copying the contents of '/etc/skel' to the new home directory initializes default configuration files . Finally, a password is set for the user using the 'passwd' command, ensuring all required user conditions are met .
Setting a temporary umask is done by directly changing the umask in the terminal session using the 'umask' command, which remains effective only for the duration of the session . In contrast, setting a permanent umask involves editing shell initialization files like '.bashrc', adding the 'umask' command with the desired value, and applying it across all sessions that source this file upon login, ensuring consistency across user sessions .
RAID 5 offers a balance of good performance and data redundancy by distributing data and parity across three or more disks. It requires a minimum of three disks and uses XOR operations to calculate parity, allowing for data recovery in case of a single disk failure. While it provides fault tolerance, the data writing speed is slower compared to RAID 0 due to the overhead of calculating parity information, but it still offers a decent performance improvement over stand-alone disks . Usable capacity is reduced to approximately 66%, as one disk's worth of space is used for parity .
Umask is a system setting in Linux that defines the default file permission settings when new files and directories are created. It represents the permissions that should be denied to files and directories. The default permission for directories is 777 and for files is 666. For example, a umask of 022 will result in directory permissions of 755 (777-022) and file permissions of 644 (666-022). This means directories will be readable and executable by everyone, but writable only by the owner, while files will be readable by everyone, but writable only by the owner .
When a sticky bit is set on a directory, it modifies the directory's regular permissions to prevent users from deleting or renaming files owned by others within that directory, while still allowing file creation and modification for their own files. Without the sticky bit, any user with write permissions on the directory could potentially delete or rename any file inside it, regardless of ownership. This added restriction is crucial for directories like /tmp, ensuring a user cannot remove another's files .
When allowing limited rights through sudo, one must carefully specify which commands a user can execute to maintain system security. This is configured in the sudoers file, where specific paths to commands are provided, limiting the scope of execution and preventing misuse. For instance, a user can be allowed to execute only user management commands like useradd and usermod, but not userdel, ensuring they cannot remove accounts . Such configurations help maintain control over potentially sensitive operations while providing necessary functionality to the user .
