mirror of https://github.com/tLDP/LDP
Added tee command in chap5, corrected typos,
acted upon remarks sent in by readers, added newgrp explanations, explained user private group scheme, added a remark on umask.
This commit is contained in:
tille
parent
38cf634024
commit
88eb903e72
|
|
@ -35,7 +35,7 @@
|
|||
</affiliation>
|
||||
</author>
|
||||
</authorgroup>
|
||||
<edition>Version 1.13 20040521</edition>
|
||||
<edition>Version 1.14 20040619</edition>
|
||||
<pubdate>First published December 2002</pubdate>
|
||||
<copyright>
|
||||
<year>2002</year>
|
||||
|
|
@ -102,9 +102,15 @@
|
|||
<title>Revision History</title>
|
||||
<para>
|
||||
<revhistory>
|
||||
<revision>
|
||||
<revnumber>1.14</revnumber>
|
||||
<date>2004-06-19</date>
|
||||
<authorinitials>MG</authorinitials>
|
||||
<revremark>Added tee command in chap5, corrected typos, acted upon remarks sent in by readers, added newgrp explanations, explained user private group scheme, added a remark on umask.</revremark>
|
||||
</revision>
|
||||
<revision>
|
||||
<revnumber>1.13</revnumber>
|
||||
<date>2004-05-21</date>
|
||||
<date>2004-04-27</date>
|
||||
<authorinitials>MG</authorinitials>
|
||||
<revremark>Last read-through before sending everything to Fultus for printout. Added Fultus referrence in New Versions section, updated Conventions and Organization sections. Minor changes in chapters 4, 5, 6 and 8, added rdesktop info in chapter 10, updated glossary, replaced references to fileutils with coreutils, thankyou to Hindi translators.</revremark>
|
||||
</revision>
|
||||
|
|
|
|||
|
|
@ -1333,7 +1333,40 @@ Hello, World
|
|||
</table>
|
||||
<para>If you enter a number with less than three digits as an argument to <command>chmod</command>, omitted characters are replaced with zeros starting from the left. There is actually a fourth digit on Linux systems, that precedes the first three and sets special access modes. Everything about these and many more are located in the Info pages.</para>
|
||||
</sect3>
|
||||
<sect3 id="sect_03_04_02_02"><title>The file mask</title>
|
||||
<sect3 id="sect_03_04_02_02"><title>Logging on to another group</title>
|
||||
<para>When you type <command>id</command> on the command line, you get a list of all the groups that you can possibly belong to, preceded by your user name and ID and the group name and ID that you are currently connected with. However, on many Linux systems you can only be actively logged in to one group at the time. By default, this active or <emphasis>primary group</emphasis> is the one that you get assigned from the <filename>/etc/passwd</filename> file. The fourth field of this file holds users' primary group ID, which is looked up in the <filename>/etc/group</filename> file. An example:</para>
|
||||
<screen>
|
||||
<prompt>asim:~></prompt> <command>id</command>
|
||||
uid=501(asim) gid=501(asim) groups=100(users),501(asim),3400(web)
|
||||
|
||||
<prompt>asim:~></prompt> <command>grep <parameter>asim</parameter> <filename>/etc/passwd</filename></command>
|
||||
asim:x:501:501:Asim El Baraka:/home/asim:/bin/bash
|
||||
|
||||
<prompt>asim:~></prompt> <command>grep <parameter>501</parameter> <filename>/etc/group</filename></command>
|
||||
asim:x:501:
|
||||
</screen>
|
||||
<para>The fourth field in the line from <filename>/etc/passwd</filename> contains the value <quote>501</quote>, which represents the group <emphasis>asim</emphasis> in the above example. From <filename>/etc/group</filename> we can get the name matching this group ID. When initially connecting to the system, this is the group that <emphasis>asim</emphasis> will belong to.</para>
|
||||
<note><title>User private group scheme</title>
|
||||
<para>In order to allow more flexibility, most Linux systems follow the so-called <emphasis>user private group scheme</emphasis>, that assigns each user primarily to his or her own group. This group is a group that only contains this particular user, hence the name <quote>private group</quote>. Usually this group has the same name as the user login name, which can be a bit confusing.</para>
|
||||
</note>
|
||||
<para>Apart from his own private group, user <emphasis>asim</emphasis> can also be in the groups <emphasis>users</emphasis> and <emphasis>web</emphasis>. Because these are secondary groups to this user, he will need to use the <command>newgrp</command> to log into any of these groups. In the example, <emphasis>asim</emphasis> needs to create files that are owned by the group <emphasis>web</emphasis>.</para>
|
||||
<screen>
|
||||
<prompt>asim:/var/www/html></prompt> <command>newgrp <parameter>web</parameter></command>
|
||||
|
||||
<prompt>asim:/var/www/html></prompt> <command>id</command>
|
||||
uid=501(asim) gid=3400(web) groups=100(users),501(asim),3400(web)
|
||||
</screen>
|
||||
<para>When <emphasis>asim</emphasis> creates new files now, they will be in group ownership of the group <emphasis>web</emphasis> instead of being owned by the group <emphasis>asim</emphasis>:</para>
|
||||
<screen>
|
||||
<prompt>asim:/var/www/html></prompt> <command>touch <filename>test</filename></command>
|
||||
|
||||
<prompt>asim:/var/www/html></prompt> <command>ls <option>-l</option> <filename>test</filename></command>
|
||||
-rw-rw-r-- 1 asim web 0 Jun 10 15:38 test
|
||||
</screen>
|
||||
<para>Loggin in to a new group prevents you from having to use <command>chown</command> (see <xref linkend="sect_03_04_02_04" />) or calling your system administrator to change ownerships for you.</para>
|
||||
<para>See the manpage for <command>newgrp</command> for more information.</para>
|
||||
</sect3>
|
||||
<sect3 id="sect_03_04_02_03"><title>The file mask</title>
|
||||
<para>When a new file is saved somewhere, it is first subjected to the standard security procedure. Files without permissions don't exist on Linux. The standard file permission is determined by the <emphasis>mask</emphasis> for new file creation. The value of this mask can be displayed using the <command>umask</command> command:</para>
|
||||
<screen>
|
||||
<prompt>bert:~></prompt> <command>umask</command>
|
||||
|
|
@ -1353,7 +1386,7 @@ drwxrwxr-x 2 bert bert 4096 Feb 28 13:45 newdir/
|
|||
<prompt>bert:~></prompt> <command>ls -l newfile</command>
|
||||
-rw-rw-r-- 1 bert bert 0 Feb 28 13:52 newfile
|
||||
</screen>
|
||||
|
||||
<para>If you log in to another group using the <command>newgrp</command> command, the mask remains unchanged. Thus, if it is set to <emphasis>002</emphasis>, files and directories that you create while being in the new group will also be accessible to the other members of that group; you don't have to use <command>chmod</command>.</para>
|
||||
<para>The <emphasis>root</emphasis> user usually has stricter default file creation permissions:</para>
|
||||
<screen>
|
||||
[root@estoban root]# umask
|
||||
|
|
@ -1362,8 +1395,8 @@ drwxrwxr-x 2 bert bert 4096 Feb 28 13:45 newdir/
|
|||
<para>These defaults are set system-wide in the shell resource configuration files, for instance <filename>/etc/bashrc</filename> or <filename>/etc/profile</filename>. You can change them in your own shell configuration file, see <xref linkend="chap_07" /> on customizing your shell environment.</para>
|
||||
|
||||
</sect3>
|
||||
<sect3 id="sect_03_04_02_03"><title>Changing user and group ownership</title>
|
||||
<para>When a file is owned by the wrong user or group, the error can be repaired with the <command>chown</command> (change owner) and <command>chgrp</command> (change group) commands. Changing file ownership is a frequent task in environments where files need to be shared in a group. Both commands are very flexible, as you can find out by using the <option>--help</option> option.</para>
|
||||
<sect3 id="sect_03_04_02_04"><title>Changing user and group ownership</title>
|
||||
<para>When a file is owned by the wrong user or group, the error can be repaired with the <command>chown</command> (change owner) and <command>chgrp</command> (change group) commands. Changing file ownership is a frequent system administrative task in environments where files need to be shared in a group. Both commands are very flexible, as you can find out by using the <option>--help</option> option.</para>
|
||||
<para>The <command>chown</command> command can be applied to change both user and group ownership of a file, while <command>chgrp</command> only changes group ownership. Of course the system will check if the user issuing one of these commands has sufficient permissions on the file(s) she wants to change.</para>
|
||||
<para>In order to only change the user ownership of a file, use this syntax:</para>
|
||||
<cmdsynopsis><command>chown <parameter>newuser</parameter> <filename>file</filename></command></cmdsynopsis>
|
||||
|
|
@ -1396,10 +1429,12 @@ uid=1304(jacky) gid=(1304) groups=1304(jacky),2034(pproject)
|
|||
</screen>
|
||||
<para>This way, users in the group <emphasis>project</emphasis> will be able to work on this file. Users not in this group have no business with it at all.</para>
|
||||
<para>Both <command>chown</command> and <command>chgrp</command> can be used to change ownership recursively, using the <option>-R</option> option. In that case, all underlying files and subdirectories of a given directory will belong to the given user and/or group.</para>
|
||||
|
||||
<note><title>Restrictions</title>
|
||||
<para>On most systems, the use of the <command>chown</command> and <command>chgrp</command> commands is restricted for non-privileged users. If you are not the administrator of the system, you can not change user nor group ownerships for security reasons. If the usage of these commands would not be restricted, malicious users could assign ownership of files to other users and/or groups and change behavior of those users' environments and even cause damage to other users' files.</para>
|
||||
</note>
|
||||
</sect3>
|
||||
|
||||
<sect3 id="sect_03_04_02_04"><title>Special modes</title>
|
||||
<sect3 id="sect_03_04_02_05"><title>Special modes</title>
|
||||
<para>For the system admin to not be bothered solving permission problems all the time, special access rights can be given to entire directories, or to separate programs. There are three special modes:</para>
|
||||
<itemizedlist>
|
||||
<listitem><para>Sticky bit mode: After execution of a job, the command is kept in the system memory. Originally this was a feature used a lot to save memory, but these days memory is inexpensive, so it is not used anymore for its optimizing capabilities on single files. When applied to an entire directory, however, the sticky bit has a different meaning. In that case, a user can only change files in this directory when she is the user owner of the file or when the file has appropriate permissions. This feature is used on directories like <filename>/var/tmp</filename>, that have to be accessible for everyone, but where it is not appropriate for users to change or delete each other's data. The sticky bit is indicated by a <emphasis>t</emphasis> at the end of the file permission field:</para>
|
||||
|
|
|
|||
|
|
@ -164,6 +164,30 @@ Thu Feb 28 20:23:07 CET 2002
|
|||
</sect4>
|
||||
</sect3>
|
||||
|
||||
<sect3><title>Writing to output and files simultaneously</title>
|
||||
<para>You can use the <command>tee</command> to copy input to standard output and one or more output files in one move. Using the <option>-a</option> to the <command>tee</command> results in appending input to the file(s). This command is useful if you want to both see and save output. The <command>></command> and <command>>></command> operators do not allow to perform both actions simultaneously.</para>
|
||||
<para>This tool is usally called on through a pipe (<command>|</command>), as demonstrated in the example below:</para>
|
||||
<screen>
|
||||
<prompt>mireille ~/test></prompt> <command>date | tee <filename>file1 file2</filename></command>
|
||||
Thu Jun 10 11:10:34 CEST 2004
|
||||
|
||||
<prompt>mireille ~/test></prompt> <command>cat <filename>file1</filename></command>
|
||||
Thu Jun 10 11:10:34 CEST 2004
|
||||
|
||||
<prompt>mireille ~/test></prompt> <command>cat <filename>file2</filename></command>
|
||||
Thu Jun 10 11:10:34 CEST 2004
|
||||
|
||||
<prompt>mireille ~/test></prompt> <command>uptime | tee <option>-a</option> <filename>file2</filename></command>
|
||||
11:10:51 up 21 days, 21:21, 57 users, load average: 0.04, 0.16, 0.26
|
||||
|
||||
<prompt>mireille ~/test></prompt> <command>cat <filename>file2</filename></command>
|
||||
Thu Jun 10 11:10:34 CEST 2004
|
||||
11:10:51 up 21 days, 21:21, 57 users, load average: 0.04, 0.16, 0.26
|
||||
</screen>
|
||||
|
||||
|
||||
</sect3>
|
||||
|
||||
</sect2>
|
||||
<sect2 id="sect_05_01_03">
|
||||
<title>Filters</title>
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@ Printer: lp@blob
|
|||
<sect1 id="sect_08_02"><title>The server side</title>
|
||||
<sect2 id="sect_08_02_01"><title>General</title>
|
||||
<para>Until a couple of years ago, the choice for Linux users was simple: everyone ran the same old LPD, lifted mostly verbatim out of BSD's Net-2 code.</para>
|
||||
<para>Today there are a number of systems to choose from. Some distributions come with LPRng, the original BSD UNIX Line Printer Daemon (LPD) revisited. LPD is also the name given to the network printing protocol. This network protocol is spoken not only by the LPD daemon itself, but by essentially every networked print-server, networked printer, and every other print spooler out there; LPD is the least common denominator of standards-based network printing.
|
||||
<para>Today there are a number of systems to choose from. Some distributions come with LPRng, the original BSD UNIX Line Printer Daemon (LPD) revisited. LPD is also the name given to the network printing protocol. This network protocol is spoken not only by the LPD daemon itself, but by essentially every networked print-server, networked printer, and every other print spooler out there; LPD is the lowest common denominator of standards-based network printing.
|
||||
</para>
|
||||
<para> LPRng is a far better implementation of the basic LPD design than the regular one; if you must use LPD, consider using LPRng instead. There is far less voodoo involved in making it do what you want, and what voodoo there is is well documented.</para>
|
||||
<para>LPRng is easier to administer for large installations (read: more than one printer, any serial printers, or any peculiar non-lpd network printers) and has a less haphazard code base than does stock lpd. It can even honestly claim to be secure - there are no SUID binaries, and it supports authentication via PGP or Kerberos.
|
||||
|
|
|
|||
|
|
@ -792,7 +792,7 @@
|
|||
<glossentry id="mplayer">
|
||||
<glossterm>mplayer</glossterm>
|
||||
<glossdef>
|
||||
<para>Movie player/encoder for Linux, see <xref linkend="sect_07_03_04_03" />.</para>
|
||||
<para>Movie player/encoder for Linux, see <xref linkend="sect_07_03_03_04" />.</para>
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
|
|
@ -895,7 +895,7 @@
|
|||
<glossentry id="ogle">
|
||||
<glossterm>ogle</glossterm>
|
||||
<glossdef>
|
||||
<para>DVD player with support for DVD menus, see <xref linkend="sect_07_04_03_04" />.</para>
|
||||
<para>DVD player with support for DVD menus, see <xref linkend="sect_07_03_03_04" />.</para>
|
||||
</glossdef>
|
||||
</glossentry>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue