Basic Concepts

Contents

6.1. User Concept
6.2. The Linux File System
6.3. File Access Permissions

Abstract

If this is your first encounter with a Linux system you probably want to learn something about the basic concepts of Linux before getting started. The graphical user interfaces of Linux, Mac OS* and Windows* show rather similar desktop components, which makes it easy to move from one graphical environment to the next. However, if you take a look at the underlying system you will soon notice some differences.

The following sections are meant to guide you through the first steps with your Linux system and to help Linux newbies to familiarize themselves in their new operating system. You will learn about the user concept of Linux, the structure of the Linux file system (where to find what in the directory tree) and how to deal with access permissions for files and directories, which are an essential feature in Linux.

Users who have been working with Mac OS will probably recognize that the concepts explained in the following sections are rather similar to what they know already from Mac OS. Windows users may realize some crucial differences which are worth noticing.

User Concept

From the beginning, Linux has been designed as a multiuser system: Any number of users can simultaneously work on one machine. These users can connect to the system via different terminals or network connections. Usually users need to log in to the system before starting a session. Personal information and individual desktop configuration are stored separately for each user.

Distinct User Roles

Among the users working on a machine, Linux distinguishes between different kinds of user roles: you can log in to a Linux machine as a normal user or as a superuser (administrator), traditionally called root in Linux. The superuser has privileges which authorize him to access all parts of the system and to execute administrative tasks. He or she has the unrestricted capacity to make changes to the system and has unlimited access to all files. If you are logged in as a normal user you lack these privileges. User and root can of course be the same physical person but acting in different roles.

The root user account is always created on your Linux system by default — during installation you are therefore requested to specify a password for root. Which other users can log in to your system depends on the method of authentication you choose during installation (see Section 1.11, “Create New User”).

For your daily work, you usually log in to your system as normal user. Performing some administrative tasks or running certain programs such as YaST requires root permissions. You can easily switch from your normal account to root and back to your normal user account after accomplishing the administrative task. How to do so in a shell is described in Section 7.4, “Becoming Root”. If you are working with a graphical user interface you are usually prompted to enter the root password when necessary. Closing the application which required root permissions results in withdrawal of the root privileges: you automatically switch back to your normal user account.

While this concept might not look very appealing at first, it adds to security. A user without root privileges cannot damage the entire system. Any damage caused is strictly limited to the user's own account and data. Any operation executed with root privileges may potentially harm the entire system. Anyone intending to harm a running Linux system must gain root privileges first. This is why it is much harder to create viruses for Linux systems. They must overcome the root barrier first.

Groups

Every user in a Linux system belongs at least to one group. A group, in this case, can be defined as a set of connected users with certain collective privileges. Groups are usually defined according to functional roles or the data and resources the members of the group need to access. When a new user account is created on your system, the user is usually assigned to a default, primary group. The system administrator can change this primary group or assign the user to an additional group, if necessary.

Figure 6.1. Group Membership for a User in YaST

Group Membership for a User in YaST

The Linux File System

All users, including the superuser, have their own home directories where all private data, like documents, bookmarks, or e-mail, are stored. System directories holding central configuration files or executable files can only be modified by the superuser. Read more about access permissions and how to modify them according to your needs in Section 7.5, “Modifying File Permissions”.

In Linux, you can choose whether you want to manage files and folders with a file manager or with the command line, which is the traditional way. The latter method is often faster but requires some deeper knowledge of several commands to list, create, delete, or edit files and their properties. For more information about commands for manipulating files refer to Section 7.3, “Working with Files and Directories”. A file manager provides a graphical and more intuitive way to handle these tasks. Learn more about the file managers of GNOME and KDE in Section “Managing Folders and Files with Nautilus” (Chapter 2, Working with Your Desktop, ↑GNOME User Guide) and Section “Using Dolphin File Manager” (Chapter 2, Working with Your Desktop, ↑KDE User Guide). The following sections provide you with some basic knowledge of the file system and provide an overview of the default directory structure in Linux.

Key Features

In Linux, all files and directories are located in a tree-like structure. The topmost directory is referred to as the file system root or just / (not to be confused with the root user). The counterpart of / in a Windows system would probably be C:\. All other directories in Linux can be accessed from the root directory and are arranged in a hierarchical structure.

Find the key features of the Linux file system in the following list which also highlights some of the major differences between the Linux and the Windows/DOS file system:

Specifying Paths

As opposed to Windows, Linux does not use backslashes to separate the components of a pathname, it uses slashes instead. For example, the private data of users in Windows may be stored under C:\My Documents\Letters, whereas in Linux it would be stored under /home/username/Letters.

Partitions, Drives/Devices and Directories

Linux does not use drive letters as Windows does. From the mere appearance of a pathname in Linux you can not tell whether you are addressing a partition, a drive/device, a network device or an ordinary directory.

Mounting and Unmounting

Another crucial difference between Windows/DOS and Linux is the concept of mounting and unmounting partitions, drives or directories. Windows detects partitions and drives during the boot process and assigns a drive letter to them. In Linux, however, partitions or devices are usually not visible in the directory tree unless they are mounted, that means integrated into the file system at a specific location in the directory tree. As a normal user you cannot access data on a partition or a device unless it is mounted. But don't worry— most of the time you do not have to mount partitions or devices manually. During the installation of your system, you can define partitions to be mounted automatically when the system is started. Removable devices are usually also detected and mounted automatically by your system. The desktop environments such as KDE or GNOME will inform you about the appearance of a new device.

Figure 6.2. Autodetection of a USB Stick in KDE

Autodetection of a USB Stick in KDE

Although this concept of mounting and unmounting may appear complicated or cumbersome at first sight this also offers great flexibility. For example you can easily mount a directory from a another machine over the network and act on that directory as though it were located on your local machine.

Case-Sensitivity

Linux distinguishes between uppercase and lowercase letters in the file system. For example, whether you name a file test.txt, TeST.txt or Test.txt makes a difference in Linux. This also holds true for directories: You cannot access a directory named Letters by the name letters.

File Extensions

As opposed to Windows, files in Linux may have a file extension, such as .txt, but do not need to have one. When you start working with the shell this sometimes makes it difficult for beginners to differentiate between files and folders, depending on the command you use to list the contents of a directory. Learn more about some basic shell commands in Chapter 7, Shell Basics. If you use the graphical file managers in GNOME or KDE (see Section “Managing Folders and Files with Nautilus” (Chapter 2, Working with Your Desktop, ↑GNOME User Guide) and Section “Using Dolphin File Manager” (Chapter 2, Working with Your Desktop, ↑KDE User Guide)) files and folders are symbolized by various different icons depending on the view you choose.

Figure 6.3. File and Folders in KDE File Manager

File and Folders in KDE File Manager

Hidden Files

Similar to Windows, Linux also distinguishes between normal files and hidden files which are often configuration files that you usually do not want to access or see as a normal user. In Linux, hidden files are indicated by a dot in front (for example, .hiddenfile). In order to access hidden files you can switch view in the file managers as described in Section “Using Dolphin File Manager” (Chapter 2, Working with Your Desktop, ↑KDE User Guide) or use a certain command in the shell as described in Section 7.2.2, “Using Commands with Options”.

File System Permissions

Because Linux is a multiuser system, every file in a Linux file system belongs to a user and a group. Only the owner of a file or directory (or, of course, root) can grant other users access permission to it. Linux basically distinguishes between three different types of access permissions: write permission, read permission and execute permission. You can only access a file or a folder if you have at least read permission to it. There are several ways to change the access permissions of files and folders: either traditionally via the shell or with the help of your desktop's file manager. If you have root privileges, you can also change the owner and the group of a file or folder. Read how to do so in a shell in Section 7.5, “Modifying File Permissions”.

For more detailed information about file system permissions refer to Section 6.3, “File Access Permissions”. Apart from the traditional permission concept for file system objects there are also extensions available which handle permissions more flexibly. Read more in Chapter Access Control Lists in Linux (↑Security Guide).

The Directory Structure

The following table provides a short overview of the most important higher-level directories that you find on a Linux system. Find more detailed information about the directories and important subdirectories in the following list.

Table 6.1. Overview of a Standard Directory Tree

Directory

Contents

/

Root directory—the starting point of the directory tree.

/bin

Essential binary files, such as commands that are needed by both the system administrator and normal users. Usually also contains the shells, such as Bash.

/boot

Static files of the boot loader.

/dev

Files needed to access host-specific devices.

/etc

Host-specific system configuration files.

/home

Holds the home directories of all users who have accounts on the system. However, root's home directory is not located in /home but in /root.

/lib

Essential shared libraries and kernel modules.

/media

Mount points for removable media.

/mnt

Mount point for temporarily mounting a file system.

/opt

Add-on application software packages.

/root

Home directory for the superuser root.

/sbin

Essential system binaries.

/srv

Data for services provided by the system.

/tmp

Temporary files.

/usr

Secondary hierarchy with read-only data.

/var

Variable data such as log files.

/windows

Only available if you have both Microsoft Windows* and Linux installed on your system. Contains the Windows data.


The following list provides more detailed information and gives some examples of which files and subdirectories can be found in the directories:

/bin

Contains the basic shell commands that may be used both by root and by other users. These commands include ls, mkdir, cp, mv, rm and rmdir. /bin also contains Bash, the default shell in openSUSE.

/boot

Contains data required for booting, such as the boot loader, the kernel, and other data that is used before the kernel begins executing user-mode programs.

/dev

Holds device files that represent hardware components.

/etc

Contains local configuration files that control the operation of programs like the X Window System. The /etc/init.d subdirectory contains scripts that are executed during the boot process.

/home/username

Holds the private data of every user who has an account on the system. The files located here can only be modified by their owner or by the system administrator. By default, your e-mail directory and personal desktop configuration are located here in the form of hidden files and directories. KDE users find the personal configuration data for their desktop in .kde4 and GNOME users find it in .gconf. For information about hidden files, refer to Section 6.2.1, “Key Features”.

[Note]Home Directory in a Network Environment

If you are working in a network environment, your home directory may be mapped to a directory in the file system other than /home.

/lib

Contains the essential shared libraries needed to boot the system and to run the commands in the root file system. The Windows equivalent for shared libraries are DLL files.

/media

Contains mount points for removable media, such as CD-ROMs, USB sticks and digital cameras (if they use USB). /media generally holds any type of drive except the hard drive of your system. As soon as your removable medium has been inserted or connected to the system and has been mounted, you can access it from here.

/mnt

This directory provides a mount point for a temporarily mounted file system. root may mount file systems here.

/opt

Reserved for the installation of third-party software. Optional software and larger add-on program packages can be found here.

/root

Home directory for the root user. The personal data of root is located here.

/sbin

As the s indicates, this directory holds utilities for the superuser. /sbin contains the binaries essential for booting, restoring and recovering the system in addition to the binaries in /bin.

/srv

Holds data for services provided by the system, such as FTP and HTTP.

/tmp

This directory is used by programs that require temporary storage of files.

[Important]Cleaning up /tmp at Boot Time

Data stored in /tmp are not guaranteed to survive a system reboot. It, for example, depends on settings in /etc/sysconfig/cron.

/usr

/usr has nothing to do with users, but is the acronym for UNIX system resources. The data in /usr is static, read-only data that can be shared among various hosts compliant with the Filesystem Hierarchy Standard (FHS). This directory contains all application programs and establishes a secondary hierarchy in the file system. KDE4 and GNOME are also located here. /usr holds a number of subdirectories, such as /usr/bin, /usr/sbin, /usr/local, and /usr/share/doc.

/usr/bin

Contains generally accessible programs.

/usr/sbin

Contains system daemons and programs reserved for the system administrator that are not essential for booting the system.

/usr/local

In this directory the system administrator can install local, distribution-independent extensions.

/usr/share/doc

Holds various documentation files and the release notes for your system. In the manual subdirectory find an online version of this manual. If more than one language is installed, this directory may contain versions of the manuals for different languages.

Under packages find the documentation included in the software packages installed on your system. For every package, a subdirectory /usr/share/doc/packages/packagename is created that often holds README files for the package and sometimes examples, configuration files or additional scripts.

If HOWTOs are installed on your system /usr/share/doc also holds the howto subdirectory in which to find additional documentation on many tasks related to the setup and operation of Linux software.

/var

Whereas /usr holds static, read-only data, /var is for data which is written during system operation and thus is variable data, such as log files or spooling data. For an overview of the most important log files you can find under /var/log/, refer to Table 9.1, “Log Files”.

/windows

Only available if you have both Microsoft Windows and Linux installed on your system. Contains the Windows data available on the Windows partition of your system. Whether you can edit the data in this directory depends on the file system your Windows partition uses. If it is FAT32, you can open and edit the files in this directory. For NTFS, openSUSE also includes write access support. However, the driver for the NTFS-3g file system has limited functionality. Learn more in Section “Accessing Files on Different OS on the Same Computer” (Chapter 34, Copying and Sharing Files, ↑Reference).

File Access Permissions

In Linux, objects such as files or folders or processes generally belong to the user who created or initiated them. There are some exceptions to this rule. For more information about the exceptions, refer to Chapter Access Control Lists in Linux (↑Security Guide). The group which is associated with a file or a folder depends on the primary group the user belongs to when creating the object.

When you create a new file or directory, initial access permissions for this object are set according to a predefined scheme. As an owner of a file or directory, you can change the access permissions for this object. For example, you can protect files holding sensitive data against read access by other users and you can authorize the members of your group or other users to write, read, or execute several of your files where appropriate. As root, you can also change the ownership of files or folders.

Permissions for User, Group and Others

Three permission sets are defined for each file object on a Linux system. These sets include the read, write, and execute permissions for each of three types of users—the owner, the group, and other users. You can view and change the access permissions of a file or folder in the file managers of your desktop or in a shell (see Section 7.5, “Modifying File Permissions”).

Figure 6.4. File Access Permissions in KDE File Manager

File Access Permissions in KDE File Manager

The following example shows the output of an ls -l command in a shell. This command lists the contents of a directory and shows the details for each file and folder in that directory.

Example 6.1. Access Permissions For Files and Folders

-rw-r----- 1 tux users      0 2006-06-23 16:08 checklist.txt
-rw-r--r-- 1 tux users  53279 2006-06-21 13:16 gnome_quick.xml
-rw-rw---- 1 tux users      0 2006-06-23 16:08 index.htm
-rw-r--r-- 1 tux users  70733 2006-06-21 09:35 kde-start.xml
-rw-r--r-- 1 tux users  47896 2006-06-21 09:46 kde_quick.xml
drwxr-xr-x 2 tux users     48 2006-06-23 16:09 local
-r-xr-xr-x 1 tux users 624398 2006-06-23 15:43 tux.jpg

As shown in the third column, all objects belong to user tux. They are assigned to the group users which is the primary group the user tux belongs to. To retrieve the access permissions the first column of the list must be examined more closely. Let's have a look at the file kde-start.xml:

Type

User Permissions

Group Permissions

Permissions for Others

-

rw-

r--

r--

The first column of the list consists of one leading character followed by nine characters grouped in three blocks. The leading character indicates the file type of the object: in this case, the hyphen () shows that kde-start.xml is a file. If you find the character d instead, this shows that the object is a directory, like local in Example 6.1, “Access Permissions For Files and Folders”.

The next three blocks show the access permissions for the owner, the group and other users (from left to right). Each block follows the same pattern: the first position shows read permissions (r), the next position shows write permissions (w), the last one shows execute permission (x). A lack of either permission is indicated by -. In our example, the owner of kde-start.xml has read and write access to the file but cannot execute it. The users group can read the file but cannot write or execute it. The same holds true for the other users as shown in the third block of characters.

Files and Folders

Access permissions have a slightly different impact depending on the type of object they apply to: file or directory. The following table shows the details:

Table 6.2. Access Permissions For Files And Directories

Access Permission

File

Folder

Read (r)

Users can open and read the file.

Users can view the contents of the directory. Without this permission, users cannot list the contents of this directory with ls -l, for example. However, if they only have execute permission for the directory, they can nevertheless access certain files in this directory if they know of their existence.

Write (w)

Users can change the file: They can add or drop data and can even delete the contents of the file. However, this does not include the permission to remove the file completely from the directory as long as they do not have write permissions for the directory where the file is located.

Users can create, rename or delete files in the directory.

Execute (x)

Users can execute the file. This permission is only relevant for files like programs or shell scripts, not for text files. If the operating system can execute the file directly, users do not need read permission to execute the file. However, if the file must me interpreted like a shell script or a perl program, additional read permission is needed.

Users can change into the directory and execute files there. If they do not have read access to that directory they cannot list the files but can access them nevertheless if they know of their existence.


Note that access to a certain file is always dependent on the correct combination of access permissions for the file itself and the directory it is located in.