Showing posts with label file permissions. Show all posts
Showing posts with label file permissions. Show all posts

Tuesday, October 7, 2014

Disk Metadata : Superblock, Directory and Inodes

Metadata
Filesystem blocks are user for 2 purposes : To store User data and Metadata
  • User data - stores actual data contained in files
  • Metadata - stores file system structural information such as superblock, inodes, directories
Metadata describes the structure of the file system. Most common metadata structure are superblock, inode and directories.

Superblocks
Every FS has a superblock which contains info about filesystems such as :
  • File system type
  • Size
  • Status
  • Information about other metadata structures
    • For filesystems with 1k blocksizes, a backup superblock can be found at block 8193
    • For filesystems with 2k blocksizes, at block 16384
    • For 4k blocksizes, at block 32768.
List backup superblocks:
# dumpe2fs /dev/hda3 | grep -i superblock

If Superblock  is corrupted, restore with backup :
# e2fsck -f -b 8193 /dev/sda3
 
Inode
 
 An inode is a data structure on a Linux Unix FS which stores stores basic information about a regular file, directory, or other file system objects.  

Monday, April 28, 2014

Recover deleted files used by any process in Linux from RAM memory.


Every thing in Linux is a File. A file in turn is actually a pointer to inode which contain the actual data on the disk, permissions, ownership. Now what happens when a file is deleted ? Only the link is removed by not the inode or the actual data. if a process is using the file, or if the file is open , the inode is not released for overwriting util the process is done with the file. Such files will remain in the server memory (RAM). 

Lets discuss how to recover such deleted files which is being used by a process.

Lets do it with an example.

Create a test file.
# touch testfile.txt

Echo some random data on it.
# cat /dev/random > testfile.txt

Open the file using some command like below.
# less  testfile.txt

# ps -ef | grep -i less
less 4607 root  4r  REG 254,4   21  
           8880214 /root/testing.txt (deleted)

All the open files remain in the memory and hence in the /proc filesystem. The important columns in the above output are the second one, which gives you the PID of the process that has the file open (4607), and the fourth one, which gives you the file descriptor (4). Now, we go look in /proc, where there will still be a reference to the inode, from which you can copy the file back.

# ls -l /proc/4607/fd/4
lr-x------ 1 root root 64 Apr  7 03:19 
             /proc/4607/fd/4 -> /root/testing.txt (deleted)
  
To recover the deleted file in memory, just copy as below.
 #cp /proc/4607/fd/4 testing.txt.bk


Hurray you got your file back. Just make sure not to use "-a" switch while copying the file as this will copy the broken softlink.

JK

 

Thursday, April 25, 2013

Set Setuid, Setgid and Sticky bit in Linux

Special permissions on files and directories in linux are : SetUID, SetGID and Sticky bit.

With the help of “chmod” command  we can implement the special permissions on file and directories.

SUID / Set User ID : A program is executed with the file owner's permissions (rather than with the permissions of the user who executes it).

SGID / Set Group ID : Files created in the directory inherit its GID, i.e When a directory is shared between the users , and sgid is implemented on that shared directory , when these users creates  directory, then the created directory has the same gid or group owner of its parent directory.

Sticky Bit :  It is used mainly used on folders in order to avoid deletion of a folder and its content by other user though he/she is having write permissions. If Sticky bit is enabled on a folder, the folder is deleted by only owner of the folder and super user(root). This is a security measure to suppress deletion of critical folders where it is having full permissions by others.

Wednesday, March 3, 2010

setuid File Permission in UNIX/Linux

In this post I am going to describe you about the 'setuid' in UNIX and Linux.

setuid or 'set user ID upon execution' and setgid or 'set group ID upon execution' are UNIX access right flags which are used to allow users to run an executable file with the permission of the executable file's owner or group. If the setuid is enabled for an executable file, the user executing the file will get permissions of the user or group that owns the executable file. This is very useful for allowing users on a computer system to run programs with temporarily elevated privileges for performing a particular task. 

These programs are needed for performing some tasks like 'ping' from an unprivileged user. The ping executable in /usr/bin folder is set with setuid bit on and consider its owner is root. So that whenever the ping command is used it is executed with elevated privileges and hence all the unprivileged users can use the ping command unless they are explicitly blocked form using it via some other means. By this hope you got the concept of setuid. Please continue reading for knowing more about setting, listing and more about setuid.