2Apr il 2003, 17:00:47 The Complete FreeBSD (filesys.mm), page 181
10
File systems and
devices
In this chapter:
• File permissions
• Mandator y Access
Control
• Links
• Director y hierarchy
• File system types
• Mounting file
systems
• FreeBSD devices
• Vir tual ter minals
In this chapter:
• File permissions
• Mandator y Access
Control
• Links
• Director y hierarchy
• File system types
• Mounting file
systems
• FreeBSD devices
• Vir tual ter minals
One of the most revolutionary concepts of the UNIX operating system was its file system,
the way in which it stores data. Although most other operating systems have copied it
since then, including Microsoft’splatforms, none have come close to the elegance with
which it is implemented. Manyaspects of the file system are not immediately obvious,
some of them not eventoseasoned UNIX users.

We’v e already looked at file naming conventions on page 125. In the next section, we’ll
look at the file system access, structure and hierarchy, and on page 195 we’ll look at how
the file system treats hardware devices as files.
File permissions
AUNIX system may potentially be used by manypeople, so UNIX includes a method of
protecting data from access by unauthorized persons. Every file has three items of
information associated with it that describe who can access it in what manner:
• The file owner,the user ID of the person who owns the file.
• The file group,the group ID of the group that ‘‘owns’’the file.
• Alist of what the owner,the group and other people can do with the file. The
possible actions are reading, writing or executing.
filesys.mm,v v4.17 (2003/04/02 06:43:57) 181
File permissions 182
2April 2003, 17:00:47 The Complete FreeBSD (../tools/tmac.Mn), page 182
Forexample, you might have a program that accesses private data, and you want to be
sure that only you can execute it. Youdothis by setting the permissions so that only the
owner can execute it. Or you might have a textdocument in development, and you want
to be sure that you are the only person who can change it. On the other hand, the people
who work with you have a need to be able to refer to the document. Youset the
permissions so that only the owner can write it, that the owner and group can read it, and,
because it’snot ready for publication yet, you don’tallowanybody else to access it.
Traditionally,the permissions are represented by three groups of rwx: r stands for read
permission, w stands for write permission, and x stands for execute permission. The three
groups represent the permissions for the owner,the group and others respectively.Ifthe
permission is not granted, it is represented by a hyphen (-). Thus, the permissions for the
program I discussed above would be r-x------ (I can read and execute the program,
and nobody else can do anything with it). The permissions for the draft document would
be rw-r----- (I can read and write, the group can read, and others can’taccess it).
Typical FreeBSD file access permissions are rwxr-xr-x for programs and rw-r--r--
for other system files. In some cases, however, you’ll find that other permissions are

required.For example, the file ˜/.rhosts,which is used by some network programs for
user validation, may contain the user’spassword in legible form. To help ensure that
other people don’tread it, the network programs refuse to read it unless its permissions
are rw-------.The vast majority of system problems in UNIX can be traced to
incorrect permissions, so you should pay particular attention to them.
Apart from these access permissions, executables can also have two bits set to specify the
access permissions of the process when it is run. If the setuid (set user ID)bit is set, the
process always runs as if it had been started by its owner.Ifthe setgid (set group ID)bit
is set, it runs as if it had been started by its group. This is frequently used to start system
programs that need to access resources that the user may not access directly.We’ll see an
example of this with the ps command on page 185. ls represents the setuid bit by
setting the third letter of the permissions string to s instead of x;similarly,itrepresents
the setgid bit by setting the sixth letter of the permissions string to s instead of x.
In addition to this access information, the permissions contain a character that describes
what kind of file it represents. The first letter may be a - (hyphen), which designates a
regular file, the letter d for directory,orthe letters b or c for a device node. We’lllook at
device nodes in Chapter 11, page 195. There are also a number of other letters that are
less used. See the man page ls(1) for a full list.
To list files and showthe permissions, use the ls command with the -l option:
$ ls -l
total 2429
-rw-rw-r-- 1 grog wheel 28204 Jan 414:17 %backup%˜
drwxrwxr-x 3 grog wheel 512 Oct 11 15:26 2.1.0-951005-SNAP
drwx------ 4 grog wheel 512 Nov 25 17:23 Mail
-rw-rw-r-- 1 grog wheel 149 Dec 414:18 Makefile
-rw-rw-r-- 1 grog wheel 108 Dec 412:36 Makefile.bak
-rw-rw-r-- 1 grog wheel 108 Dec 412:36 Makefile˜
-rw-rw-r-- 1 grog wheel 0Dec 4 12:36 depend
-rw-rw-r-- 1 daemon wheel 1474560 Dec 14 17:03 deppert.floppy
-rwxr-xr-x 1 grog wheel 100 Dec 19 15:24 doio

filesys.mm,v v4.17 (2003/04/02 06:43:57)
183 Chapter 10: File systems and devices
2April 2003, 17:00:47 The Complete FreeBSD (../tools/tmac.Mn), page 183
-rwxrwxr-x 1 grog wheel 204 Dec 19 15:25 doiovm
-rwxrwxr-x 1 grog wheel 204 Dec 19 15:16 doiovm˜
-rwxr-xr-x 1 grog wheel 115 Dec 26 08:42 dovm
-rwxr-xr-x 1 grog wheel 114 Dec 19 15:30 dovm˜
drwxr-xr-x 2 grog wheel 512 Oct 16 1994 emacs
drwxrwxrwx 2 grog wheel 512 Jan 314:07 letters
This format shows the following information:
• First, the permissions, which we’ve already discussed.
• Then, the link count.This is the number of hard links to the file. Foraregular file,
this is normally 1, but directories have atleast 2. We look at links on page 186.
• Next come the names of the owner and the group, and the size of the file in bytes.
You’ll notice that the file deppert.floppy belongs to daemon.This was probably an
accident, and it could lead to problems. Incidentally,looking at the name of the file
and its size, it’sfairly obvious that this is an image of a 3½" floppy, that is to say,a
literal copyofthe data on the complete floppy.
• The date is normally the date that the file was last modified. With the -u option to ls,
you can list the last time the file was accessed.
• Finally comes the name of the file. As you can see from this example, the names can
be quite varied.
Acouple of the permissions are of interest. The directories all have the x (execute)
permission bit set. This enables accessing (i.e. opening) files in the directory—that’sthe
waythe term execute is defined for a directory.IfIreset the execute permission, I can
still list the names of the files, but I can’taccess them.
Iamthe only person who can access the directory Mail.This is the normal permission
for a mail directory.
Changing file permissions and owners
Often enough, you may want to change file permissions or owners. UNIX supplies three

programs to do this:
• To change the file owner,use chown.For example, to change the ownership of the
file deppert.floppy,which in the list above belongs to daemon, root would enter:
# chown grog deppert.floppy
Note that only root may perform this operation.
• To change the file group, use chgrp,which works in the same way as chown.To
change the group ownership to lemis,you would enter:
# chgrp lemis deppert.floppy
chown can also change both the owner and the group. Instead of the twoprevious
examples, you could enter:
filesys.mm,v v4.17 (2003/04/02 06:43:57)
File permissions 184
2April 2003, 17:00:47 The Complete FreeBSD (../tools/tmac.Mn), page 184
# chown grog:lemis deppert.floppy
This changes the owner to grog,asbefore, and also changes the group to lemis.
• To change the permissions, use the chmod program. chmod has a number of
different formats, but unfortunately the nine-character representation isn’tone of
them. Read the man page chmod(1) for the full story,but you can achieve just about
anything you want with one of the formats shown in table 10-1:
Table 10-1: chmod permission codes
Specification Effect
go-w Denywrite permission to group and others
=rw,+X Set the read and write permissions to the usual defaults, but retain
anyexecute permissions that are currently set
+X Makeadirectory or file searchable/executable by everyone if it is
already searchable/executable by anyone
u=rwx,go=rx Makeafile readable/executable by everyone and writable by the
owner only
go= Clear all mode bits for group and others
g=u-w Set the group bits equal to the user bits, but clear the group write bit

Permissions for newfiles
None of this tells us what the permissions for newfiles are going to be. The wrong
choice could be disastrous. Forexample, if files were automatically created with the
permissions rwxrwxrwx,anybody could access them in anyway.Onthe other hand,
creating them with r-------- could result in a lot of work setting them to what you
really want them to be. UNIX solves this problem with a thing called umask (User
mask). This is a default non-permission: it specifies which permission bits not to allow.
As if this weren’tconfusing enough, it’sspecified in the octal number system, in which
the valid digits are 0 to 7.Each octal digit represents 3 bits. By contrast, the more
common hexadecimal system uses 16 digits, 0 to 9 and a to f.The original versions of
UNIX ran on machines that used the octal number system, and since the permissions
come in threes, it made sense to leave the umask value in octal.
An example: by default, you want to create files that anybody can read, but only you can
write. You set the mask to 022.This corresponds to the binary bit pattern 000010010.
The leading 0 is needed to specify that the number is in octal, not to makeupthree digits. If you
want to set the permissions so that by default nobody can read, you’dset it to 0222.Some shells
automatically assume that the number is octal, so you may be able to omit the 0,but it’snot good
practice.
filesys.mm,v v4.17 (2003/04/02 06:43:57)
185 Chapter 10: File systems and devices
2April 2003, 17:00:47 The Complete FreeBSD (filesys.mm), page 185
The permissions are allowed where the corresponding bit is 0:
rwxrwxrwx Possible permissions
000010010 umask
rwxr-xr-x resultant permissions
By default, files are created without the x bits, whereas directories are created with the
allowed x bits, so with this umask,afile would be created with the permissions rw-
r--r--.
umask is a shell command. To set it, just enter:
$ umask 022

It’spreferable to set this in your shell initialization file—see page 135 for further details.
Beware of creating a too restrictive umask. For example, you will get into a lot of trouble
with a umask like 377,which creates files that you can only read, and that nobody else
can access at all. If you disallowthe x (executable) bit, you will not be able to access
directories you create, and you won’tbeable to run programs you compile.
Making a program executable
File permissions enable one problem that occurs so often that it’sworth drawing attention
to it. Manyoperating systems require that an executable program have a special naming
convention, such as COMMAND.COM or FOO.BAT,which in MS-DOS denotes a
specific kind of binary executable and a script file, respectively.InUNIX, executable
programs don’tneed a special suffix, but theymust have the x bit set. Sometimes this bit
gets reset (turned off), for example if you copyitacross the Net with ftp.The result
looks likethis:
$ ps
bash: ps: Permission denied
$ ls -l /bin/ps
-r--r--r-- 1 bin kmem 163840 May 6 06:02 /bin/ps
$ su you need to be super user to set ps permission
Password: passworddoesn’techo
# chmod +x /bin/ps makeitexecutable
# ps now it works
PID TT STAT TIME COMMAND
226 p2 S 0:00.56 su (bash)
239 p2 R+ 0:00.02 ps
146 v1 Is+ 0:00.06 /usr/libexec/getty Pc ttyv1
147 v2 Is+ 0:00.05 /usr/libexec/getty Pc ttyv2
# ˆD exit su
$ ps
ps: /dev/mem: Permission denied hey! it’sstopped working
Huh? It only worked under su,and stopped working when I became a mere mortal

again? What’sgoing on here?
There’sasecond problem with programs like ps:some versions need to be able to access
special files, in this case /dev/mem,aspecial file that addresses the system memory.To
do this, we need to set the setgid bit, s,which requires becoming superuser again:
filesys.mm,v v4.17 (2003/04/02 06:43:57)
File permissions 186
2April 2003, 17:00:47 The Complete FreeBSD (filesys.mm), page 186
$ su you need to be super user to set ps permission
Password: passworddoesn’techo
# chmod g+s /bin/ps set the setgid bit
# ls -l /bin/ps see what it looks like
-r-xr-sr-x 1 bin kmem 163840 May 6 06:02 /bin/ps
# ˆD exit su
$ ps now it still works
PID TT STAT TIME COMMAND
226 p2 S 0:00.56 su (bash)
239 p2 R+ 0:00.02 ps
146 v1 Is+ 0:00.06 /usr/libexec/getty Pc ttyv1
147 v2 Is+ 0:00.05 /usr/libexec/getty Pc ttyv2
In this example, the permissions in the final result really are the correct permissions for
ps.It’simpossible to go through the permissions for every standard program. If you
suspect that you have the permissions set incorrectly,use the permissions of the files on
the Live Filesystem CD-ROM as a guideline.
setuid and setgid programs can be a security issue. What happens if the program called
ps is really something else, a Trojan Horse? We set the permissions to allowittobreak
into the system. As a result, FreeBSD has found an alternative method for ps to do its
work, and it no longer needs to be set setgid.
Mandator y Access Control
Forsome purposes, traditional UNIX permissions are insufficient. Release 5.0 of
FreeBSD introduces Mandatory Access Control,orMAC,which permits loadable kernel

modules to augment the system security policy. MAC isintended as a toolkit for
developing local and vendor security extensions, and it includes a number of sample
policymodules, including Multi-LevelSecurity (MLS) with compartments, and a number
of augmented UNIX security models including a file system firewall. At the time of
writing it is still considered experimental software, so this book doesn’tdiscuss it further.
See the man pages for more details.
Links
In UNIX, files are defined by inodes,structures on disk that you can’taccess directly.
Theycontain the metadata,all the information about the file, such as owner,permissions
and timestamps. What theydon’tcontain are the things you think of as making up a file:
theydon’thav e anydata, and theydon’thav e names. Instead, the inode contains
information about where the data blocks are located on the disk. It doesn’tknow
anything about the name: that’sthe job of the directories.
Adirectory is simply a special kind of file that contains a list of names and inode
numbers: in other words, theyassign a name to an inode, and thus to a file. More than
one name can point to the same inode, so files can have more than one name. This
connection between a name and an inode is called a link,sometimes confusingly hard
link.The inode numbers relate to the file system, so files must be in the same file system
filesys.mm,v v4.17 (2003/04/02 06:43:57)