Shell and permissions - dejanu/linux GitHub Wiki

---
title: Bash startup files
---
graph LR
    linkStyle default stroke:gray

    bash{"Bash"}

    login{"Login"}
    nonLogin{"Non-login"}
    interactive{"Interactive"}
    nonInteractive{"Non-interactive"}

    bash --> login
    bash --> nonLogin

    login --> interactive
    login --> nonInteractive
    nonLogin --> interactive
    nonLogin --> nonInteractive
    
    linkStyle 2 stroke: red;
    linkStyle 3 stroke: orange;
    linkStyle 4 stroke: green;
    linkStyle 5 stroke: blue;

    systemEtcProfile["/etc/profile"]
    systemHomeProfile["~/.profile"]

    etcRc["/etc/bash.bashrc"]
    etcLogout["/etc/bash.bash_logout"]

    homeProfile["~/.bash_profile"]
    homeLogin["~/.bash_login"]
    homeRc["~/.bashrc"]
    homeLogout["~/.bash_logout"]
    ENV["$BASH_ENV"]

    %% Shared amongst lines
    subgraph bashFirstOf [First of]
        direction LR
        homeProfile
        homeLogin
        systemHomeProfile
    end


    %% login, interactive
    interactive --> systemEtcProfile --> bashFirstOf
     -->|on logout| homeLogout --> etcLogout
    linkStyle 6,7,8,9 stroke: red;

    %% login, non-interactive
    nonInteractive --> systemEtcProfile --> bashFirstOf
     -->|on logout| homeLogout --> etcLogout
    linkStyle 10,11,12,13 stroke: orange;

    %% non-login, interactive
    interactive --> etcRc --> homeRc
    linkStyle 14,15 stroke: green;

    %% non-login, non-interactive
    nonInteractive --> ENV
    linkStyle 16 stroke: blue


    %% Cross-sourcing
    systemEtcProfile -->|commonly sources| etcRc
    homeProfile -->|commonly sources| homeRc

/etc/environment - This file is specifically meant for system-wide environment variable settings. /etc/profile system-wide settings and actions (login shells only, used for any shell korn, bash, zshell), as well as by the DisplayManager when the desktop session loads. Proxy configuration can be found here.
~/.bash_profile user-specific settings and actions (login shells only)
~/.bashrc user-specific settings and actions (all non-login shells, i.e. sub-shells and shell scripts, in particular cron scripts)

# paste it ~/.profile

if [ -f ~/.bash_profile ];then source ~/.bash_profile;fi

~/.xsession user-specific settings and actions (executed once on start of X session)
~/.bash_logout user-specific clean-up actions (executed on termination of login shells)

Shell variables .

  • are not inherited by processes launched by the current shell (by default the processes do not communicate between them) .
$ AGE=42; echo $AGE
42
$bash
$echo $AGE
...no output...
$exit

$ bash & - will create a new process and it will send it to background;

$ ps -f  
- bash (which is the login shell process) . 
  bash (which is the forked **fork() ** process from the login shell process) .
  • executing a file . ./config.sh does not make any changes in the current shell, if intended, whereas the sourced file source config.sh makes the changes in the current shell itself.

The shell vars come from 3 sources:

  • Inherited from the environment when the shell was first invoked;

  • From startup files /etc/profile/, ~/.bash_profile, ~/.bashrc;

  • Set manually by the user from the shell prompt

  • Display all shell variables, run: $ set
    Running set without any parameters will list shell variables, environmental variables, local variables, and shell functions, so just pipe it $set | less

Environment variables .

  • are inherited by each launched process
  • Display all the env variables, run: $ env .
  • To make a shell variable an environment variable, run: $ export var_name
  • Environment variables are only passed to child processes, there isn't a buit-in way of setting environment variables in the parent shell
$ AGE=42; echo $AGE
42   
$ export AGE
$bash
$echo $AGE
42
$exit
  • Examples of environment variables: $PATH, $PWD, $HOME, $USER;
    • $PATH aka executable search path, contains a list of directories in which the shell will look in for a program when it is called ;
      $ echo $PATH: /Library/Frameworks/Python.framework/Versions/3.6/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/go/bin:/Applications/Visual Studio Code.app/Contents/Resources/app/bin (values for $PATH env are separated by colon operator : ) .

Nice hack to remove from PATH:

echo ${PATH} > t1
vi t1
export PATH=$(cat t1)
  • Add to path: export PATH=$PATH:/dir/with/the/file - Ephemere
  • In order to make the variable persistent add:export PATH=$PATH:/dir/with/the/file line in the ~/.bash_profile, ~/.bashrc, or ~/.profile .
  • Bullet proof way to add to path: PATH="${PATH:+${PATH}:}~/opt/bin"
  • Nice to add to ~/.profile:
# if running bash
if [ -n "$BASH_VERSION" ]; then
    # include .bashrc if it exists
    if [ -f "$HOME/.bashrc" ]; then
        . "$HOME/.bashrc"
    fi
fi

# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/bin" ] ; then
    PATH="$HOME/bin:$PATH"
fi

# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/.local/bin" ] ; then
    PATH="$HOME/.local/bin:$PATH"
fi

ssh_agent () {
        eval `ssh-agent -s`
        ssh-add
}
  • Revert an environment variable to shell variable $ export -n var_name or to completely unset the variable $ unset var_name

Permissions

  • the default permissions when a file is created are 666 rw- rw- rw- and for a directory default permissions are 777 rwx rwx rwx but most of the systems overwrite this at boot time with the program umask (0002 or 0022).
    !!! The final permission of a file is the result of a logical AND operation between the negation of the umask and the default permission .
PERMISSION FILES DIRS
Set USER ID Run executable as owner -
Set Group ID Run executable as group owner Inherits group ownership to all newly created items
Sticky Bit - Delete files only if owner or owner of the parent directory
  • the umask is read from right to left and trailing zeros are ignored:
(0)755  —- None of the special bits set
(1)755  —- Sticky bit set
(2)755  —- SGID bit set
(4)755  —- SUID bit set

  • the ownership of files and directories is based on the default uid and gid so the process is launched with the corresponding privileges, so providing elevated privileges temporarily during execution is achieved with SUID or SGID

  • when setuid bit is on, the file/process it's not run with the privileges of the user who launched it , but with the privileges of the file owner instead e.g /usr/bin/passwd cmd (which alters the content of /etc/shadow). E.g:

  • The setuid permission displayed as an “s” in the owner’s execute field.-rwsr-xr-x /bin/passwd

  • Set SUID #chmod 4555 ~/path_to_file or #chmod u+s path_to_file


-rwsr-xr-x 1 root root 34904 Mar 12  2014 /bin/su

-rwsr-xr-x 1 root root 40760 Sep 26  2013 /bin/ping

-rwsr-xr-x 1 root root 77336 Apr 28  2014 /bin/mount

-rwsr-xr-x 1 root root 53472 Apr 28  2014 /bin/umount

-rwsr-xr-x 1 root root 66352 Dec  7  2011 /usr/bin/chage

-rwsr-xr-x 1 root root 30768 Feb 22  2012 /usr/bin/passwd

---s--x--x 1 root root 123832 Nov 22  2013 /usr/bin/sudo

-rwsr-xr-x 1 root root 51784 Nov 23  2013 /usr/bin/crontab

  • when setgid bit is set the file/process is run with group permissions

  • The setgid permission displays as an “s” in the group’s execute field

  • set SGID #chmod 2555 path_to_file or #chmod g+s path_to_file

  • when STICKY BIT is set to on the owner of the directory, and the owner of a file can remove files within said directory, for example /tmp directory

  • set Sticky Bit , #chmod +t path_to_dir or #chmod 155 path_to_dir - t refers to when the execute permissions are on drwxrwxrwt 2 sys sys 512 Jan 26 11:02 /var/tmp

File-system

  • A file is basically a link to a inode (data structure that is an entry in inode table and contains metadata)
  • A hard link then just creates another file with a link to the same underlying inode.
  • A symbolic link is a link to another name in the file system (basically is a link to a hard link)
%create hard link
ln file hard_link_file

file and hard_link_file have the same inode number ls -li to verify

%create soft link aka symbolic link
ln -s file soft_link file

file and soft_link_file have different inode number

  • for the hardlink if the original file is delete there is no problem but for softlink if the original file is deleted then we will have the error No such file or dir

Soft links may be used to shorten long path names, i.e.:

ln -s /long/folder/name/on/long/path/file.txt /short/file.txt Changes made to /short/file.txt will be applied on the original file.

Hard links may be used to move around big files:

$ ls -lh /myapp/dev/ total 10G -rw-r--r-- 2 root root 10G May 22 12:09 application.bin ln /myapp/dev/application.bin /myapp/prd/application.bin

Instant copy to different folder, and original file (on /myapp/dev) may be moved or deleted, without touching the file on /myapp/pr

symbolic link ---> hard link ---> Inode (data structure that describes a file system object file or dir) ---> DataBlob