Chapter-3:

Access-Control, Links,
R-Login, Online-Help,
Shells, Pipelines,
Sockets & Ports
 Files Access Control in UNIX
• The word “file" refers to all file types, including
directories.
• UNIX has a very simple, but useful, file protection
method.
• To provide a way for users to control access to their files,
the inventors of UNIX devised a rather elegant and
simple access control system.
• Every file has an owner, called its user. The file is also
associated with one of the groups to which the owner
belongs, called its group. Lastly, everyone who is neither
the user nor a member of the file's group is in the class
known as others.
 Files Access Control in UNIX (cont.)
• There are three modes of access to any file: read, write,
and execute.
• Read access is the ability to view file contents. For
directories, this is the ability to view the contents using
the ls command.
• Write access is the ability to change file contents or
certain file attributes. For directories, this implies the
ability to create new links in the directory, to rename
files in the directory, or remove links in the directory.
This will be counterintuitive --the ability to delete a file
from a directory does not depend on whether one has
write privileges for the file, but on whether one has
write privileges for the directory.
 Files Access Control in UNIX (cont.)
• Execute access is the ability to run the file. For
a directory, execute access is the ability to cd
into the directory and as a result, the ability to
run programs contained in the directory and
run programs that need to access the
attributes or contents of files within that
directory.
 In short, without execute access on a
directory, there is little you can do with it.
 Permission Bits
• There are three bits called the read, write, and
execute bits for the user (u), for the group (g),
and for others (o), or nine in total.
• These bits, which are called mode or
permission bits, are usually expressed in one
of two forms:
(1). As an octal number, or
(2). As a string of nine characters.
The Nine-character Permission Bit String is:
• User bits Group bits Others bits
rwx rwx rwx

They must be in this Left-to-Right order:

rwxrwxrwx
Various commands use a dash (-) to indicate that
the bit is turned off.
 Examples
 ˆ The string rwxrw-r--
- Gives the user (owner) read, write, & execute.
- Gives the group, read & write but no execute,
- Gives others, only read permission. ˆ
 The string r-xr-xr-x
- Gives everyone only read and execute.
 ˆ The string rwxr-xr--
- Gives the user read, write, and execute.
- Gives the group, read and execute.
- Gives others, only read access.
 Representing Mode String as
3-Digit Octal Number
• Read = 4
• Write = 2
• Execute = 1
• Illustration:
rwx rw- r-x r-- -wx -w- --x ---
7 6 5 4 3 2 1 0
 Practice #1.2
• What is the Octal Number for rwxrw-r-- ?

• What is the Octal Number for r-xr-xr-x ?

• What is the Octal Number for rwx------ ?

 Characterizing the File Type
• In addition to the mode bits, a file's permission string is
usually displayed with a single character file attribute
that characterizes the file type.
• With long listing ($ ls –L) the character, which appears to
the left of the mode bits, can be one of the following:
- Regular file,
d Directory,
b Buffered special file,
c Character special file,
l Symbolic link,
p Pipe,
s Socket.
Commands to Alter File-Attributes
• chmod <mode> <files> change the file permissions
• chown <owner> <files> change the file ownership
• chgrp <group> <files> change the group ownership
 Symbolic Link
• A symbolic link, also called a soft link, is a file
that stores a string containing the pathname of
another file.
• For example: A frequently used Directory
(actProject) with the pathname:
/data/research/unix/actProject
can be set to be used from home-directory
without entering the path-name by:
$ ln -s /data/research/actProject ~actProject
 Device Special Files
• The UNIX system deviated from the design of all other
OSs of the time by simplifying the way in which programs
handled I/O.
• Every I/O device (disk, printer, modem, etc.) is associated
with a device special file, which is one kind of special file.
• Special files can be accessed using the same system calls
as regular files, but the way the kernel handles the system
call is different when the file argument is a device special
file; the system call activates the device driver for that
device rather than causing the direct transfer of data.
This frees the programmer from having to write different
code for different types of devices.
 Device-Independent I/O
• You can write a program that performs output
without having to know whether the output
will go to a disk file, a display device, a printer,
or any other device.
• The program just connects to a file variable,
which may be associated at run time with any
of the above (underlined) files or devices.
 Illustration with C++ Example
• Suppose a portion of C++ code writes to an output stream
as follows:
ofstream outfile;
cout << "Where should output be sent? ";
cin >> filename;
outfile.open (filename);
 On a UNIX system, the user can enter the filename
"/dev/console" at the prompt, and the output will go to
the display device. If the user enters "myfile" the output
will go to myfile. The kernel will take care of the details
of transferring the data from the program to the device
or the file.
 /dev
• An entry for each device file resides in the directory
/dev, although system administrators often create
soft links to them in other parts of the file system.
• The advantages of device files are that:
 Device I/O is treated uniformly, making it easier to write
programs that are device independent; ˆ
 Changes to the hardware result only in changes to the
drivers and not to the programs that access them;
 Programs can treat files and devices the same, using the
same naming conventions, so that a change to a
program to write to a device instead of a file is trivial; ˆ
 Devices are accorded the same protections as files.
 Examples of Devices on /dev
• ˆ /dev/tty is the name of the terminal that the
process is using (screen).
• ˆ /dev/mem is a special file that is a character
interface to memory. A process writes to it.
• ˆ /dev/null is a special file that acts like a black
hole. All data sent to it is discarded (/dev/zero).
• /dev/rd0a or /dev/had is a hard drive partition.
• /dev/cdrom mapped to a CD-ROM drive.
 Browse /dev on your machine to see which files exist.
 Practice #1.3
• Login to the UNIX system and enter the
command below and observe the system
response.
$ echo "hello" > /dev/tty
Type "tty" and use its output with echo:
$ tty
/dev/pts/4  Device name
$ echo "hello" > /dev/pts/4
hello  Output on the screen
 Remote Login (SSH)
• SSH stands for Secure SHell.
• SSH is a client/server application.
• SSH is a protocol that provides encrypted
communication to prevent passwords and other
secure information from being captured in transit
over insecure networks.
• The server runs on the remote host, the one into
which you want to login, and the client is on your
local host.
 You need the IP-address of the remote host, the login
or user name, and your password.
 Online Help: The man Pages
• The single most important command to
remember is the man command.
• The word "man" is short for "manual"; if you
type man following by the name of a
command, UNIX will display the manual page
for that command.
• Try:
$ man echo
 Output of  $ man echo
• NAME
echo - display a line of text
• SYNOPSIS
echo [SHORT-OPTION]... [STRING]...
echo LONG-OPTION
• DESCRIPTION
Echo the STRING(s) to standard output.
-n do not output the trailing newline
-e enable interpretation of backslash escapes
-E disable interpretation of backslash escapes (default)
(remaining lines omitted……. )
 The Full Listing
• NAME is the name of the command
• SYNOPSIS syntax for using the command
• DESCRIPTION brief textual summary of what the command does
• OPTIONS precise descriptions of command-line options
• OPERANDS precise descriptions of command-line arguments
• USAGE a more thorough description of the use of the command
• ENVIRONMENT VARIABLES list of environment variables that affect
the command execution
• EXIT STATUS list of exit values returned by the command
• FILES list of files that affect the command execution
• ATTRIBUTES architectures on which it runs, availability, code
independence, etc.
• SEE ALSO list of commands related to this command
• NOTES general comments that do not fit elsewhere
• BUGS known bugs
 Unix Shell
• Unix Shell interprets your command to execute associated
programs/commands and it arranges for the execution
process for them. It allows users to control how and when
command are carried out, so it is like a programming
language.
• The shell hides the inner workings of the kernel, presenting
a set of high level functions that can make the system easy
to use.
• Although you may have used a UNIX system with a graphical
user interface, you must be aware that this GUI is an
application separate and distinct from UNIX.
• The GUI provides an alternative to a shell for interacting with
UNIX, but experienced users usually rely on using a shell for
many tasks because it is much faster.
 Different Shells
• There are many different shells, including:
• Bourne shell (sh)………($ Prompt)
• Korn shell (ksh) ……..…($ Prompt)
• C shell (csh) ……….…..…(% Prompt), suitable for
programmers than the other two shells (bourn & korn) .
• Bourne-again shell (bash),
• Z shell (zsh), and
• TC shell (tcsh).
 Shells have different syntax for commands. For
example: In C-Shell to list environment variables %
printenv
 Shell Features
• In all shells, a simple command is of the form:
$ commandname options arg1 arg2 ... argn
• The shell waits for a newline character <Return/Enter key> to be
typed before it attempts to interpret (parse) a command. A newline
signals the end of the command.
• Once it receives the entered line, it checks to see if commandname
is a built-in shell command (A built-in command is one that is hard-
coded into the shell itself.) If it is, it executes the command. If not, it
searches for a file whose name, either relative or absolute, is
commandname. If it finds one, this file is loaded into memory and
the shell creates a child process to execute the command, using the
arguments from the command line.
• When the command is finished, the child process terminates and
the shell resumes its execution.
 The Shell Provides:
• Redirection of the input & output of commands.
• ˆ Pipes -a method of channeling the output of
one command to the input of another.
• Scripting -a method of writing shell programs
that can be executed as files.
• File name substitution using metacharacters.
• Control flow constructs such as loops and
conditional execution.
 Standard I/O and Redirection
• UNIX uses a clever method of handling I/O.
Every program is automatically given three open
files when it begins execution, called standard
input (keyboards), standard output (screen), and
standard error (screen).
• Commands usually read from standard input
and write to standard output.
• The shell, however, can "trick" a command into
reading from a different source or writing to a
different source. This is called I/O redirection.
 Redirection Examples
• $ ls mydir (Lists the files in the given directory on the screen).
• $ ls mydir > myfile (Creates a file called myfile and
redirects the output of the ls command to it. If it was already
exist, it will display a message such as”
“ bash: myfile: cannot overwrite existing file”

Notice:
 The notation "> outfile" means “ send output to outfile.
 The notation “< infile" means “ read input from infile
 A command can have both input and output redirected:
$ command < infile > outfile
 Remark
• The order of the command, and the input and
output redirection does not matter. One can
also write any of the following semantically
equivalent lines:
• $ command > outfile < infile
• $ > outfile command < infile
• $ < infile > outfile command
 Pipe or Pipeline ( | )
• The concept of redirection is carried one step
further to allow the output of one command to
be the input of another. This is known as a pipe
or pipeline, and the operator is a vertical bar "|“
• $ ls mydir | sort | lpr means pass the contents of
mydir, as input to the sort command, which then
sorts them, and prints them on the default
printer attached to the system.
 Advantage of the Pipe (Shortcuts)
• $ ls mydir | sort | lpr  One line of commands
is equivalent to 4
lines
……………………………………………………………………………..
• $ ls mydir > temp1 }
• $ sort < temp1 > temp2 } ___ 4 lines
• $ lpr < temp2 }
• $ rm temp1 temp2 }
 Command Separators
and Multitasking
• Commands can be combined on single line by
using command separators. The semicolon ";"
acts like a newline character to the shell.
• $ ls mydir ; date
Which lists the contents of the given directory
and then displays the current time and date.
 Work in the Background ( & )
• The “&” can be used to make the command works in the
background.
• Example:
$ ls mydir > outfile &
 It causes the ls command to work "in the
background. The ampersand "&" at the end of the line
tells the shell not to wait for the command to terminate
but to instead resume immediately; it is a backgrounding
operator.
 The ls command runs in the background, sending its
output to the file outfile while the shell does other things.
This is a form of multitasking.
 Running Separate Commands
• The “&” can be used to run separate
commands in the background.
• Example:
$ ls mydir > outfile1 & date > outfile2 &
Tells the shell to run the ls and date
commands concurrently and in the
background, putting their respective outputs
in files outfile1 and outfile2 respectively.
 The Shell as a Command
• Shells can be run as commands. You can type the
name of a shell, e.g., bash, sh, or csh at the command
prompt within any other shell, to start another shell.
Example:
• $ sh {In this case the Bourne shell}
If you do this, you will have two instances of the bash
shell running, but the first will be dormant, waiting for
the second to exit.
 When one shell is created as a result of another shell,
the created one is called the sub-shell of the original
shell, which is called the parent shell.
 Current Running Shell
• To know the currently running (because you
forgot, for example), type:
• $ echo $0  Display current shell (currently running program)
• The echo evaluates its arguments. If you give
it the name of a variable preceded by a dollar
sign "$", it displays the value of the variable,
not the name.
• $ echo $SHELL  Environment variable (SHELL)
/bin/bash  Output is the value of the Environment variable
which is the login shell; not the current
shell.
Another way to know the currently running Shell

• $ ps –p $$
The value of $$ is the process-id of the
currently running process, and ps -p is a
command that will display information about
the process whose process-id is given to it.
Such information will include the name of the
running shell, of course.
 Hark Link Vs Soft Link
• The major difference between a hard link and
soft link is that hard link is the direct reference
to the file whereas soft link is the reference by
name.
• A hard link is a file all its own, and the file
points to the exact spot on a hard drive where
the Inode stores the data.
• A soft link isn't a separate file, it points to the
name of the original file, rather than to a spot
on the hard drive.
 Illustration on Soft Link
$ ln [-sf] [source] [destination]

By default, the ln command creates a hard link.

Use the -s option to create a soft (symbolic) link.
The -f option will force the command to overwrite a file that already exists.
Source is the file or the directory being linked to.
Destination is the location to save the link – if this is left blank, the symbolic
is stored in the current working directory.

 For example, create a symbolic link with:

$ ln -s myfile newlinkfile
This creates a symbolic link (newlinkfile) that points to the myfile.
To verify whether the symbolic has been created, use the ls command:
$ ls -l newlinkfile
newlinkfile  Output; if it was created successfully!
 Sockets
• The socket is a mechanism that provides a
connection between the two-processor system by
using network stacks. In a more clear way, we can
use sockets to communicate and transfer data
between two systems.
• Definition:
A socket is one endpoint of a two-way
communication link between two programs running
on the network. A socket is bound to a port number
so that the TCP layer can identify the application that
data is destined to be sent to. (An endpoint is a
combination of an IP address and a port number).
 Socket Vs Port
• The difference between socket and port is
that the socket is the interface of sending and
receiving data on a specific port while the port
is a numerical value assigned to a specific
process or an application in the device.
• A socket-address is the combination of an IP
address and a port number,
Socket Address Visualization
THANK YOU!