Total Pageviews

Search: This Blog, Linked From Here, The Web, My fav sites, My Blogroll

26 June 2010

FreeBSD --- Working with files

Like all multi-user systems, UNIX keeps track of who 
owns what file and who can do what with each 
file. Permissions attached to each file and 
directory determine who can use them


File types
Everything in a BSD(*nix) file system can be viewed as a file. This includes:
  • data files
  • directories
  • devices
  • named pipes
  • links 
  • ... and other types of files. 
Associated with each file is a set of information that determines:

  • who can access the file and 
  • how they can access it 
Directories and regular files are by far the file types you will use most often. However, there are several other types of files you will encounter as you use BSD. From the command line, there are many ways you can create, find, and list different types of files.
    Files that provide access to the hardware components on your computer
are referred to as device files. There are character and block devices.
    There are hard links and soft links you can use to make the same file accessible from different locations.
    Less often used directly by regular users are named pipes and sockets, which provide access points for processes to communicate with each other.

Using Regular Files
Regular files consist of data files (documents, music, images, archives, and so on) and commands (binaries and scripts). You can determine the type of a file using the file command.
    In the following example, you change to the directory containing bash shell documentation and use file to view some of the file types in that directory:
$ cd /usr/local/share/doc/libogg
$ file *
framing.html: HTML document text
ogg: directory
rfc3533.txt:  ASCII English text
stream.png:   PNG image data, 592 x 37, 8-bit colormap, non-interlaced

The file command that was run shows document and image files of different formats, related to libogg. It can look inside the files and determine that a file contains text with HTML markup (used in web pages), plain text, or an image. There is even a subdirectory shown (ogg).
    Creating regular files can be done by any application that can save its data. If you just want to create some blank files to start with, there are many ways to do that. Here are two examples:
$ touch /tmp/newfile.txt   Create a blank file
$ cat /dev/null > /tmp/newfile2.txt  Create an empty file

Doing a long list on a file is another way to determine its file type. For example:
$ ls -l /tmp/newfile2.txt  List a file to see its type
-rw-rw-r-- 1 chris chris 0 Sep 5 14:19 newfile2

 A dash in the first character of the 10-character permission information  (-rw-rw-r--) indicates that the item is a regular file.
    Commands are also regular files, but are usually saved as executables. Here are some examples:
$ ls -l /usr/bin/apropos
-r-xr-xr-x 1 root wheel 2248 Jan 12 2007 /usr/bin/apropos
$ file /usr/bin/apropos
/usr/bin/apropos: Bourne shell script text executable
$ file /bin/ls
/bin/ls: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD), 
for FreeBSD 6.3, dynamically linked (uses shared libs), stripped

You can see that the apropos command is executable by the x settings for owner,
group, and others.
    By running file on apropos, you can see that it is a shell script. That’s opposed to a binary executable, such as the ls command indicated above.

Using Directories
A directory is a container for files and subdirectories. Directories are set up in a hierarchy from the root (/) down to multiple subdirectories, each separated by a slash (/). Directories are called folders when you access them from graphical file managers.
    To create new directories for storing your data, you can use the mkdir command. Here are examples of using mkdir to create directories in different ways:
$ mkdir /tmp/new  Create “new” directory in /tmp
$ mkdir -p /tmp/a/b/c/new Create parent directories as needed for “new”
$ mkdir -m 700 /tmp/new2 Create new2 with drwx------ permissions

  • The first mkdir command simply adds the new directory to the existing /tmp directory. 
  • The second example creates directories as needed (subdirectories a, b, and c) to
    create the resulting new directory. 
  • The last command adds the -m option to set directory permissions as well.

You can identify the file as a directory because the first character in the 10-character permission string for a directory is a d:
$ file /tmp/new
/tmp/new: directory
$ ls -ld /tmp/new
drwxr-xr-x   2 chris chris 4096 Sep 5 14:53 /tmp/new 

Note also that the execute bits (x) must be on, if you want people to be able to use the directory as their current directories.

Using Symbolic and Hard Links
Instead of copying files and directories to different parts of the file system, links can be set up to access that same file from multiple locations. BSD supports both soft links (usually called symbolic links) and hard links.
    When you try to open a symbolic link that points to a file or change to one that points to a directory, the command you run acts on the file or directory that is the target of that link.
  • The target has its own set of permissions and ownership that you cannot see from the symbolic link. 
  • The symbolic link can exist on a different disk partition than the target. In fact, the symbolic link can exist, even if the target doesn’t.
NOTE When you use commands such as tar to backup files that include symbolic links, there are ways of choosing whether or not the actual file the symbolic link points to is archived. If you do back up the actual file, restoring the file can cause the link to be overwritten (which may not be what you want). See the tar man page for details on different ways of backing up symbolic links.

A hard link can only be used on files (not directories) and is basically a way of giving multiple names to the same physical file.
  • Every physical file has at least one hard link, which is commonly thought of as the file itself. 
  • Any additional names (hard links) that point to that single physical file must be on the same partition as the original target file(in fact, one way to tell that files are hard links is that they all have the same inode number). 
  • Changing permission, ownership, date/timestamp, or content of any hard link to a file results in all others being changed as well. 
  • However, deleting one link will not remove the file; it will continue to exist until the last link, or technically the last inode, to the file is deleted.
Here are some examples of using the ln command to create hard and symbolic links:
$ touch myfile
$ ln myfile myfile-hardlink
$ ln -s myfile  myfile-symlink
$ ls -li myfile*
292007 -rw-rw-r--  3  francois francois 0 Mar 25 00:07 myfile
292007 -rw-rw-r--  3  francois francois 0 Mar 25 00:07 myfile-hardlink
292008 lrwxr-xr-x  2 francois francois 6 Mar 25 00:09 myfile-symlink -> myfile

Note that after creating the hard and symbolic link files, we used the ls -li command to list the results. The -li option shows the inodes associated with each file.
  • You can see that myfile and myfile-hardlink both have the inode number of 292007 (signifying the exact same file on the hard disk). 
  • The myfile-symlink symbolic link has a different inode number. And although the hard link simply appears as a file (-), the symbolic link is identified as a link (l) with wide-open permissions. You won’t know if you can access the file the symbolic link points to until you try it or list the link target.

Using Device Files
When applications need to communicate with your computer’s hardware, they direct data to device files. By convention, device files are stored in the /dev directory.
    Historically, devices were generally divided into block devices (such as storage
media) and character devices (such as serial ports and terminal devices).
FreeBSD, however, uses only character devices to communicate with the hardware.
Here are examples of device files:
$ ls -l /dev/*                          List devices
crw-r----- 1 root  operator   0, 94 Jan 29   19:12   acd0   CD drive
crw-r----- 1 root  operator   0, 85 Jan 29   19:12   ad0    Hard Drive
crw--w---- 1 chris  tty       0, 100 Jan 31  06:07   ttyp0  Remote login terminal
crw------- 1 chris  tty       0, 60 Jan  30  07:18   ttyv0  First virtual terminal
crw------- 1 root  wheel      0, 61 Jan 29   19:12   ttyv1  Second virtual terminal

Using Named Pipes and Sockets
When you want to allow one process to send information to another process, you can simply pipe (|) the output from one to the input of the other. However, to provide a presence in the file system from which a process can communicate with other processes, you can create named pipes or sockets.
  • Named pipes are typically used for interprocess communication(IPC) on the local system while 
  • sockets can be used for processes to communicate over a network.
  • Named pipes and sockets are often set up by applications in the /tmp directory
Here are some examples of named pipes and sockets:
$ ls -l /tmp/.TV-chris/tvtimefifo-local /tmp/.X11-unix/X0
prw------- 1 chris chris 0 Sep 26 2007 /tmp/.TV-chris/tvtimefifo-local
srwx------ 1 chris wheel 0 Sep 4 01:30 /tmp/fam-chris/fam-

  • The first listing is a named pipe set up by a TV card player (note the p at the beginning indicating a named pipe). 
  • The second listing is a socket set up for interprocess communications.
To create your own named pipe, use the mkfifo command as follows:
$ mkfifo mypipe
$ ls -l mypipe
prw-r--r-- 1 chris chris 0 Sep 26 00:57 mypipe

To find out what sockets are currently active on your system, use the sockstat command as follows:
$ sockstat

Unless you are developing applications, you probably won’t need to create named
pipes or sockets. Another way to find where named pipes and sockets exist on your system is to use the -type option to the find command

Setting File and Directory Permissions
The ability to access files, run commands, and change to a directory can be restricted with permission settings for
  • user
  • group, and 
  • other users
When you do a long list (ls -l) of files and directories, the beginning 10 characters shown indicate what the item is (file, directory, character device, and so on) along with whether or not theitem can be read, written, or executed. Figure 4-1 illustrates the meaning of those 10 characters.
    To follow along with examples in this section, create a directory called /tmp/test and a file called /tmp/test/hello.txt. Then do a long listing of those two items, as follows:
$ mkdir /tmp/test
$ echo “some text” > /tmp/test/hello.txt
$ ls -ld /tmp/test/ /tmp/test/hello.txt
drwxrwxr-x 2 francois wheel 4096 Mar 21 13:11 /tmp/test
-rw-r--r-- 2 francois wheel 10 Mar 21 13:11 /tmp/test/hello.txt

After creating the directory and file, the first character of the long listing shows
/tmp/test as a directory (d) and hello.txt as a file (-).
    Other types of files available in BSD that would appear as the first character include character devices (c), block devices (b) or symbolic links (l), named pipes (p), and sockets (s).
    The next nine characters represent the permissions set on the file and directory.
  • The first rwx indicates that the owner (francois) has read, write, and execute permissions on the directory. Likewise, the group wheel has the same permission (rwx). Then all other users have only read and execute permission (r-x); the dash indicates the missing write permission. 
  • For the hello.txt file, the user and group have read permission (r--) and others have read permission (r--).
When you set out to change permissions, each permission can be represented by an octal number (where read is 4, write is 2, and execute is 1) or a letter (rwx).
    Generally speaking, read permission lets you view the contents of the directory, write lets you change (add or modify) the contents of the directory, and execute lets you change to (in other words, access) the directory.
    If you don’t like the permissions you see on files or directories you own, you can change those permissions using the chmod command.

Changing Permissions with chmod
The chmod command lets you change the access permissions of files and directories. Table 4-1 shows several chmod command lines and how access to the directory or file changes.
  • The first 0 in the mode line can usually be dropped (so you can use 777 instead of 0777). That placeholder has special meaning. It is an octal digit that can be used on commands (executables) to indicate that the command can run as a set-UID program (4), run as a set-GID program (2), or become a sticky program (1). 
  • With set-UID and set-GID, the command runs with the assigned user or group permissions (instead of running with permission of the user or group that launched the command).
WARNING! SUID should not be used on shell scripts. A shell script that is owned by the root user is vulnerable to being exploited, resulting in an attacker gaining access to a shell with root user permissions.

Having the sticky bit on for a directory keeps users from removing or renaming files from that directory that they don’t own (/tmp is an example). Given the right permission settings, however, users can change the contents of files they don’t own in a sticky bit directory. The final permission character is t instead of x on a sticky directory.
    A command with sticky bit on used to cause the command to stay in memory, even while not being used. This is an old UNIX feature that is not supported in most modern BSD, UNIX, and Linux systems.
    The -R option is a handy feature of the chmod command. With -R, you can recursively change permissions of all files and directories starting from a point in the file system.
Here are some examples:
# chmod -R 700 /tmp/test Open permission only to owner below /tmp/test
# chmod -R 000 /tmp/test Close all permissions below /tmp/test
# chmod -R a+rwx /tmp/test Open all permissions to all below /tmp/test

Note that the -R option is inclusive of the directory you indicate. So the permissions above, for example, would change for the /tmp/test directory itself, and not just for the files and directories below that directory.

Setting the umask
Permissions given to a file or directory are assigned originally at the time that item is created. How those permissions are set is based on the user’s current umask value. Using the umask command, you can set the permissions given to files and directories when you create them.
$ umask 0066 Make directories drwx--x--x  and files  -rw-------
$ umask 0077 Make directories drwx------  and files  -rw-------
$ umask 0022 Make directories drwxr-xr-x  and files  -rw-r--r--
$ umask 0777 Make directories d---------  and files  ----------

Changing Ownership
When you create a file or directory, your user account is assigned to that file or directory. So is your primary group. As root user, you can change the ownership (user) and group assigned to a file to a different user or group using the chown and chgrp commands. Here are some examples:
#chown chris test/   Change owner to chris
#chown chris:market test/  Change owner to chris and group to market
#chgrp  market test/    Change group to market
#chown -R chris test/   Change all files below test/ to owner chris

The recursive option to chown (-R) just shown is useful if you need to change the
ownership of an entire directory structure. As with chmod, using chown  recursively changes permissions for the directory named, along with its contents.
    You might use chown recursively when a person leaves a company or stops using your web service. You can use chown -R to reassign their entire /home directory to a different user.

Traversing the File System
Basic commands for changing directories (cd), checking the current directory (pwd) and listing directory content (ls) are well known to even casual shell users. So this section focuses on some less-common options to those commands, as well as other lesser-known features for moving around the file system. Here are some quick examples of cd for moving around the file system:
$ cd             Change to your home directory
$ cd $HOME       Change to your home directory
$ cd ~           Change to your home directory
$ cd ~francois   Change to francois home directory
$ cd -           Change to previous working directory
$ cd $OLDPWD      Change to previous working directory(bash shell)
$ cd ~/public_html  Change to /public_html in your home directory(if it
$ cd ..          Change to parent of current directory
$ cd /usr/bin    Change to usr/bin from root directory
$ cd usr/bin     Change to usr/bin beneath current directory

If you want to find out what your current directory is, use pwd (print working directory):
$ pwd/home/francois

Creating symbolic links is a way to access a file from other parts of the file system. 
However, symbolic links can cause some confusion about how parent directories are viewed. The following commands create a symbolic link to the /tmp directory from your home directory and show how to tell where you are related to a linked directory:
$ cd $HOME
$ ln -s /tmp tmp-link
$ ls -l tmp-link
lrwxrwxrwx 1 francois francois 13 Mar 24 12:41 tmp-link -> /tmp

$ cd tmp-link/
$ pwd

$ pwd -P    Show the permanent location
$ pwd -L   Show the link location

$ cd -L ..  Go to the parent of the link location
$ pwd

$ cd tmp-link
$ cd -P ..  Go to the parent of the permanent location
$ pwd

Using the -P and -L options to pwd and cd, you can work with symbolically linked directories in their permanent or link locations, respectively.
  • For example, cd -L .. takes you up one level to your home directory, whereas cd -P .. takes you up one level above the permanent directory (/). 
  • Likewise, the -P and -L options to pwd show permanent and link locations.
If you use the csh or bash shells, they can remember a list of working directories for you. Such a list can be useful if you want to return to previously visited directories. That list is organized in the form of a stack. Use pushd and popd to add and remove directories.
$ pwd
$ pushd /usr/share/man/
/usr/share/man ~
$ pushd /var/log/
/var/log /usr/share/man ~
$ dirs
/var/log /usr/share/man ~
$ dirs -v
0 /var/log
1 /usr/share/man
2 ~
$ popd
/usr/share/man ~
$ pwd
$ popd
$ pwd

The dirs, pushd, and popd commands can also be used to manipulate the order of
directories on the stack. For example, pushd -0 pushes the last directory on the
stack to the top of the stack (making it the current directory). The pushd -2 com-
mand pushes the third directory from the bottom of the stack to the top.

Copying Files
Provided you have write permission to the target directory, copying files and directories can be done with some fairly simple commands.
    The standard cp command will copy a file to a new name or the same name in a new directory, with a new timestamp associated with the new file. Other options to cp let you retain date/timestamps, copy recursively, and prompt before overwriting. Here are some examples:
# cd ; mkdir public_html ; touch index.html
# cp -i index.html public_html/    Copy with new timestamp
# cp -il index.html public_html/   Create hard link instead of copy
# cp -Rv public_html/ /mnt/usb/   Copy all files recursively (with verbose)

The above examples show ways of copying files related to a personal web server.
  1. In the first cp example above, if an index.html file exists in public_html, you are prompted before overwriting it with the new file. 
  2. In the next example, the index.html file is hard-linked to a file of the same name in the public_html directory. In that case, because both hard links point to the same file, editing the file from either location will change the contents of the file in both locations. (The link can only be done if public_html/ and your home directory are in the same file system.)
  3. The cp -Rv command copies all files below the public_html/ directory, updating ownership and permission settings to match those of the user running the command. It also uses current date- and timestamps. If, for example, /mnt/usb represented a USB flash drive, that command would be a way to copy the contents of your personal web server to that drive.
The dd command is another way to copy data. This command is very powerful because on BSD systems, everything is a file, including hardware peripherals. Here is an example:
$ dd if=/dev/zero of=/tmp/mynullfile count=1
1+0 records in
1+0 records out
512 bytes transferred in 0.000253 secs (2022113 bytes/sec)

/dev/zero is a special file that generates null characters. In the example just shown, the dd command takes /dev/zero as input file and outputs to /tmp/mynullfile. The count is the number of blocks. By default, a block is 512 bytes. The result is a 512-bytes long file full of null characters. You could use less or vi to view the contents of the file. However, a better tool to view the file would be the od (Octal Dump) command:
$ od -vt x1 /tmp/mynullfile   View an octal dump of a file

Here’s another example of the dd command. This time, we set the block size to 2 bytes and copied 10 blocks (20 bytes):
$ dd if=/dev/zero of=/tmp/mynullfile count=10 bs=2
10+0 records in
10+0 records out
20 bytes transferred in 0.000367 secs (54507 bytes/sec)

WARNING! The following dd commands overwrite the contents of your disk partitions. To be on the safe side, examples show data being written to USB drives.
That’s so you could use something like a USB memory stick, which we presume can be overwritten without harming the contents of your hard drives. Don’t try these commands if you have any confusion about the devices you are dealing with.
The following command line clones the first partition of the second IDE drive to the first USB drive. This can be useful for backing up a small partition to a USB memory stick.
Warning, the following command overwrites the contents of your USB drive
# dd if=/dev/ad1s1 of=/dev/da0s1 

The next example makes a compressed backup of the first partition of the primary master IDE drive. Typically the partition should be unmounted before a backup such as this.
# umount /dev/da0s1
# dd if=/dev/da0s1 | gzip > bootpart.gz

The following command copies a boot image (diskboot.img) to your USB flash drive (assuming the drive appears as /dev/da0):
# dd if=diskboot.img of=/dev/da0

This example copies the Master Boot Record from the second IDE hard drive to a file named mymbrfile:
# dd if=/dev/ad1s1 of=mymbrfile bs=512 count=1

If you add the dd_rescue program to your BSD system (pkg_add –r dd_rescue) you can create an ISO image with a command that is similar to dd but has many options and much more verbose feedback:
# dd_rescue /dev/acd0 myimage.iso
dd_rescue:       (info):  ipos:   139264.0k, opos:   139264.0k, xferd: 139264.0k8.0k
errs:  0, errxfer: 0.0k, succxfer:139264.0k +curr.rate:6702kB/s, avg.rate:  8312kB/s, avg.load: 16.6%

Changing File Attributes
Files and directories in BSD file systems have read, write, and execute permissions associated with user, group, and others. However, there are also other attributes that can be attached to files and directories that are specific to certain file system types.
    If you have added ext2 or ext3 file systems to your BSD system (possibly for Linux compatibility) you have special attributes that you may choose to use. Tools for creating and working with ext2 and ext3 file systems are available in FreeBSD from the e2fsprogs package (pkg_add -r e2fsprogs).
    You can list ext2/ext3 attributes with the lsattr command. Most attributes are obscure and not turned on by default. Here’s an example of using lsattr to see some files’ attributes:
# lsattr /mnt/usb/*
------------- /mnt/usb/01.txt
-------------  /mnt/usb/02.txt
------------- /mnt/usb/03.txt
-------------  /mnt/usb/04.txt
$ lsattr -aR /tmp/ | less   Recursively list all  /tmp attributes

The dashes represent 13 ext2/ext3 attributes that can be set. None are on by default. Those attributes are the following:
  • a (append only), 
  • c (compressed), 
  • d (no dump), 
  • i(immutable), 
  • j (data journaling), 
  • s (secure deletion), 
  • t (no tail-merging), 
  • u (undeletable),
  • A (no atime updates), 
  • D (synchronous directory updates), 
  • S (synchronous updates), and
  • T (top of directory hierarchy).
You can change these attributes using the chattr command. Here are some examples:
# chattr +i /mnt/usb/01.txt
$ chattr +a /mnt/usb/02.txt
$  chattr +d /mnt/usb/03.txt
$ lsattr /mnt/usb/*.txt
----i--------  /mnt/usb/01.txt
-----a------- /mnt/usb/02.txt
------d------  /mnt/usb/03.txt

As shown in the preceding example,
  • with the +i option set, the 01.txt file becomes immutable, meaning that it can’t be deleted, renamed, changed, or have a link created to it. Here, this prevents any arbitrary changes to that file. (The root user can’t even remove an immutable file without agreeing to override the i attribute.) 
  • With +a set, a file can only be appended to and not deleted. 
  • If you use the dump command to back up your ext2/ext3 file systems, the +d option can prevent selected files from being backed up.
To remove an attribute with chatter, use the minus sign (-). For example:
# chattr -i /mnt/usb/01.txt

NOTE Crackers who successfully break into a machine will often replace some system binaries (such as ls or ps) with corrupt versions and make them immutable. It’s a good idea to occasionally check the attributes set for your executables (in /bin, /usr/bin, /sbin, and /usr/sbin, for example).

Searching for Files
Your BSD system can be configured to keep a database of all the files in the file system (with a few exceptions defined in /etc/locate.rc) by periodically running
the /usr/libexec/locate.updatedb script. The locate command enables you to search that database.
    The results come back instantly, since the database is searched and not the actual file system. Before locate was available, most BSD users ran the find command to find files in the file system.

Generating the locate Database
You can generate the locate database by running the following script:
$ /usr/libexec/locate.updatedb

Note that by running this script as a regular user, the database will only include files that are accessible to all users, as well as that user in particular. You can run this script as root user to gather all files on your computer. But that could pose a security risk by allowing non-root users to see files you might otherwise want hidden from their sites.
    After you run the locate.updatedb script, the /var/db/locate.database is created. You could add that script to a cron job to run periodically. You are now ready to use the locate command to search for files.

Finding Files with locate
Because the database contains the name of every node in the file system, and not just commands, you can use locate to find commands, devices, man pages, data file or anything else identified by a name in the file system. Here is an example:
$ locate atapifd

The above example found the atapi.ko kernel module. locate is case sensitive unless you use the –i option. Here’s an example:
$ locate -i ImageMagick-6

Here are some examples using locate with regular expressions and with output limits:
$ locate *atapi*ko  Locate files with atapi and ko in the name
$ locate -l 5 kernel   Limit number of files found to five
locate: [show only 5 lines]

You can find information about the location and size of the locate database as follows:
$ locate -S
Database: /var/db/locate.database
Compression: Front: 21.64%, Bigram: 61.00%, Total: 15.57%
Filenames: 276585, Characters: 13071602, Database size: 2035326
Bigram characters: 793708, Integers: 9379, 8-Bit characters: 0

To update the locate database immediately, run the locate.updatedb command again manually:
$ /usr/libexec/locate.updatedb

Locating Files with find
Before the days of locate, the way to find files was with the find command. Although locate will come up with a file faster, find has many other powerful  options for finding files based on attributes other than the name.
NOTE Searching the entire file system can take a long time to complete. Before searching the whole file system, consider searching a subset of the file system or excluding certain directories or remotely mounted file systems.
This example searches the root file system (/) recursively for files named wlan_wep.ko:
$ find / -name “wlan_wep.ko” -printfind: /tmp/fam-root:  Permission denied
find: /usr/local/etc/samba: Permission denied

Running find as a normal user can result in long lists of Permission denied as
find tries to enter a directory you do not have permissions to. You can filter out the inaccessible directories:
$ find / -name wlan_wep.ko 2>&1 | grep -v “Permission denied”

Or send all errors to the /dev/null bit bucket:
$ find / -name wlan_wep.ko 2> /dev/null

Because searches with find are case sensitive and must match the name exactly
(wlan_wep.ko won’t match other instances of wlan_wep), you can use regular
expressions to make your searches more inclusive. Here’s an example:
$ find / -name ‘wlan_wep*’ 2> /dev/null/boot/kernel/wlan_wep.ko

You can also find files based on timestamps. This command line finds files in /usr/bin/ that have been accessed in the past two minutes:
$ find /usr/bin/ -amin -2

This finds files that have not been accessed in /home/chris for over 60 days:
$ find /home/chris/ -atime +60

Use the -type d option to find directories. The following command line finds all directories under /etc and redirects stderr to the bit bucket (/dev/null):
$ find /etc -type d -print 2> /dev/null

This command line finds files in /sbin with permissions that match 555:
$ find /sbin/ -perm 555

The exec option to find is very powerful, because it lets you act on the files found with the find command. The following command finds all the files in /var owned by the user francois (must be a valid user) and executes the ls -l command on each one:
$ find /var -user francois -exec ls -l {} \;

An alternative to the find command’s exec option is xargs:
$ find /var -user francois | xargs ls –l

There are big differences on how the two commands just shown operate, leading to very different performance.
  • The find -exec spawns the command ls for each result it finds. 
  • The xargs command works more efficiently by passing many results as input to a single ls command.
To negate a search criterion, place an exclamation point (!) before that criterion. The next example finds all the files that are not owned by the group root and are regular files, and then does an ls -l on each:
$ find / ! -group wheel -type f 2> /dev/null | xargs ls –l

The next example finds the files in /sbin that are regular files and are not executable by others, then feeds them to an ls -l command:
$ find /sbin/ -type f ! -perm o+x | xargs ls –l

Finding files by size is a great way to determine what is filling up your hard disks. The following command line finds all files that are greater than 10 MB (+10M), lists those files from largest to smallest (ls -lS) and directs that list to a file (/tmp/bigfiles.txt):
$ find / -xdev -size +10M 66 | xargs ls -lS > /tmp/bigfiles.txt

In this example, the -xdev option prevents any mounted file systems, besides the root file system, from being searched. This is a good way to keep the find command from searching special file systems (such as the /proc file system, if that is mounted) and any remotely mounted file systems, as well as other locally mounted file systems.

Using Other Commands to Find Files
Other commands for finding files include the whereis and which commands. Here
are some examples of those commands:
$ whereis man
man: /usr/bin/man /usr/share/man/man1/man1.gz

The whereis command is useful because
  • it not only finds commands, 
  • it also finds man pages and 
  • configuration files associated with a command.
From the example of whereis for the word man, you can see the man executable, its configuration file, and the location of man pages for the man command.
    The which command is useful when you’re looking for the actual location of an executable file in your PATH, as in this example:
$ pkg_info -W `which mkfs.ext2`
/usr/local/sbin/mkfs.ext2 was installed by package e2fsprogs-1.40.2_1

Finding Out More About Files
Now that you know how to find files, you can get more information about those files. Using less-common options to the ls command lets you list information about a file that you won’t see when you run ls without options. Commands such as file help you identify a file’s type. With md5sum and sha1sum, you can verify the validity of a file.

Listing Files
Although you are probably quite familiar with the ls command, you may not be
familiar with many of the useful options for ls that can help you find out a lot about the files on your system. Here are some examples of using ls to display long lists (-l) of files and directories:
$ls -l    Files and directories in current directory
$ls -la   Includes (hidden)files/directories beginning with dot (.)
$ls -lt   Orders files by time recently changed
$ls -lS   Orders files by size (largest first)
$ls -li   Lists the inode associated with each file
$ls -ln   List numeric user/group IDs, instead of names
$ls -lh   List file sizes in human-readable form (K, M, etc.)
$ls -lR   List files recursively, from current and subdirectories
$ ls -F   Add a character to indicate file type
$ ls -G   Show file types as different colors
$ ls -C   Show files listing in columns

Verifying Files
When files such as software packages and CD or DVD images are shared over the Internet, often a sha1sum or md5sum file is published with it. Those files contain checksums that can be used to make sure that the file you downloaded is exactly the one that the repository published.
    The following are examples of downloading an ISO image file, then using the md5 and sha256 commands to verify checksums of the file:
$ wget -c
$  md5 6.3-RELEASE-i386-disc1.iso
MD5 (6.3-RELEASE-i386-disc1.iso) =  cdb0dfa4b2db3e4c9cc19138f4fb2ada
$ sha256  6.3-RELEASE-i386-disc1.iso
SHA156 (6.3-RELEASE-i386-disc1.iso) =  15081a56d184a18c7cc3a5c3cd0d7d5b7d9304c9cc1d5fc40d875b0fd3047721

Which command you choose depends on whether the provider of the file you are
checking distributed md5sum or sha1sum information. FreeBSD offers both md5 (CHECKSUM.MD5) and sha1 files.
    With all the ISO files listed in this CHECKSUM.MD5 file contained in the current directory, you can verify them all at once using the -c option and the Linux-compatible md5sum command. Here is an example:
$ /usr/compat/linux/usr/bin/md5sum -c CHECKSUM.MD5
6.3-RELEASE-i386-bootonly.iso: OK
6.3-RELEASE-i386-disc1.iso: OK
6.3-RELEASE-i386-disc2.iso: OK
6.3-RELEASE-i386-disc3.iso: OK
6.3-RELEASE-i386-docs.iso: OK 

To verify only one of the files listed in the checksum file, you could do something like the following:
$ grep bootonly CHECKSUM.MD5 | /usr/compat/linux/usr/bin/md5sum -c
6.3-RELEASE-i386-bootonly.iso: OK

If you had a SHA1SUM file instead of an MD5SUM file to check against, you could use the sha1sum command in the same way. By combining the find command described earlier in this chapter with the m5 command, you can verify any part of your file system. For example, here’s how to create an MD5 checksum for every file in the /etc directory so they can be checked later to see if any have changed:
# find /etc -type f -exec md5 {} \; 2>/dev/null > /tmp/md5.list

The result of the previous command line is a /tmp/md5.list file that contains a 128-bit checksum for every file in the /etc directory. Later, you could type the following command to see if any of those files have changed:
# cd /etc
# /usr/compat/linux/usr/bin/md5sum -c /tmp/md5.list | grep -v ‘OK’
./hosts.allow: FAILED
md5sum: WARNING: 1 of 1668 computed checksums did NOT match

As you can see from the output only one file changed (hosts.allow). So the next step is to check the changed file and see if the changes to that file were intentional.


  •  BSD UNIX TOOLBOX 1000+ Commands for FreeBSD, OpenBSD, and NetBSD®Power Users (2008 by Wiley Publishing) by Christopher Negus,   François Caen ISBN: 978-0-470-37603-4

No comments:

Post a Comment