An Introduction to Unix, flavours, users and files. =================================================== Unix is a multi-user, multi-tasking operating system, as used by Schools and Universities for development, research, a whole multitude of tasks, Unix is also used by companies in manufacturing, databases, you name it, Unix is used for it, most www servers also run Unix. If a Unix system is connected to a network, or the internet, then users can remotely log into the system, if they have the correct login and password, Unix systems can support up to hundreds of users all running programs and doing different things on that system, because it's also capable of multi- tasking, so users log into Unix systems, either from a terminal locally (ie. in the same building, or room), or remotely (ie. across the internet, or a LAN - Local Area Network), provided the have a valid login and password. Connecting to a remote Unix system : ==================================== To connect to a remote Unix system, we use a program called TELNET, this is found by default on all Unix systems, and is also shipped with some Windows systems, if you don't have telnet.exe, or a Unix account / system, the I suggest you go to www.tucows.com and search for a telnet client. From a Unix system, we would connect to abc.123.com using.. $ telnet abc.123.com From a Windows system, we would run telnet.exe and the go file Ý remote system and type abc.123.com and click on "OK", it should then connect after a few seconds.. Identifying the Unix version : ============================== The first thing we must do to try and work out how we should break into the system is identify the version of Unix it is running. There are many different types of the Unix operating system, called flavours, the most common Unix flavours are.. Linux, SunOS (Solaris), IRIX, FreeBSD, BSDi, Ultrix, Digital Unix, AIX.. You can usually identify the type of Operating System by connecting to the remote system, so we would use a program called telnet, which allows us to connect to remote systems across the internet, from a Unix system we would type... % telnet voycrs.gsfc.nasa.gov and from windows we would run telnet.exe, then go File Ý Remote system, and type in "voycrs.gsfc.nasa.gov", and then connect to that system, when it connects, you will see something like this.. Unix System V Release 4.0 (voycrs) login: That's a standard login prompt, and we are told that the system is running Unix System V Release 4.0, which is the equivalent of a SunOS system, so we know that system is running SunOS. If the system says Linux 2.0.29, then it is running Linux, if the system says IRIX, then it is running IRIX, it's pretty simple.. Users on a Unix system : ======================== The user list is in the /etc/passwd file on a Unix system, each user has a login assigned to them, here are the super-user accounts logins.. root - the root user can fully control the system, remove any files, and even shut the system down. bin - the bin user owns most of the programs on the system adm - the adm user is a standard admin account admin - same as above uucp - this is the unix-to-unix copy account lp - this is the lineprinter account postmaster - this is the mail admin account as well as some default accounts.. test - used by admins to test certain system programs 4Dgifts - a default login for IRIX systems guest - widely used login for new users the passwords for those logins are usually along the lines of.. admin test tutor qwerty adm1n letmein asdfgh test1 zxcvbn test12 secret abc123 password If you want to find out if a certain user exists on a Unix system, you can use finger... finger user@host.here.com that command will tell you if the user exists, you can get a finger client for windows from www.tucows.com, or use finger from a Unix system, it will be already installed. The Unix filesystem : ===================== The file system in Unix is diveded up into 3 catagories : Directories Ordinary files Special files Basic stucture : ---------------- (/) - this is abreviation for the root dirctory. root level root (/) system -------------------------------------|----------------------------------level | | | | | | | | /unix /etc /dev /tmp /lib /usr /usr2 /bin | _____|_____ login passwd | | | level /john /cathy ________________________|_______________ | | | | | | .profile /mail /pers /games /bin /michelle *.profile - in case | __|______ | __|_______ you wich to change your enviroment capital | | data | | but after you log off. It sets to othello starwars letter letter1 default. the /unix - is the kernal (in older systems) /etc - contains system administrators files,Most are not available to the regular user.(this directory contains the /passwd file) Here are some files under /etc directory: /etc/passwd /etc/utmp /etc/adm/sulog /etc/motd /etc/group /etc/conf /etc/profile /dev - contains files for physical devices such as printer and the disk drives /tmp - temporary file directory /lib - dirctory that contains programs for high level languages /usr - this directory contains dirctories for each user on the system Eg. of a list of files under /usr /usr/tmp /usr/lib /usr/docs /usr/news /usr/spool /usr/spool/lp /usr/lib/uucp /bin - contain executable programs (commands) Eg. of a list of programs in /bin /bin/passwd /bin/chmod /bin/uptime /bin/whoami /bin/uname /bin/finger The root also contains: /bck - used to mount a back up file system. /install - Used to install and remove utilities /lost+found - This is where all the removed files go, This dir is used by fsck (1M) /save - A utility used to save data /mnt - Used for temporary mounting (also /mount) hidden files : -------------- files like .rhosts and .profile are hidden from ls listings, because of the . the . infront of a file makes it hidden, it is a useful way to hide programs, by calling them .setup and .listing for example. Local Unix commands (Explained in GREAT detail) =============================================== These commands are to be run from the shell command prompt, ie. if you are actually on a Unix system using telnet, the $ and # are command prompts.. At the Unix prompt type the pwd command, it will show you the current working directory you are in. # pwd /root - if you have hit gold and hacked the root account! # - the # prompt also means you are a super-user This gives you the full login directory for the user or.. $ pwd /home/john $ Assuming you have hacked into johns account on the system. Now lets say you wanted to move down to the michelle directory (you own this) that contains letters that you wanted to read. You would type in $ cd michelle or cd /home/john/michelle $ pwd /home/john/michelle $ Going back one directory up type in: $ cd .. or going to your parent directory (your home) just type in "cd" or "cd ~" Listing file directories assuming you are in the parent directory: $ pwd /home/john $ ls mail pers games bin michelle ..This won't list hidden files, to list ALL files, type.. $ cd $ ls -a : : .profile To list file names in michelle's directory type.. $ ls michelle (that if your in the johns home directory) $ ls /home/john/michelle (from anywhere on the system) ls -l ----- The ls -l is an an important command in unix.This command displays the whole directory in long format, if try to run this in parent directory.. $ ls -l total 60 -rwxr-x--- 5 john bluebox 10 april 9 7:04 mail drwx------ 7 john bluebox 30 april 2 4:09 pers : : : : : : : : : : : : : : -rwxr-x--- 6 cathy bluebox 13 april 1 13:00 partys : : : : : : : $ The total 60 tells one the amount of disk space used in a directory. File permissions : ================== The -rwxr-x--- is read in triples of 3.. this tells the user what the file permissions are. The first chracter eg (-, d, b, c) - means as follows : - is an ordinary file d is a directory b is block file c is a chracter file And... r stands for read permission w is write permission x is execute The first colum is read in 3 triples as stated above. The first group of 3 (in -rwxr-x---) after the "-" specifies the permission for the owner of the file,the second triple are for the groups (the fourth colum) and the last triple are the permissions for all other users. Therefore the -rwxr-x--- is read as follows.. The owner john has permission to read, write and execute anything in the bin directory but the group has no write permission to it and the rest of the users have no permission at all. The format of one of the lines in the above output is as follows: file type-permissions, links, owner, owners group, bytes taken, date, time when last renued, directory or file name. You will be able to read andexecute cathys file named party due her being in the same user group as you. chmod ----- The chmod command changes permission of a directory or a file.Format is chmod who+,-,=r,w,x The who is substituted by u-user,g-group,o-other users,a-all. The + means add permission,- means remove permission,= - assign. Example :If you wanted all other users to read the file name mail ,type: $ chmod o+r mail cat --- Now suppose you wanted to read the file letter. You could type.. $ cat letter line one ...\ line two ... }- the output of letter line three../ $ or.. If you are in any other directory type in : $ cat /home/john/michelle/letter and you will have the same output. Some cat options are -s,-u,-v,-e,-t Special Chracters in Unix: ------------------------- * - matches any number of single characters eg. $ ls john* will list all files that begin with john [...] - matchs any one of the chracter in the [ ] ? - matches any single chracter & - runs a process in the backgroung leaving your terminal free $ - values used for variables also $n - null argument > - redirectes output ls -la > /tmp/list < - redirects input to come from a file >> - redirects command to be added (appended) to the end of a file | - pipe output (eg: cat /etc/passwd Ý mail tk85@hotmail.com will mail tk85@hotmail.com the /etc/passwd file) "..." - Turn of meaning of special chracters excluding $,` `...` - allows command output in to be used in a command line '...' - turns of special meaning of all chracters Common local commands : ======================= passwd ------ Password changing seems to be a big thing among the savants. Anyway to change the password one would use the 'passwd' command as shown below: $ passwd Changing password for john Old password: New password: Retype new password: $ ps -- It's sometimes necessary to see what command procesess you are running, this command lets you see that. ps [-a all processes except group leaders] [-e all processes] [-f the whole list] $ ps PID TTY TIME COMMAND ------------------------- 200 tty9 14:20 ps The systems reports (PID - process idenetification number which is a # from 1-30,000 assigned to UNIX processes) It also reports the TTY, TIME and the COMMAND being executed at the time. To stop a process enter : $ kill -9 [PID] (this case its 200) $ grep ---- This comand is important when seaching for a word or words in large files. grep [argument] [file name] - searchs for an file that contains the argument for example: $ grep phone cathy phone michelle (718)5551234 phone cindy (718)5553456 What this did was to find the argument 'phone' in the file cathy.If the argument consists of two or more words then it must be enclosed in single quotes. mv -- mv [file names(s)] [ dir name ] - renames a file or moves it to another directory eg. $ mv letter letters $ This renames the file letter to letters thereby deleting letter or if you want to move files then.. $ mv /home/john/pers/capital /home/john/michelle/capital $ This moves the file capital to the directory named michelle diff ---- diff [file name] [ file name] - show diffrence between two files. Output of this will have something like 4, 5c4, 5 then it will display both sets of files on the screen The 4, 5c4, 5 means that you must change "c" lines 4 to 5 in one file to line 4 to 5 in another. Options for using this command are : -b - it ignores blank spaces -h - compares it quickly -s - reports files that are the same -S [file] - this is when you want to compare a directory starting at a specific file There is also a command to compare 3 files which is : diff3 [options] [file1] [file2] [file3] cp -- cp [file name] [file name] - makes a copy of a file $ cp letter letters $ The file letters is a dupilcate copy of letter. In this case the original is not erased like in the mv command more Unix commands: ------------------- man [command] or [c/r] -will give you a list of commands explainations help - available on some UNIX systems mkdir [dir name(s)] - makes a directory rmdir [dir name(s)] - removes directory.You wont be able to remove the directory if it contains files in them rm [file name(s)] - removes files. rm * will erase all files in the current dir. Be carefull!!. Some options are : [-f unconditional removal] [-i Prompts user for y or n] write [login name] - to write to other users terminals, sort of a chat. mesg [-n] [-y] - doesn't allow others to send you messages using the write command. Wall used by system admin overrides it. $ [file name] - to execute any file that you have permission to run wc [file name] - Counts words,chracters, lines in a file stty [modes] - Set terminal I/O for the current devices sort [filename] - Sorts and merges files many options spell [file name] > [file name] - The second file is where the misspelt words are entered date [+%m%d%y*] [+%H%%M%S] - Displays date acoording to options at [-r] [-l] [job] - Does a specified job at a specified time.The -r Removes all previously scheduled jobs.The -l reports the job # and status of all jobs scheduled write [login] [tty] - Sends message to the login name.Chat! su [login name] --------------- The su command allows one to switch user to a super user to a user. Very important could be used to switch to super user accounts. Usage : $ su root password: # This su command will be monitored in /usr/adm/sulog and this file of all files is carefully monitered by the system administrator. Suppose you hacked in johns account and then switched to the root account (ABOVE) your /usr/adm/sulog entry would look like: SU 04/19/88 21:00 + tty 12 john-root Therfore the system administrator would know that john swithed to the root account on 4/19/88 at 21:00 hours Searching for valid login names: -------------------------------- using who.. $ who ( command informs the user of other users on the system) cathy tty1 april 19 2:30 john tty2 april 19 2:19 dipal tty3 april 19 2:31 : : tty is the users terminal,date,time each logged on.dipal,john are valid logins. Files worth looking at (cat).. /etc/passwd file: ----------------- The /etc/passwd is a vital file to cat. For it contains login names of all users including super user accounts and their passwords. In the newer Unix releases they are tighting their security by moving the encrypted passwords from /etc/passwd to /etc/shadow making it only readable by root. This is optional ofcourse. $ cat /etc/passwd root:D943/sys34:0:1:0000:/root:/bin/sh sysadm:k54doPerate:0:0:administration:/usr/admin:/bin/sh checkfsys:*:0:0:check file system:/usr/admin:/bin/sh : other super user accs. : john:chips11:34:3:john scezerend:/home/john:/bin/bash : other users.. : $ If you have reached this far capture this file as soon as posible. This is a typical output /etc/passwd file. The entries are seperated by a ":", they are made be up to 7 fields in each line. sysadm account, for example.. sysadm:k54doPeHte:0:0:administration:/usr/admin:/bin/sh ^ ^ ^ ^ ^ ^ ^ 1 2 3 4 5 6 7 This is what each field represents.. 1: the login name, sysadm 2: the ENCRYPTED password 3: the user id, 0, the same as root 4: the group id, 0, the same as root 5: the users real name 6: the users home directory, /usr/admin 7: the shell that the user uses when he connects ..but in the case of the checkfsys account : checkfsys:*:0:0:check file system:/usr/admin:/bin/sh the :*: in place of the encrypted password means that this account is locked this IS NOT password shadowing, this is a lock on the account, so no-one can login as checkfsys without root taking the lock off the account's password. IF PASSWORD SHADOWING IS ACTIVE : --------------------------------- If the shawdowing is active the /etc/passwd would look like this: root:x:0:1:0000:/:/bin/sh sysadm:x:0:0:administration:/usr/admin:/bin/sh The password fieled is substituted by "x". The /etc/shawdow file is only readable by root will look similar to this: ^^^^^^^^^^^^^^^^^^^^^ root:D943/sys34:5288::::::: : super user accounts : Cathy:m4faDai1:5055:7:120:::: : all other users : The first field contains users login, the second contains the password (STILL ENCRYPTED), the third contains a code of when the password was last changed, the fourth and the fifth contains the minimum and the maximum numbers of days for pw changes (It's rare that you will find this in the super-user logins due to there hard to guess passwords) /etc/group ----------- The file has each group on the system. Each line will have 4 entries separated by a ":" Example of concatenated /etc/group: root::0:root adm::2:adm,root bluebox::70: Group name:password:group id:login names in the group ** It very unlikely that groups will have passwords assigned to them ** The id "0" is assigned to the root user. Adding new users when you're root --------------------------------- *** You must usually be root to run these commands *** # adduser - will take you through a routine to add a user this will look a little like this.. Anytime you want to quit, type "q". If you are not sure how to answer any prompt, type "?" for help If a default appears in the question,press for the default. Enter users full name [?,q]: (enter the name you want) Enter users login ID [?,q]: (the id you want to use) Enter users ID number (default 50000) [?,q) [?,q]: (press enter) Enter group ID number or group name: (any name from /etc/group) Enter users login home directory: (enter /home/name) This is the information for the new login: Users name: (name) login ID: (id) users ID:50000 group ID or name: home directory:/home/name Do you want to install,edit,skip [i,e,s,q]? (enter your choice if "i" then) Login installed Do you want to give the user a password?[y,n] (its better to enter one) New password: Re-enter password: ..That information will then be added to the /etc/passwd file, and the home dir and all the default files made for the user.