19-1 19-2 19-3 19-4 19-5 19-6 SELinux

, , , , Linux

19-1 Linux , 7 , /, Linux /bin, cprpmkilltarmvrm ping , shell, bashzshtcsh

/boot, /dev /dev/hda /dev/tty0 , /etc passwd shadow /etc/rc.d script

/etc/X11X Window /home /lib /lib/modules, , /lost+found, Linux , , ,

/media Fedora Core 1 Fedora Core 2 , /mnt Fedora Core 3 /media /mnt

/proc, psfree , , /root, root /sbin, fsckinitgrub swapon

/tmp, , , /usr, /usr/bin, findfreegcc

/usr/local, RPM , /usr/share/doc /usr/share/man /usr/src, Linux

/var, , (log) PID (Process ID, ) Apache FTP

/var/tmp /tmp , , , /tmp , /tmp , , , , ,

du -sh , , /var

19-2 Linux ext4 , ext4 ext3 , ext3 ext2 , ext3 ext2 ext3 ext2 ext3 (Journal File System), ext2 ,

19-2 ext3 , , , , ,

ext2 , fsck GB , , ,

, ext3 , , , ext2 , , , , ext2 ext3

Fedora 10 ext4 , , 11 , ext4 ext3, Fedora ext4 ext3 , ext3 , ext3 , ext4

ext3 , ext4 , 16 TB, , ext4 , , , ,

ext3 ext 4 ext4 , Linux ext3 () Linux , ext3 ext3 , ext4, tune2fs , ext3 ext4, /dev/sda3 ext3 ext4,

ext3 ext 4

ext3 ext 4, /etc/fstab

, ext4

ext4 inode ext4ext3 ext2 , inode (index node), (block) (pointer)

ext4 inode

ext4 inode inode , direct blocks , indirect blocksdouble indirect blocks triple indirect blocks, ext4 inode , , , inode,

inode inode , (mode) inode , (symbolic link) () , (owner information) UID GID,

inode (size) byte (timestamp)inode

inode (address of data block), inode , ( /proc ), inode , inode 12 , 12 , (indirect pointer), ,

inode

19-3 Linux , , ls -l ,

ls -l ls -al , 10

, , , , 3 ,

10 1 , d ext2/ext3/ext4 , - l, , 19-5 bc, sp,

210 3 , 3 9 , r (Read, ), , (, , "" "r" ) w (Write, ), ,

x (eXecute, ), , (, , "r" ) -

Linux , .exe, , -rwx------ -rwxr--r--, -rw-rw-r--,

drwx--x--x, , drwx------,

, /home , "drwx------", ,

(root) mkdir , "rwxr-xr-x", mkdir , "rwxrwxr-x", ,

, , , , , SUID (Set UID), ,

SGID (Set GID), SUID , , ,

T (Sticky) 18-1 /tmp /var/tmp , , , , , , Sticky , , ,

Sticky , , Sticky , Sticky , Sticky SUIDSGIDSticky x , SUIDSGID Sticky,

, ,

, ,

, "rwx" 3 3 9 , , 9 , , r 4 w 2 x 1

, "rwx" 4 + 2 + 1 = 7, "rwxrwxrwx" , "777" "---------", "000" -rwx------ 700 -rwxr--r-- 744 -rw-rw-r-x 665 drwx--x--x 711drwx------ 700

chmod , ls -l

nohup.out

, 3 , 4 s S (SUID) 4 s S (SGID) 2 t T 1

, 210 "rwx" 3 , "u""g" "o"

chmod , "u+rw" "g-x" "g+x, o+rx", "u+rwx, g-w, o-w",

"o=rx", "ugo+x" "a+x", "ugo" "a" "+x" "ugo+x""a+x" , ugo a , "o+t" Sticky "u+s, g+s" SUID SGID

, , "-R" chmod 777 mydir mydir "rwxrwxrwx" chmod -R 777 mydir mydir , "rwxrwxrwx" chmod --help

, , ( 19-13 ), chown , root , , chown

ls -l

nohup.out lambert

ls -l

, chown lambert nohup.out , chown .lambert nohup.out , , "-R" chgrp , , chgrp --help

19-4 lambert cassia , (/home/lambert) "rwxr-x---", cassia , , saber, lambert /etc group ,

, saber saber cassia , cassia lambert

19-5 Linux , (link) , ls -l ,

, ..., Windows ,

, cassia /var/tmp , 1502892 bytes ForEveryOne, "rw-r--r--" lambert , ForEveryOne , , ForEveryOne , 3005784 bytes

, (hard link)lambert ForEveryOne ,

ls -l , LambertFile LambertLink

, , , 2, , , , , 1 ,

inode , inode, inode ls -i inode

inode inode , , , inode

19-3 (), , ln -s

ls -l lambert

, LambertFile SymLink , SymLink 1 "l", , "rwxrwxrwx" , (LambertFile),

, , Windows "", , SymLink , ! inode

, , , , , , NFS Samba ( Samba , 26 )

, inode , , , , ,

19-6 SELinux SELinux (Security-Enhanced Linux) (National Security Agency) , , Linux , , Linux ( SELinux )

SELinux Linux , suid , /usr/bin/passwd /usr/bin/passwd , root ,

SELinux Linux (Discretionary Access Control, DAC)SELinux (Mandatory Access Control, MAC) , , ,

SELinux , , , ,

SELinux SELinux (policy) , SELinux , , http://www.lurking-grue.org/writingselinuxpolicyHOWTO.html SELinux , , , Linux , SELinux

SELinux /etc/sysconfig/selinux

,