More than One Filesystem

Here is where we hit a bit of a snag with this approach. A filesystem sits on top of some form of storage. That can be a hard disk, a USB stick, a DVD, or any number of storage media. Each device is effectively independent from any other. This makes sense because you can take a USB stick from your laptop and then use it on your desktop machine. Clearly there is no link between the filesystem on the USB stick and your laptop because otherwise your desktop wouldn’t have all the information it would need to find the files.

Each filesystem has a root directory, which is the main directory on a device and holds all the other files and directories. Like the root of a tree, all the files and directories branch off from this central location. This does pose a bit of a problem, though. If each device has its own filesystem and root directory, how do you easily present this structure to the end user? It turns out that there are two approaches to solving this problem. The first is separate roots; the second is a unified filesystem.

Separate Roots

This approach was adopted by Microsoft all the way back in the days of MS-DOS and it’s still with us today. The approach is very simple. Each device has its own root entry and the user can then use this entry to locate the device of interest and then can simply navigate the filesystem as normal to find the file. Under Windows, each root is assigned its own letter. For historical reasons, the system disk on Windows is referred to as C:, which you’ll often hear people refer to as the C drive. Floppy drives are assigned A: and B: (PCs with hard disks tended to have two floppy drives) and because few people had more than one hard disk, the CD-ROM drive tended to be assigned to D:.

This system is really easy to use, and there is never any confusion about where a particular file is because you can tell simply by looking at the drive letter. However, there are a couple of issues with this design:

• First, because root devices are assigned to letters, and there are only 26 letters in the alphabet, you are limited to 26 devices. Hardly an issue to home users even today, but back when businesses were using large mainframes, they could have hundreds of such devices.
• The second issue is that the user has to be aware of the physical location of the file, which can actually add complexity because it ties the location of the file to the physical device that the file is on. If a bigger disk is added to the system, and the files were moved to that new location, their root device would change. Any person (or software) that depends on a file’s location would need to be updated, and that’s never fun.

In short, although the system employed by Windows is simple and effective, it can become an administrative headache on very large and distributed systems. These days there are lots of ways around that, and new techniques have emerged to hide this structure beneath the surface, such as the Microsoft Distributed File System (DFS) for network shares and libraries for grouping content in one place on your desktop such as documents and music. So it really isn’t a huge issue for Windows systems today. However, back when UNIX reigned supreme, these technologies weren’t available, and they went with the other approach: a unified filesystem.

Unified Filesystem

Linux, being based on UNIX, has a unified filesystem. That means that unlike Windows, which has multiple root devices, a Linux system has only one and it is always mounted on /, which is UNIX-speak for the root directory. If there is only one root directory, then how does Linux handle additional devices, all of which we know contain their own filesystems?

The solution is to take the root directory of the new device and then attach it on an existing directory in the tree. This is known as mounting a filesystem, which allows Linux to have an almost unlimited number of devices because it can attach them anywhere in the existing tree. This means that you could mount one device and then mount another device on a directory inside the first device. From the user’s point of view, they can move through all these different directories as if they were all on one big device. The physical structure (that is all the disks and the raw data on them) is completely hidden from the end users. They have no way to tell they’ve crossed from one device to another.

This solves the issues highlighted with the separate root approach in that the unified filesystem is consistent regardless of what the underlying mechanism is. In fact, you can mount network file shares and even virtual filesystems into the tree. Of course, the benefits of the separate root approach have now become the downside for the unified approach. It’s no longer easy to see where things are going, and this again can make things more confusing. Like Windows, Linux systems have evolved over time so that these problems aren’t quite as pronounced as they would otherwise be. However, these benefits are mostly seen in the GUI and tend to be far less pronounced when using the command line.

The Mac has to be Different

As an interesting comparison, OS X on the Mac makes use of both approaches. Under the covers, OS X is a UNIX-based system and so it does have a unified filesystem. However, unless you go to the command line (and most Mac users don’t), you will never see evidence of this. When you attach a USB stick to the Mac, it will mount it in a similar way as Linux, but it will show it to the user as if it were its own root device in a similar approach to Windows. However the Mac doesn’t assign a drive letter, it just sets up a unique name.

Bring it All Together

Admittedly that’s a fair bit of theory and you’re probably wondering where all the fun commands are that we promised to show you. You might also be wondering why we just bored you with all that, and when (if ever) such information might be useful. The reason we’ve put emphasis on this theory up front is because when we started out with Linux, a lot of the things that caught us out were preconceptions from using other operating systems. When one of us first installed Linux some 15 years ago, it took several hours of swearing before he figured out what “you need a root / device” meant. This isn’t just a Linux thing, a dabbling with the BSD family of operating systems and its alternative way of handling disks caused us to wipe the wrong disk because we were thinking Linux and not BSD.

So hopefully this last section will save you from some of the pain that we went through when we first started out. You don’t need to memorize all the theory, but if you come away from this section with an appreciation that despite many similarities, Linux is not Windows or a Mac, then you will be ahead of the game.

/  (Root Directory)

This is the root directory (not to be confused with the root user’s home directory) that represents the top of the file hierarchy. Everything goes somewhere in or under this directory, no exceptions. As we discussed earlier in the chapter, Linux has a unified hierarchy, and this is where it all starts.

/root

This is the home directory for the root user and spends a large amount of its time being confused with the root directory (/). It can get more confusing because if you are in the root directory and someone asks you to “go into the root directory,” which one do they actually mean? Often you can easily tell from the context, but if not, don’t be afraid to ask for clarification; you’d be surprised how often this one comes up.

/etc

/etc is arguably one of the most important directories on your system. It contains most of the configuration files for not only your system but also the applications that you might have installed (such as the Apache web server). Many users new to Linux take care to back up their applications, but often forget about the configurations stored in /etc. At the end of the day, the application can usually be replaced quite easily, but getting that config right from scratch can be a real headache. This is a directory you want to take great care of.

/proc

/proc is a virtual filesystem that the kernel uses to provide easy access from userland tools (that is, software that is run outside of the kernel). Everything you ever needed to know about the system state or running processes can be found in /proc. Two common examples are the CPU configuration (stored in /proc/cpuinfo) and memory usage (stored in /proc/meminfo). Most of this information is read-only, which makes sense because it is just a virtual representation. However, some files do allow communication to go both ways and you can potentially use it to tweak kernel and system settings while the machine is running.

/var

/var is generally where you’ll find files created by your applications and the system itself. For example, most applications will store their logs in /var/log/, and many will store the lock files in /var/run/. Lock files don’t have any meaningful content; an application just uses them to work out whether it is already running so that you can’t accidentally have two copies running at once. On Raspbian, the Apache web server uses /var/www/ for storing a website’s files. In other distributions, this is not the case—such files tended to be located in the /srv/ directory. That said, more mature applications may still be in /var, even on modern distributions.

/boot

Traditionally, the /boot directory actually lived on its own small partition on the first hard disk. At the time, the majority of computers were unable to boot from a single big partition, so it was very common to see these split out. On modern machines (although the Pi still requires it), this is no longer a problem, so this directory is often included in the root directory directly. As its name suggests, it holds the key files needed to boot a system, including the bootloader and the Linux kernel.

/bin and /sbin

These locations store user and administrative programs, respectively. When you try to run a program from the command line, there are specific places that the system will look for the application. This list of locations is known as the path. Usually a normal user only has /bin in their path, so they effectively can’t see applications in /sbin. There are some applications that the user can access even though they’re generally used only by administrators, but the user needs to know where they are. This usually doesn’t pose a problem, and you won’t ever need to go looking for anything.

/dev

We already touched on this directory in the “Everything as a File” section. It contains a file for each device or subdevice on the current system and provides a way for system tools (and, of course, users) to easily access the hardware on a particular machine. Besides the disk devices discussed earlier, there are also devices for graphics cards, sound cards, virtual terminals, and more.

/home

Traditionally, all user home directories would be stored under /home and this was often its own partition, disk, or network share. The idea was to keep user data separate from system data and applications. Most UNIX-based systems still follow this rule, but there are occasions when you will find some home directories living elsewhere (i.e., the root user’s home directory). The Mac, for example, stores home directories in /Users, and some businesses will put different users in different locations based upon their needs. Although /home generally contains only home directories, there’s no requirement that home directories actually reside here.

/lib

This directory contains library files that are needed by various applications. Libraries allow functionality to be packaged up and then shared by other applications. A good example might be a database driver that allows applications to access a database. So that these applications can find those libraries, they need to be installed in a known location and with a known file name. It’s rare that you’d need to poke around in this directory, but if you do, you should be careful because breaking things in here could affect the stability of your system.

/lost+found

We mention this one for completeness, but it’s not really part of the filesystem structure per se. Rather it’s where files get placed when the filesystem loses track of them. For example, if a disk were to be damaged, you would need to run a disk repair. Some files may be recovered, but for various reasons, it may be impossible to determine where that file came from. If that happens, Linux will place those lost souls in this directory. We’ve never had cause to look into this directory, and most likely you’ll never need to look in there either.

/mnt

Short for mount, the /mnt directory was traditionally where you would mount additional filesystems. If you wanted to attach a network share or an external hard disk, you would create a directory in /mnt and mount in there. Floppy disks and CDROMS also need to be mounted before use and were also generally mounted here as /mnt/floppy and /mnt/cdrom, respectively. However, in recent years, this directory has mostly fallen by the wayside because more people have removable media rather than always attached storage (see the next section on /media).

/media

This directory is relatively new to Linux and was added to make a clear distinction between mounted external devices (such as those in /mnt) and removable media such as USB sticks, cameras, and media players. These are usually handled automatically under Linux, and so usually you won’t manually add or remove anything in this directory.

/usr

This is where most of the software on the machine ends up and so it is often the largest directory on a server (at least if you don’t count user home areas). Although it’s useful to know where the software lives on your machine, because everything is handled automatically for you, everything in here should “just work”.

/opt

This directory is a jack of all trades. On some systems, it is packed full of applications; on others, it remains completely empty. It’s usually used for third-party software and applications. For example the Oracle database server installs in /opt/ by default. You probably won’t find much cause to use this directory, but be careful if you do because it is easy to forget things that are sitting in /opt/ when it comes to taking backups and so forth.

/srv

Another relative newcomer, the /srv/ directory is the designated location for storing data for services that serve files. Although this directory seems to be present, some applications still don’t make use of it either out of custom or simply because everyone is used to the contents being somewhere else. If you’re looking for things that used to be in /var/, this is probably a good place to look next.

/sys

This directory contains system information, and unlike /proc/ (which is only in memory), the contents of this directory are written and stored on disk. It doesn’t seem to get an awful lot of use, and we have never even had to look inside this directory. However, it needs to be useful only once for you to be glad it was there.

/tmp

This directory is the computer’s scratch pad, and all sorts of applications create files in this directory. It is used whenever temporary file storage is used (such as during processing). This directory is emptied by default on a reboot, but it can still potentially get quite large. In theory, all applications are supposed to treat /tmp/ as transitory; that is, they should never expect a file to be there after a restart.

Wrapping it Up

That pretty much sums up the key areas on the Linux filesystem. No doubt there are other little nooks and crannies that you might come across as you look around your system, but they will probably be a subset of these. Remember that although this structure is followed by most systems, most doesn’t necessarily mean all—and you might come across some differences or where directories are used in other ways.

Where Are We? Using pwd

The first thing we need to show you is how to figure out where you are on the system. The easiest way to get your bearings is to look at the command prompt. We talked about this in the last chapter—as a quick refresher, here is what the command prompt looks like while we’re sitting in our home directory:

pi@raspberrypi: ∼$

The tilde (the squiggly line) is shorthand for the current user’s home directory. We highlighted this feature already when we first introduced it, so we won’t go through it again, but what if we want to know which directory we are actually in? What we need is the pwd command. We touched on this useful tool in the last chapter as well, but in case you missed it, here it is again:

pi@raspberrypi: ∼$ pwd
/home/pi
pi@raspberrypi ∼$

This tool is very useful for telling us where we are, but it doesn’t tell us anything about what’s in the same location with us. It’s like being blindfolded and told you’re standing in the kitchen; it’s a great start, but you’re still effectively blind. You’d certainly like to know who and what is in the room with you; for that, you need the ls command. This command does have a large number of options, though, and so we will only cover the most common ones, those that we use every day. Actually you can just remember them as recipes because you’ll often just pass the same options time after time (or at least we do).

What’s in Here with Us? Using ls

Now let’s see what’s in here with us:

pi@raspberrypi: ∼$ ls
Desktop    python_games
pi@raspberrypi: ∼$

Although we can’t easily show it in the book, Desktop and python_games are both colored deep blue. This tells us they are directories. At present, we don’t have any files in this directory, or do we? Actually we do, but by then they are considered hidden files. Under Linux, any file that begins with a period (full stop) is considered hidden. There’s nothing special about the files; they are various config or temporary files that various applications have created. We generally don’t want these files cluttering up our display, so ls and friends don’t show them. We can, however, force ls to show us those files with the -a flag like so (although you will most likely see slightly different results on your Pi):

pi@raspberrypi: ∼$ ls -a
.              .cache
..             .config
.bash_history  .dbus
.bash_logout   Desktop
.bashrc        python_games
.dbus          .ssh
  
pi@raspberrypi: ∼$

Creating Files to Play with: Using Touch

For now, we’ll leave the -a flag alone and create our own files to play with. Because we haven’t covered how to create and edit text files yet (we will show you how to do that in Chapter 6), we’ll introduce you to another little tool called touch. Under Linux, files have two timestamps:

• The creation timestamp
• The last modified timestamp

These timestamps allow you to see when a file was created and when it was last updated. This is useful from an administration point of view because you can see which files are actively being used, but various tools (such as backup scripts) use this timestamp to figure out whether a file has changed since they last looked at them. Sometimes it is useful to be able to update that timestamp without changing the contents of the file, and this is where touch comes in. It touches the file that updates the timestamp, but if the file doesn’t currently exist, touch will create it for you. In other words, it’s a great tool for creating empty files. So, let’s start by creating a couple of originally named files:

pi@raspberrypi: ∼$ touch raspberry
pi@raspberrypi: ∼$ touch pi
pi@raspberrypi: ∼$ ls
Desktop pi python_games raspberry
pi@raspberrypi: ∼$

And that’s all there is to it. As you can see from the ls that followed it, we now have two additional files. This time they are gray in color, which tells us that they’re normal files. By coloring the entries for us, ls makes it much easier to see what we’re doing. For example, any file that is executable will be colored green, but we’ll come back to file permissions later in this chapter.

So far we only have two files, but if we had 10 or 20, it would start to get a bit crowded in here. The way to handle that is, of course, to create directories to store our files (and potentially other directories) in, and that’s what we’ll look at next.

Somewhere to Store our Files: Using mkdir

To create a directory, we use the mkdir (or make directory) command. Unsurprisingly, it will create a new directory. However, if there is a file with the same name, or if the directory already exists, you will get an error message. Let’s create a directory called pifun to store our files:

pi@raspberrypi: ∼$ mkdir pifun
pi@raspberrypi: ∼$ mkdir pifun
mkdir: cannot create directory 'pifun': File exists
pi@raspberrypi: ∼$

As you can see, trying to create the directory twice will cause an error. Don’t be distracted by File exists; this could actually refer to either a directory or a file. Another quick ls, and we’ll see that things are moving along quite nicely:

pi@raspberrypi: ∼$ ls
Desktop pi pifun python_games raspberry
pi@raspberrypi: ∼$

Making Use of a New Directory: Using the mv Command

So now that we have our directory, let’s tidy up the mess we’ve been making. Because we want to move the files into our new directory (rather than just create a copy of them), we’ll need to use the mv (move) command. This command is a bit more complicated than the ones we’ve covered before because it takes two arguments (that is, the things you want the command to act on) rather than one. This makes sense, though, because not only do we need to tell mv what we want to move but we also need to tell it where we want it to move the file to. As with most file commands under Linux, the first argument is the source, and the second argument is the destination. Let’s move those files now:

pi@raspberrypi: ∼$ mv pi pifun
pi@raspberrypi: ∼$ mv raspberry pifun
pi@raspberrypi: ∼$ ls
Desktop pifun python_games
pi@raspberrypi: ∼$

So far, so good. Now we want to make sure that our files arrived in one piece. There are two ways to do that. We could go into the pifun directory with cd and then run the ls command or alternatively, we could simply give ls the path to the directory that we want to look into. We’ve already used the first approach, so let’s try give the second approach a try:

pi@raspberrypi: ∼$ ls pifun
pi raspberry
pi@raspberrypi: ∼$

Time for Some Cloning: How to Use the cp Command

Admittedly this isn’t very exciting, but as a newly minted administrator, you’ll be spending a lot of time moving files about and checking where things are. So far, you’ve learned how to move a file, but what if you just want to copy a file instead? When making a backup or getting a selection of files ready to send to a friend, you want to actually keep the originals. For this, we use the cp command (short for copy). Let’s move into our new directory and copy one of our files:

pi@raspberrypi: ∼$ cd pifun
[pi@raspberrypi pifun]$ cp pi pi2
[pi@raspberrypi pifun]$ ls
pi pi2 raspberry
[pi@raspberrypi pifun]$

That worked well, we now have pi and pi2, just as expected. Let’s try the same thing again, only this time we’ll copy a directory:

[pi@raspberrypi pifun]$ mkdir moarpi
[pi@raspberrypi pifun]$ cp moarpi moarpi2
cp: ommiting directory 'moarpi'
[pi@raspberrypi pifun]$

This time it didn’t quite go according to plan. The reason our copy attempt failed was because by default cp will only copy individual files. It won’t copy entire directories. Even though directories are technically treated as files, the way we use them via various commands mimics a real-world folder. The reasoning behind this is that when you copy a directory, you copy everything within it, including all its files and directories. This could be a lot of data and could take up a lot of space as well as a lot of time to complete. Forcing us to be explicit about our intentions (which soon becomes second nature) means that when we mean to copy a single file but accidentally pick a directory, we will get stopped before any copying takes place.

That’s all well and good, but what if you really did want to copy that directory? When we first looked at the cp command, we mentioned tasks such as taking backups, and (let’s be honest) you’re much more likely to want to back up a directory than a list of specific files. We can get the behavior we’re looking for by telling the cp that we want to copy recursively. This will then copy the directory and anything within that directory to the destination. We specify this by using the -r flag like so:

[pi@raspberrypi pifun]$ cp -r moarpi moarpi2
[pi@raspberrypi pifun]$ ls
moarpi moarpi2 pi pi2 raspberry
[pi@raspberrypi pifun]$

Unlike the copy command, when you move a directory, there is no need to specify that you want to do so recursively because moving a directory without its contents wouldn’t make an awful lot of sense.

The Power to Destroy: Using the rm Command

So far, we’ve shown you how to create files and directories, and how to copy and move them about. Now we’re going to show you how to destroy those files with the remove or rm command. It goes without saying that the rm command is one of the most dangerous in your arsenal. It can quite easily destroy an entire server if you’re not careful, and we know people who have accidentally done just that.

For a change of pace, let’s look at how we can delete an empty directory. Before we look at how to do it with rm, we can use the rmdir command for this (which is short for remove directory). Now the catch with this command is that it will delete only directories that are completely empty. If there is even a single file inside, this command will fail. This makes it very safe to use, but not all that practical because generally when you delete a directory, you also want to remove all its contents. Let’s kill two birds with one stone:

[pi@raspberrypi pifun]$ rmdir moarpi2
[pi@raspberrypi pifun]$ rm moarpi
rm: cannot remove 'moarpi': Is a directory
[pi@raspberrypi pifun]$

We could delete moarpi2 with rmdir because the directory was empty, but when we tried using the rm command, it refused to cooperate. This is because the rm command was written with similar reasoning to the cp command. Because removing a directory is far more dangerous than simply copying it, this is probably a good thing. We can use the same -r flag to tell rm to delete recursively:

[pi@raspberrypi pifun]$ rm -r moarpi
[pi@raspberrypi pifun]$

Success! Now sometimes when you try this, especially on a large directory with lots of files and subdirectories, you can end up with lots of issues that cause rm to give up. For example, some files might be write-protected. You can suppress these errors by using the -f flag, which means force and is akin to saying, “Damn the torpedoes! Full speed ahead!” That sounds like a great idea until you stop to think what would happen if you ran this command (which you should never do):

[pi@raspberrypi pifun]$ rm -rf /

If you accidentally run that command, rm will proceed to delete absolutely everything on your system. If you happen to have a USB hard disk attached or you’ve mounted some network shares, you’re in real trouble because rm won’t confine itself to your internal disks; it will crawl through the entire tree deleting everything in its wake. This is one of the reasons why you should use a normal user account for day-to-day tasks. Your own user will not have sufficient privileges to delete anything critical to the system, but even then, chances are high that you can still damage all your attached media. You need to be very, very careful whenever you use the rm command and you’d better double- and triple-check it because Linux will assume that you know what you’re doing and won’t ask for confirmation!

The rm command can also remove files simply by providing the path to the file. You don’t need to use the -r flag for this operation, so you can simply do this:

[pi@raspberrypi pifun]$ rm pi2
[pi@raspberrypi pifun]$ ls
pi raspberry
[pi@raspberrypi pifun]$

And that in a nutshell is how you move about and manipulate the filesystem.

Fully Qualified and Relative Paths

In Linux, there are two ways to specify a path to a file or directory:

• You can give a fully qualified path that starts with a forward slash
• You can give a relative path that starts with a filename, directory name, a dot, or two dots

Strange though these might sound, they are both just ways of providing a specific location to your programs.

A path is considered fully qualified when it starts from a fixed reference point (i.e., the root directory). Regardless of where you are on a system, a fully qualified path will always point to the same location. It’s like the old bell tower in the middle of town; if you give anyone directions using that as your reference point, you have a common anchor that both you and your friend know how to reach.

On the other hand, a relative path depends on your current location to make sense. You can specify paths using ./ to mean the current directory or ../ to mean the parent directory (the next one up from the current location). If you had a path that looks like ../../test.txt, this would only work from a few specific locations (where the file is two levels above your current directory). However, it’s nice and short as well as being easy to type. Of course, the same file (if it were created in your home directory) would be accessible with /home/pi/test.txt, which unlike the relative path, can be used from anywhere on the filesystem pretty easily. Relative paths can be tricky when you’re several levels deep and you’re not sure where you are, but you do know the full path of the file you want. If you are in /home/pi/Documents/Work/Projects_2012/Spreadsheets/ and you want to access test.txt, you could either use the full path or alternatively use ../../../../text.txt. As you can see, in this case, the relative path is more confusing than the fully qualified path.

So when should you use one or the other? You should use whichever option is the most convenient or makes the most sense for the task. Sometimes it’s faster or easier to use a fully qualified path. Other times, you are buried deep down in the tree, and writing fully qualified paths would be tedious at best and totally confusing at worst.

Setting File Permissions

First we’re going to look at how we can set file permissions (see Table 4-1).

We will be using the chmod command, which changes file permissions. You can specify permissions as a combination of the preceding values. These can be combined in three different ways.

• Add permissions
• Take permissions away
• Explicitly set permissions

The difference is that the first two will leave all the other permissions intact after they’ve done their thing. If you explicitly set permissions, any unspecified permissions will be revoked.

Let’s start out by removing all permissions from everyone for our pi file:

[pi@raspberrypi pifun]$ chmod a=  pi
[pi@raspberrypi pifun]$ ls -lh
---------- 1 pi pi 0 Oct  8 03:52 pi
[pi@raspberrypi pifun]$

All file permissions have been removed from the file, but how does the command actually work? Permissions are specified with three parts (corresponding to the three rows in Table 4-1):

• Who you want the change to apply to
• How you want the change applied
• What you want the change to be

In this case we applied the changes to a, which is basically shorthand for ugo (it applies the changes to everyone). We used the equals sign, which means we want to explicitly set the permissions and then we didn’t actually supply any permissions. If a permission is absent, it is assumed not to be set, so in our example by not supplying any permissions, we effectively revoked them all, regardless of what they were previously.

Seeing as it is our file, we want to give ourselves full permissions. Admittedly, the execute bit is not much use in this case (you’ll find it invaluable when you start scripting—see Chapter 7), but we’re going to give it to ourselves anyway. We can do that with this command:

[pi@raspberrypi pifun]$ chmod u+rwx pi
[pi@raspberrypi pifun]$ ls -lh
-rwx------ 1 pi pi 0 Oct  8 03:52 pi
[pi@raspberrypi pifun]$

Let’s pick this command apart. We specified that we wanted to change only the user’s permissions, that we wanted to add them (not that it mattered in this case because we’d removed all permissions beforehand so an equals sign would have done the same job) and that we wanted read, write, and execute privileges. To wrap up this example, let’s restore read access to the group and world roles:

[pi@raspberrypi pifun]$ chmod go+r pi
[pi@raspberrypi pifun]$ ls -lh
-rwxr--r-- 1 pi pi 0 Oct  8 03:52 pi
[pi@raspberrypi pifun]$

Just for completeness, let’s step through this last example. We want to apply the permissions to the group and other roles, we want to add the permissions to what is already there, and we want to grant read privileges. And that is pretty much it for setting file permissions. There is, however, an alternative style that uses numbers rather than letters to specify what permissions you want to set. To get the same effect as what we have already (i.e., it doesn’t have any effect), we would use this:

[pi@raspberrypi pifun]$ chmod 744 pi
[pi@raspberrypi pifun]$ ls -lh
-rwxr--r-- 1 pi pi 0 Oct  8 03:52 pi
[pi@raspberrypi pifun]$

In this system, each permission has its own value:

• Read is 4
• Write is 2
• Execute is 1

To set the permissions, you add up the numbers to get the total for each set of permissions (user, group, world). For example, to set all permissions you’d add 4 and 2 and 1 to get 7. For read, you would simply do 4 plus 0 plus 0, which of course gives you 4. Put them all together for the user, the group and world we get 744. This syntax is the original syntax used on most UNIX systems. Using the letters is a relatively new idea, but at the end of the day they both achieve the same results. The main benefit of the new syntax is that it’s a lot clearer and easier to pick up. Personally, we tend to use the number style, but that’s only because we’ve been doing it for so long and it’s become second nature to us. You should feel free to use whatever system you feel the most comfortable with.

So now you can manipulate permissions like a guru, but we are still missing the second part of the puzzle; we haven’t shown you how to change ownership of the file. This is actually a lot less common than you might think; far less common than tweaking the occasional file permission, that’s for sure. There’s also another little wrinkle. A normal user (anyone other than root) cannot actually change which user owns the file because if you accidentally assign the file to another user by accident, you have no way to actually get that file back again. Of course, being all-knowing and all-seeing, the root user can change the ownership for any file on the system.

We can simulate “rootness” by using sudo. As discussed earlier, this little command acts as a filter of sorts. It always runs as root, regardless of who executes it, and executes commands as root on their behalf. To prevent any shenanigans, sudo will check the user and the command they are trying to run against an approved list. If you’re on that list (and the pi user is), you can execute all sorts of magic without every technically becoming root yourself.

To use sudo, all we have to do is prefix the command we want to run with the sudo command. That’s pretty much it. When you first run sudo, it will ask you for a password. This is the password for your particular user, not the password for the root user. The aim is that you can prove that you are the pi user, and then sudo will check to see what the pi user is allowed to do. This means that if you have lots of users on your computer, and you want to let them do some more powerful commands but don’t want to give them root access, you can set up sudo to allow them to execute a specific command without having to hand over the keys to the mansion.

Let’s start off by trying to give the file to the root user using the chown (or change ownership) command:

[pi@raspberrypi pifun]$ chown root pi
chown: changing ownership of 'pi': Operation not permitted
[pi@raspberrypi pifun]$

The operation not permitted is Linux’s way of telling us to get stuffed. As mentioned earlier, only the root user is allowed to change the owner of a file. To pull this off, we’ll need root privileges, so let’s put sudo to work for us and run the command again:

[pi@raspberrypi pifun]$ sudo chown root pi
[pi@raspberrypi pifun]$ ls -lh
-rwxr--r-- 1 root pi 0 Oct  8 03:52 pi
[pi@raspberrypi pifun]$

Success! We were able to change the owner to the root user. This will work with any valid user and any file or directory that you wish to change. There is another command called chgrp which you won’t be surprised to know allows you to change which group owns a particular file. Now there is a bit of an issue with this command as well. Although normal users are allowed to change the group, they are only allowed to change it to a group of which they’re a member. If your user is only a member of its private group, then you won’t be able to do an awful lot with this command either.

Once again, it’s root and sudo to the rescue. Because root can do whatever it pleases, it can change the group accordingly. As it happens, it looks an awful lot like our last command:

[pi@raspberrypi pifun]$ sudo chgrp root pi
[pi@raspberrypi pifun]$ ls -lh
-rwxr--r-- 1 root root 0 Oct  8 03:52 pi
[pi@raspberrypi pifun]$

And there we go—the file now belongs to the root group and the root user. When you do have to change file ownership, it’s much more common to need to change both the user and the group that owns the file. It’s relatively rare to change just the group (we can’t remember when we last used the chgrp command). The chown command provides a shortcut that allows us to set both a new owner and a new group at the same time. Let’s use this shortcut now to return the ownership of the file to our pi user. We’ll still need to use sudo, of course:

[pi@raspberrypi pifun]$ sudo chown pi:pi pi
[pi@raspberrypi pifun]$ ls -lh
-rwxr--r-- 1 pi pi 0 Oct  8 03:52 pi
[pi@raspberrypi pifun]$

With the shortcut, you just specify the user and the group separated by a colon. One last thing we need to cover with these commands is that they only operate specifically on the file you provide. If you provide a directory rather than a file, it will set the permissions on the directory, but those changes won’t filter down through to all the files. Sometimes that’s what you want, but more often you want the changes to propagate. Unlike the cp and rm commands that use -r, these two commands use -R (they use the capital letter rather than the lowercase letter). Be careful when you use this because often file permissions are precisely set, and if you waltz through obliterating them with your new version, there’s no way to undo the damage. As always, double-check what you’ve typed before you press the enter key.