DEV Community

Vivesh
Vivesh

Posted on

Linux File System & Permissions and SSH Key Management

Introduction

_Linux is a widely used operating system, particularly in server environments, and its file system, permissions, and SSH key management are essential components of its architecture. This article provides both a brief overview and a detailed explanation of these topics.
_

Brief Overview

Linux File System

  • Structure: The Linux file system is hierarchical, starting from the root directory (/). Key directories include /home (user files), /etc (configuration files), /var (variable data), /usr (user applications), /bin (essential binaries), and /sbin (system binaries).

  • File Types: Includes regular files, directories, symbolic links, block devices, and character devices.

Linux File Permissions

  • Categories: Linux permissions are divided into three categories: Owner, Group, and Others.

  • Permission Types: Each file has read (r), write (w), and execute (x) permissions. Permissions can be modified using commands like chmod (to change permissions) and chown (to change ownership).

SSH Key Management

  • SSH Key Pair: Consists of a public key (stored on the server) and a private key (kept secure on the client).

  • Key Generation: Use ssh-keygen to create a key pair. The public key is added to the ~/.ssh/authorized_keys file on the server.

  • Best Practices: Regularly rotate keys, use strong passphrases, limit SSH access, and monitor the authorized_keys file.


Detailed Overview

Linux File System

The Linux file system is organized in a tree structure, with the root directory (/) at the top. This structure allows for efficient organization and access to files. Here’s a closer look at its key components:

Structure of the Linux File System

  1. Root Directory (/):

    • The root directory serves as the starting point for the file system hierarchy.
  2. Important Directories:

    • /home: Contains user-specific directories where personal files are stored.
    • /etc: Contains configuration files that control system behavior.
    • /var: Houses variable data files, such as logs and databases.
    • /usr: Contains user programs and documentation.
    • /bin: Contains essential command-line utilities available to all users.
    • /sbin: Contains system binaries mainly used for system administration.

Mount Points

In Linux, external devices (e.g., hard drives, USB drives) are mounted at specific directories, enabling access to their contents. For example, a USB drive can be mounted at /mnt/usb.

Linux File Types

Understanding different file types is essential:

  • Regular files: Store data (e.g., text files, images).
  • Directories: Contain files and subdirectories.
  • Symbolic links: Pointers to other files or directories.
  • Block devices: Represent devices that allow buffered access (e.g., hard drives).
  • Character devices: Represent devices that allow unbuffered access (e.g., keyboards).

Linux File Permissions

Linux employs a robust permission system that enhances security by controlling access to files and directories. Here's a detailed breakdown:

Understanding Permissions

Each file and directory has three permission types:

  1. Read (r): View the file contents or list directory contents.
  2. Write (w): Modify the file or add/delete files in a directory.
  3. Execute (x): Execute a file as a program or access a directory.

Viewing Permissions

You can view permissions using the ls -l command:

ls -l
Enter fullscreen mode Exit fullscreen mode

The output displays permissions in the format:

-rwxr-xr-- 1 user group 1234 Oct 31 12:34 example.txt
Enter fullscreen mode Exit fullscreen mode
  • The first character indicates the file type (- for regular files, d for directories).
  • The next nine characters show the permission bits (user, group, others).

Modifying Permissions

  • Using chmod: Change permissions with symbolic or numeric modes.

Symbolic Mode Example:

  • Add execute permission for the user:

    chmod u+x filename
    

Numeric Mode Example:

  • Set permissions to rwxr-xr-x:

    chmod 755 filename
    

Setting Ownership

  • Using chown: Change the owner and group of a file or directory:
chown newuser:newgroup filename
Enter fullscreen mode Exit fullscreen mode

SSH Key Management

SSH is essential for secure remote access to servers. Understanding how to manage SSH keys is crucial for maintaining security:

SSH Key Pair

An SSH key pair consists of:

  • Public Key: Stored on the server (in ~/.ssh/authorized_keys).
  • Private Key: Kept on the client machine and must remain secure.

Generating SSH Keys

To generate a key pair, use:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
Enter fullscreen mode Exit fullscreen mode
  • This creates a 4096-bit RSA key pair. You'll be prompted to specify a location and passphrase for security.

Using SSH Keys

  1. Copy Public Key: Use ssh-copy-id to copy the public key to the remote server:
   ssh-copy-id user@hostname
Enter fullscreen mode Exit fullscreen mode
  1. Connect via SSH: Authenticate using the private key:
   ssh user@hostname
Enter fullscreen mode Exit fullscreen mode

Managing SSH Keys

  • Key Rotation: Regularly generate new key pairs to minimize risks.
  • Key Expiry: Implement expiration dates if supported.
  • Revocation: Remove old public keys from authorized_keys when access is no longer needed.
  • Key Storage: Securely store private keys using password managers.

Best Practices for SSH Key Management

  • Use strong, unique passphrases for each private key.
  • Limit access to SSH only to necessary personnel.
  • Regularly monitor the authorized_keys file to ensure only authorized users can access the server.

Conclusion

Understanding the Linux file system, permissions, and SSH key management is fundamental for anyone working in Linux environments. The structured file system allows for efficient organization, while permissions ensure secure access control. SSH key management provides a secure means of remote access, protecting sensitive data from unauthorized access. By implementing best practices in these areas, administrators can enhance security and maintain an efficient operating environment.

Top comments (0)