There’s a Lot in the Dot: Filesystem Permissions and Pathnames (Part 2)

Still deeper into the dot (.) with an dive into access permissions. Study up because there's going to be a quiz.

In the previous article we saw how the hidden directory entries named . (dot) and .. (dot dot) tie the filesystem together. Those names are hard links that reference the actual filesystem object through the index number. A directory always has at least two names: . and its given name. You can always reach the parent directory through the .. entry.

Now let’s dig into how pathnames and permissions work internally. (If you’re familiar with all of this, try the quiz at the end.)

Two Paths to the Same Place

Pathnames can confuse users, but they’re actually simple when you see how they work. A pathname gives the location of an object (a file, a directory, a socket, etc.) in the filesystem. There are two kinds of pathname: absolute (or full) and relative:

  • An absolute pathname starts at the root directory (the top of the filesystem). It always starts with a / (slash). Example: /home/jpeek/foo
  • A relative pathname starts at the current directory. It never starts with a slash. Example: if your current directory is /home/jpeek, two relative pathnames you might type are: foo and ../someuser

No matter what your current directory is, you can always find an object through its absolute pathname. But a relative pathname is often shorter.

Following a Path

When you give a pathname to a program, how does it find the object you specified? For an absolute pathname, it reads the root directory and follows the path from there. Otherwise, the program opens the current directory and follows the path from there.

Figure 1 shows how the shell’s system calls find a directory after you type cd /home/jpeek. This figure comes from part of the filesystem tree in the previous article.

Figure 1: Finding /home/jpeek
Figure 1: Finding /home/jpeek

  1. The pathname starts with /, so the system opens the root directory.
  2. Inside the root directory, it looks for a directory entry named home. If there’s no home entry, the pathname is invalid. Otherwise, the system opens the home directory.
  3. Inside the /home directory, it looks for a directory entry named jpeek.

Here are some more examples: multiple ways to reach the same directory. I’ll start by changing the current directory to my home directory. (A simple cd with no pathname defaults to a user’s home directory.)

1$ cd
2$ ls -ai
5423 .   58 ..   5425 bin   5424 foo
3$ ls -ai .
5423 .   58 ..   5425 bin   5424 foo
4$ ls -ai ././.
5423 .   58 ..   5425 bin   5424 foo
5$ ls -ai ../jpeek
5423 .   58 ..   5425 bin   5424 foo
6$ ls -ai /home/jpeek
5423 .   58 ..   5425 bin   5424 foo
7$ ls -ai /home/jpeek/.
5423 .   58 ..   5425 bin   5424 foo
8$ ls -ai /home/jpeek/../jpeek
5423 .   58 ..   5425 bin   5424 foo
9$ ls -ai /jpeek
ls: cannot access /jpeek: No such file or directory

Every ls command lists the same directory, some through relative pathnames and some through absolute. Command 4 opens ., then opens ., then opens . again: always the same directory. Command 8 opens /home/jpeek, then the parent directory, then the jpeek directory from there — with the same result.

Why did command 9 fail? Trace it through: open the root directory, then look for an entry named jpeek. There isn’t one.

Next: Access Permissions

Comments on "There’s a Lot in the Dot: Filesystem Permissions and Pathnames (Part 2)"

troyhansonlm

Bought my first Unix book (your Unix Power Tools) in 1993.. worked at Cray and Los Alamos for a couple summers.. then spent a life time in Unix.. and still learning from you (4th question). Thanks Jerry!

Reply
kyron

Well, there is something wrong with your installation since zoe is owner of .. from within her folder, which implies she is owner of /home. This said, assuming the hacked account is not zoe\’s Answer #1 remains true ;)

Reply
jp

Whoops, @kyron, you\’re right that zoe should not be the owner of .. (/home) from within her home directory. (I made a copy-and-paste mistake there.) Try root instead.

And thanks, @troyhansonlm.

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>