Thursday, July 23, 2009

Redirection and 2>&1

In Unix, one often finds a input and output redirection "<", ">", ">>". These are simple to understand.

Users can also do redirect one stream into another stream. This is done by using standard file descriptors. So, if someone wants to redirect all standard errors to whereever standard output is going, add 2>&1 in the end of the command. 2>&1 means send the standard errors to where standard output is going. 2 is the default file descriptor for stderr and 1 for stdout. If certain command is redirecting stdout to, say some file, stderr still goes to default screen. If you want stderr also to be sent to the file where stdout is going, use 2>&1.
Similarly, you can also redirect stdout to whereever stderr is going by 1>&2.

Also, remember that "some unix command > some_file 2>&1" is different from "some unix command 2>&1 > some_file". The first one redirects stderr to some_file, whereas the second won't.

Saturday, July 11, 2009

A tutorial on setuid and sticky bits in Unix

Unix users are sometimes confused with setuid and sticky bit permissions on files and directories. Below is a small tutorial on the most common use of setuid and sticky bits.

There are certain files or devices that are writable only by root. Nevertheless, ordinary users often have to use root-owned programs that try to write to those files. Since these files are writable only by root, how would a non-root user run the program that writes into that file. The solution in Unix is setuid bit. When this bit is set on a root-owned program, the program gets the effective privileges of root even when run by non-root user. This happens only for setuid programs i.e. for programs that have setuid bit set by owner/root. Example is passwd program that modifies the password files that are writable only by root. Since passwd program is setuid id, any non-root user can run this program and modify his/her password. Another example is ping program that is also setuid since ordinary users also run the ping program that accesses network devices.

In the file permission listing found by command “ls –l” setuid programs have the s in place of x. This means the program is both executable by owner and setuid. Another possibility is S in place of x which means the program is setuid but NOT executable. The program permissions could look like

rwsr-xr-x ( executable by root and setuid; what matters for setuid bit is the third letter)

OR

rwSr-xr-x ( hmmm…does it make sense !?)

One can make a program setuid by

chmod u+s prog_name

OR

chmod 4755 prog_name

Although the explanation above was specific to root-owned files, it could apply to any owner. So any user can make a program owned by himself/herself setuid and let others modify some of the owner’s files by this program.

Another related special permission setting for a program is setgid bit which is similar to above, but is useful only to the owner’s group. The setuid and setgid bits have different meanings when applied to directories. setgid bit on directory "d" means that any file or directory created under it would get the group id of "d". Remember that normally the group id of any newly created directory is the group id of the user who created it.

Yet another special permission is the sticky bit. Now-a-days, it is mainly used for directories. Let us first understand what directory permissions mean. Some directories are writable by all users. That means all users can create files as well as delete files inside such directories. Execute permission for a directory means search permission into that directory. So, execute permission is necessary to descend into that directory.

An example of directory with sticky bit set is /tmp. This directory stores temporary data that is created by user programs. Since these directories are writable by all, any user can delete any file! Even those files that are owned by others! To fix this state, such directories have sticky bit set. Now only the owners can delete any file in such directories.

Directories with sticky bit set have t letter in the execute permission set for others, as seen by the output of “ls –l”.

rwxrwxrwt ( sticky bit is set and execute permission for others)

OR

rwxrwxrwT ( sticky bit set but no execute permission for others)

Capital T means that others don’t have execute permission for that directory, so they can’t search into it.

update: Added setgid directory explanation.


Tuesday, May 19, 2009

How Unix shell executes commands

Unix shell runs all the commands in a new forked child process. It means, the shell in which the command is invoked becomes the parent that creates a child process ( a shell process). The child in turn exec's the command by overlaying itself with the command's image. Why would the new process be created for executing the command? Can't the shell run the command in the same process. The answer is:
If the shell overlays itself with the command's process image, it would have nowhere to return when the command finishes executing. This would close the parent shell. Running "exec command_name" effectively does this i.e. runs the command that evetually closes the shell when the command execution is over. To avoid closing the invoking shell itself, all commands are run in a new child process by the shell.

We can use "strace" utility to track down the child process creation and execution system calls. Note that doing strace on the command will only trace the command after fork i.e. the output will show execve(...) followed by other syscalls ending with some exit call. This is so because we are tracing only the command which really is in the child process. To trace how the shell has created a new child process by fork() (clone() family in Linux), do strace on the current shell in a separate terminal and then run a command in the current shell.

PS: edited off the 'subshell' part as that is a different beast altogether...

Friday, January 2, 2009

Software engineering vs teaching

I faced a reality check last week. I always wondered why anyone, competent and educated in the field of computers, would pursue a career in teaching and not join a company as software engineer. It was perhaps the inability of the person to cope up with the demanding environment in the software field. That could be the reason anyone leaves a better paying job and settles for lowly-paid teaching career - or so I thought.

Last week I sat down and tried to list the pros and cons of the two careers.
Here's what I got from my "findings".

Let's tackle the salary part first. Since a teaching career asks for a formal degree, preferably a post graduation, let's assume the person is a post graduate in Computers.

Now, if the person choses to join an IT career, he has to devote at least 40 hours a week for work; in reality it could be much more if one takes into account the unpaid "late-nights". Assuming a 30 days month, and a good INR 50,000 a month in salary, the person makes about INR 285/hr.

On the other hand, a teacher at an engineering institute has about 18 hrs a week of teaching load. For INR 40,000 a month, the teacher would be making about INR 500/hr on average - a full 215/hr more on average than his counterpart!

Other pros of a teaching job vs software engineering -

- no late-night unpaid overtime work that one is expected to do
- better quality of life, better family life as well; a teacher can spend much more time with family
- no continuous sitting-in-front-of-computer-screen until you visit your doc for back-pain; backache is known to be a common ailment with IT professionals
- less stress; no deadlines
- stability; none of those pink-slip days inspite of very good performance. It's not uncommon to find star-achievers, poster-boys being given a boot if the head honchos make company wide cost-cutting plans

Taking all the above into account, I wonder why anyone would prefer IT career over teaching if given a choice. Is it for that extra few thousands? Consider this! IT companies are located mostly in places where the extra salary of a software professional would be spent on rent and other costs. A teacher can take up consultancy work and could earn even more ...