Skip to content

Chapter 3: Linux Commands & File Permissions

Source slides: L01_Introduction_and_Linux.pdf (slides ≈ 80 → end), Exercise E02_Linux_commands.pdf (+ solutions). Code base: V05_examples/test_dir/, find/, test.sh.


1. Chapter Overview

This is the single most important chapter for the written exam. Almost every HPC course exam has at least one big question on:

  • ls -l output decoding
  • chmod numeric ↔ symbolic conversion
  • Redirection (>, >>, <, 2>, 2>&1) and pipes (|)
  • Path types (absolute vs relative; ., .., ~)
  • The Linux Filesystem Hierarchy (/bin, /etc, /home, /var, /tmp, /usr)

Why it matters in HPC/CFD: every cluster job script, every solver invocation, every make rule depends on knowing where files are, who can read them, and how output is captured.

What the examiner asks (very high frequency):

  • "Given -rwxr-x--- 1 user grp 32 May 8 ls.txt, write the numeric chmod equivalent."
  • "Explain > vs >> vs 2>&1."
  • "Difference between absolute and relative paths."
  • "What is the difference between rm -r dir and rm dir?"
  • "Predict output of ls -l | grep May > log.txt."

What you must master for top grade:

  • The numeric ↔ symbolic ↔ binary triangle for permissions.
  • A two-column table of every basic command with its most-used flags.
  • The Linux directory tree (/, /bin, /etc, /home, /var, /tmp, /proc, /dev, /usr, /sbin, /opt).
  • umask and the default permission equation.
  • Special bits: setuid (4), setgid (2), sticky (1).

2. Basics from Zero

A Linux file is a name + bytes + metadata stored in a file system. The metadata includes who owns it (user / group), when it was changed, how big it is, and who can do what to it (read / write / execute) — those last bits are permissions.

বাংলায়: Linux-এ একটা file মানে শুধু data নয় — নাম, bytes আর metadata (মালিক, group, সময়, আকার, permission) মিলিয়ে একটা প্যাকেজ। Permission ঠিক করে কে পড়তে (read), লিখতে (write) বা চালাতে (execute) পারবে। পরীক্ষায় ls -l এর output থেকে এই metadata পড়তে বলা প্রায় নিশ্চিত — তাই প্রতিটা column চিনে রাখো।

You interact with files using commands — short programs taking arguments:

command [options] [arguments]

Examples: ls -l /home, cp -r src dst, rm -rf trash, chmod 755 script.sh.

Three friendly shortcuts:

  • TAB completes filenames and commands.
  • ↑/↓ scroll through the command history (also history).
  • Ctrl-R searches that history.

The Linux file system is a single tree starting at /. Common directories:

/        root of everything
/home    users' home dirs (~)
/etc     configuration files
/bin     essential commands (ls, cp)
/sbin    system commands (mount, fdisk)
/usr     installed programs (read-only-ish)
/var     variable data (logs, mail)
/tmp     temporary files (deleted on reboot)
/dev     devices (/dev/null, /dev/sda)
/proc    kernel/proc info (virtual)
/opt     optional / vendor software

A path is the way you refer to a file. Absolute path starts with /; relative path is from the current working directory (pwd).

বাংলায়: পুরো Linux filesystem একটাই গাছ, যার গোড়া /। Absolute path সবসময় / দিয়ে শুরু হয়, আর relative path তোমার বর্তমান directory থেকে গোনা হয়। কোন path কোন ধরনের — চেনার নিয়ম একটাই: প্রথম character টা / কিনা দেখো। পরীক্ষায় এই এক লাইনের সংজ্ঞাটাই সরাসরি নম্বর দেয়।

Permissions: every file has 9 bits, expressed as 3 triplets — user, group, other — each with r=4, w=2, x=1. Combinations:

rwx = 7   rw- = 6   r-x = 5   r-- = 4   -wx = 3   -w- = 2   --x = 1   --- = 0

Common targets:

  • 755 = rwxr-xr-x → owner full, others read+execute (typical for executables).
  • 644 = rw-r--r-- → owner write, others read (typical for text files).
  • 700 = rwx------ → only owner.
  • 777 = open to everyone (avoid).

Special bits add another digit in front (4xxx setuid, 2xxx setgid, 1xxx sticky).

বাংলায়: Permission-এর হিসাবটা আসলে binary গণিত: r=4, w=2, x=1 — যে bit গুলো আছে সেগুলো যোগ করলেই একটা octal digit। যেমন rwx = 4+2+1 = 7, r-x = 4+0+1 = 5। তিনটা triplet (user, group, other) মানে তিনটা digit, আর special bit গুলো সামনে চতুর্থ digit হিসেবে বসে। এই রূপান্তর মুখে মুখে করতে পারাটাই এই chapter-এর সবচেয়ে দামি দক্ষতা।

Real-life analogy. A Linux file is a folder in an office: it has an owner, a group of authorised co-workers, and a "public" rule. Permissions decide whether the owner alone can edit, or the whole team, or anyone walking past.

What if you misunderstand? You set chmod 777 on the cluster's shared directory. Anyone can rewrite your simulation results. Or you make a script chmod 644 and the cluster won't run it (no execute bit) — wasted compute hours.


3. Hard English Made Easy

Hard Term Simple English বাংলা Example
Working directory The folder you're currently in বর্তমান ফোল্ডার pwd
Absolute path Path starting from / মূল থেকে শুরু পথ /home/me/run.sh
Relative path Path from current directory বর্তমান ফোল্ডার থেকে পথ ../data/in.dat
Permission Who can read/write/execute অনুমতি rwxr-xr--
Owner / user The user who owns the file মালিক chmod u+x
Group A set of users দল chmod g+w
Other / world Everyone else অন্য সবাই chmod o-r
umask Default-permission mask ডিফল্ট পার্মিশন মাস্ক umask 022
Inode A file's metadata record ফাইলের metadata রেকর্ড ls -i
Symbolic link A pointer file প্রতীকী লিঙ্ক ln -s a b
Hard link Another name for the same inode দ্বিতীয় নাম একই ফাইলের ln a b
Redirection Send stdin/stdout/stderr to a file ইনপুট/আউটপুট স্থানান্তর cmd > out.txt
Pipe Send stdout of one to stdin of next এক কমান্ডের আউটপুট অন্যটির ইনপুট ls \| wc -l
Wildcard / Glob Filename pattern (*, ?, []) নামের প্যাটার্ন *.txt
Setuid Run as file's owner ফাইল মালিকের পরিচয়ে চলে chmod 4755 prog
Setgid Run as file's group ফাইল গ্রুপের পরিচয়ে chmod 2755 prog
Sticky bit Only owner can delete inside dir শুধু মালিক মুছতে পারবে chmod 1777 /tmp
FHS Filesystem Hierarchy Standard ফাইল সিস্টেম কাঠামো /etc, /usr
ACL Access Control List (extended) উন্নত অনুমতি তালিকা setfacl

4. Deep Theory Explanation

4.1 The command form

command   [-flags]   [--long-option]   [arguments]
  • Flags start with - (single letter) or -- (long word). -l -h-lh.
  • Arguments are usually file/directory names.
  • The -- stops option parsing: rm -- -file removes a file literally named -file.

বাংলায়: প্রতিটা command-এর গঠন এক: নাম, তারপর flag/option, তারপর argument। এক অক্ষরের flag গুলো জোড়া লাগানো যায় (-l -h একসাথে -lh)। আর -- মানে "এর পরে আর কোনো option নেই" — dash দিয়ে শুরু হওয়া নামের ফাইল মুছতে এটাই একমাত্র নিরাপদ উপায়।

4.2 Navigation

Command What it does
pwd Print working directory (absolute path)
ls List directory
cd dir Change directory
cd (no arg) Go to ~ (home)
cd - Go to previous directory
cd .. Go up one level
cd / Go to root
pushd / popd Directory stack

ls flags:

  • -l long listing (permissions, owner, size, date)
  • -a show hidden (dotfiles)
  • -h human readable sizes
  • -t sort by mtime (newest first)
  • -r reverse
  • -S sort by size
  • -R recurse
  • -i show inode
  • -d show directory itself, not its contents
  • combination: ls -lhart

4.3 Files and directories

Command Purpose Useful flag
mkdir d Create directory -p create parents (mkdir -p a/b/c)
rmdir d Remove empty dir
rm f Delete file -r recurse; -f force; -i interactive
cp a b Copy -r recursive; -p preserve metadata; -v verbose
mv a b Move/rename
touch f Create empty / update timestamp -d "2024-01-01" set time
ln -s tgt link Symlink -s symbolic
stat f Show metadata
file f Identify file type

4.4 Reading text

Command Use
cat Print whole file
tac Print reversed
less Pager (q=quit, /word search, g/G ends)
more Old pager
head -n 5 First 5 lines
tail -n 5 Last 5 lines (-f follow)
wc -l file Count lines (-w words, -c bytes)
cut -d: -f1 file Take field 1 of :-delimited file
paste a b Side-by-side join
tr 'a' 'A' Character translate
sort Sort (-n numeric, -r reverse, -k 2 by col 2)
uniq Collapse duplicates (sorted input)
Command Use
df -h Show free disk by mount
du -sh dir Size of dir (-s summary)
mount Show or attach a filesystem
umount Detach
ln a b Hard link
ln -s a b Symbolic link

How the two link types differ on disk:

  HARD LINK: two names, ONE inode         SYMLINK: two names, TWO inodes
  ┌─────────────┐                         ┌─────────────┐
  │ dir entry   │     ┌──────────────┐    │ dir entry   │     ┌──────────────┐
  │ "report" ───┼──┬─►│  inode 117   │    │ "report" ───┼────►│  inode 117   │
  └─────────────┘  │  │  links: 2    │    └─────────────┘     │  data blocks │
  ┌─────────────┐  │  │  data blocks │    ┌─────────────┐     └──────▲───────┘
  │ "backup" ───┼──┘  └──────────────┘    │ "link" ─────┼──┐         │ path lookup
  └─────────────┘                         └─────────────┘  │  ┌──────┴───────┐
                                                           └─►│  inode 204   │
  rm "report"  → count 2 → 1,                                 │  contains    │
  data survives; freed only                                   │  the TEXT    │
  when the count reaches 0                                    │  "report"    │
                                                              └──────────────┘
                                          rm "report" → inode 204 still stores
                                          the old path → DANGLING (broken) link

বাংলায়: Hard link মানে একই inode-এর দ্বিতীয় নাম — একটা নাম মুছলেও data থাকে, যতক্ষণ link count শূন্য না হয়। Symlink হলো আলাদা একটা ছোট ফাইল, যার ভেতরে শুধু target-এর path লেখা — target মুছলে symlink ভেঙে যায় (dangling)। আরও মনে রাখো: hard link অন্য filesystem-এ যেতে পারে না, symlink পারে। পরীক্ষায় এই তুলনাটা টেবিল আকারে লিখতে বলা খুব common।

4.6 Permissions — the formal model

Each file has 9 base bits + 3 special bits = 12 bits, written as 4 octal digits:

   special         user       group      other
  [SUID|SGID|STK] [r|w|x]   [r|w|x]    [r|w|x]
        4 2 1     4 2 1     4 2 1      4 2 1

Examples:

  • 0755 = rwxr-xr-x
  • 4755 = rwsr-xr-x (setuid)
  • 2755 = rwxr-sr-x (setgid)
  • 1777 = rwxrwxrwt (/tmp style)
  • 0644 = rw-r--r--
  • 0600 = rw-------

ls -l output decoded:

-rwxr-x--- 1 alice grp 1532 May  8 10:00 run.sh
^^^^^^^^^^
| || || ||
| || || └── other rwx
| || └── group rwx
| └── user rwx
└── type: '-'=file 'd'=dir 'l'=symlink 'c'=char dev 'b'=block dev

Anatomy of the permission string with the numeric conversion built in:

            -    r w x    r - x    r - -
            │    └──┬──┘  └──┬──┘  └──┬──┘
            │       │        │        │
            │       │        │        └────► other (everyone else)  r-- = 4+0+0 = 4
            │       │        └─────────────► group                  r-x = 4+0+1 = 5
            │       └──────────────────────► user (owner)           rwx = 4+2+1 = 7
            └──────────────────────────────► file type:  '-' file   'd' dir
                                             'l' symlink  'b' block  'c' char dev

            numeric mode:   7 5 4   ──►   chmod 754 file

Bit-weight arithmetic — the formal model

Each triplet is a 3-bit binary number. With indicator variables \(r, w, x \in \{0,1\}\) (1 = bit set):

\[\text{octal digit} = 4r + 2w + 1x\]

Worked example (symbolic to numeric). Convert rwxr-xr--:

Triplet \(r\) \(w\) \(x\) Computation Digit
user rwx 1 1 1 \(4+2+1\) 7
group r-x 1 0 1 \(4+0+1\) 5
other r-- 1 0 0 \(4+0+0\) 4

Result: chmod 754.

Worked example (numeric to symbolic). Decode 640: \(6 = 4+2\) gives rw-; \(4 = 4\) gives r--; \(0\) gives ---. For a regular file the full string is -rw-r-----.

বাংলায়: ls -l এর প্রথম column দশটা character: একটা file type + নয়টা permission bit, তিনটা triplet-এ ভাগ করা। প্রতিটা triplet-এ \(4r+2w+1x\) সূত্র বসালেই numeric mode বেরিয়ে আসে। দুই দিকেই (string থেকে সংখ্যা, সংখ্যা থেকে string) practice করো — এটা পরীক্ষার প্রায় guaranteed প্রশ্ন।

4.7 chmod / chown / chgrp

Numeric: chmod 755 script.sh.

Symbolic: chmod [ugoa][+-=][rwxXst] file

u  user (owner)         +  add
g  group               -  remove
o  other               =  set exact
a  all

Examples:

chmod u+x  run.sh         # add execute to owner
chmod go-w report.txt     # remove write from group & other
chmod a=r  shared.dat     # everyone read only
chmod -R 755 mydir        # recurse

Ownership:

chown alice file              # change owner
chown alice:students file     # owner & group
chgrp students file

4.8 umask

umask defines bits to remove from the default 0666 (file) or 0777 (dir) when something is created.

  • umask 022 → file 0644, dir 0755 (typical default).
  • umask 077 → file 0600, dir 0700 (private).
  • umask 002 → file 0664, dir 0775 (group-writable shared work).

The umask equation — bitwise AND NOT, not subtraction

Let \(m\) be the umask. At creation time:

\[P_{\text{file}} = 0666 \,\&\, \overline{m} \qquad\qquad P_{\text{dir}} = 0777 \,\&\, \overline{m}\]

where \(\&\) is bitwise AND and \(\overline{m}\) is the bitwise complement (NOT). The umask lists the bits to clear.

Worked example — umask 022:

file base  0666     110 110 110         dir base  0777     111 111 111
umask      0022     000 010 010         umask     0022     000 010 010
NOT umask           111 101 101         NOT umask          111 101 101
AND        ─────────────────────        AND       ─────────────────────
result     0644     110 100 100         result    0755     111 101 101
           rw-r--r--                              rwxr-xr-x

Worked example — umask 027:

file:  0666 & NOT(0027)  =  110 110 110 & 111 101 000  =  110 100 000  =  0640  rw-r-----
dir:   0777 & NOT(0027)  =  111 111 111 & 111 101 000  =  111 101 000  =  0750  rwxr-x---

Worked example — umask 077:

file:  0666 & NOT(0077)  =  110 110 110 & 111 000 000  =  110 000 000  =  0600  rw-------
dir:   0777 & NOT(0077)  =  111 111 111 & 111 000 000  =  111 000 000  =  0700  rwx------

Why "subtraction" is the wrong mental model. For umask 033, per-digit subtraction would predict \(666 - 033 = 633\), but the true result is

\[0666 \,\&\, \overline{0033} = 110\,110\,110 \,\&\, 111\,100\,100 = 110\,100\,100 = 0644\]

because the x bit (value 1) the mask tries to clear was never set in 6 — AND NOT cannot "borrow" like subtraction. Always write the bitwise version in the exam.

বাংলায়: umask মানে "কোন bit গুলো কেটে ফেলব" তার তালিকা — নতুন file পায় 666 AND NOT umask, নতুন directory পায় 777 AND NOT umask। এটা বিয়োগ নয়, bitwise operation — umask 033-এর ক্ষেত্রে বিয়োগ করলে ভুল উত্তর (633) আসবে, সঠিক উত্তর 644। আর file কখনো default-এ execute bit পায় না, কারণ base-টাই 666।

4.9 Special bits

Bit Octal On a file On a directory
setuid 4 Run with file's owner privileges (ignored)
setgid 2 Run with file's group privileges New files inherit group
sticky 1 (ignored) Only owner can delete inside

/tmp always has the sticky bit so users cannot delete each other's temp files.

The 4th octal digit — chmod 4755 fully decoded

The complete mode has four octal digits \((s, u, g, o)\); the leading digit packs \(\text{setuid} = 4\), \(\text{setgid} = 2\), \(\text{sticky} = 1\), added together exactly like r/w/x:

Digit of 4755 Value Decomposition Meaning
special 4 setuid process runs with the file owner's identity
user 7 \(4+2+1\) rwx
group 5 \(4+0+1\) r-x
other 5 \(4+0+1\) r-x

Displayed string: -rwsr-xr-x. The setuid bit is shown in the user x slot as s (lowercase because x is also set; a capital S means setuid without execute). Setgid appears the same way in the group x slot, sticky as t/T in the other x slot.

Quick checks: -rwxr-sr-x → special digit 2 → 2755; drwxrwxrwt1777; -rwSr--r-- → setuid set but user x missing → 4644.

বাংলায়: সামনের চতুর্থ digit-এ তিনটা special bit: setuid=4, setgid=2, sticky=1 — এগুলোও r/w/x-এর মতোই যোগ হয়। setuid মানে program মালিকের পরিচয়ে চলে (যেমন passwd), directory-তে setgid মানে নতুন file টা group inherit করে (shared HPC project dir-এ অপরিহার্য), আর sticky মানে শুধু মালিকই মুছতে পারে (/tmp)। ছোট হাতের s বা t মানে execute bit-ও set, বড় হাতের S বা T মানে execute নেই — এই খুঁটিনাটিতেই top marks লুকিয়ে আছে।

4.10 Redirection

Op Meaning
cmd > file overwrite stdout to file
cmd >> file append stdout
cmd 2> err stderr to file
cmd 2>&1 merge stderr into stdout
cmd > out 2> err split
cmd &> all.log bash: both into one
cmd < input.txt feed stdin
cmd <<EOF ... EOF here-doc

Pipe cmd1 | cmd2 connects stdout of cmd1 to stdin of cmd2.

Where the bytes go — the file-descriptor routing map:

                          ┌────────────────┐
        keyboard ───► 0   │                │   1 ───► terminal   (stdout)
                  stdin   │    program     │
                          │                │   2 ───► terminal   (stderr)
                          └────────────────┘

  cmd >  out.txt       FD 1 ──► out.txt (truncate first)    FD 2 ──► terminal
  cmd >> out.txt       FD 1 ──► out.txt (append at end)     FD 2 ──► terminal
  cmd 2> err.log       FD 1 ──► terminal                    FD 2 ──► err.log
  cmd <  in.txt        FD 0 ◄── in.txt
  cmd >  all.log 2>&1  FD 1 ──► all.log, then FD 2 ──► (copy of FD 1) ──► all.log
  cmd 2>&1 > out.txt   FD 2 ──► terminal (!), then FD 1 ──► out.txt  [order trap]
  cmd1 | cmd2          cmd1 FD 1 ──► [kernel pipe buffer] ──► FD 0 of cmd2

বাংলায়: প্রতিটা process তিনটা file descriptor নিয়ে শুরু হয়: 0 = stdin, 1 = stdout, 2 = stderr। > শুধু FD 1 ঘোরায়, 2> শুধু FD 2, আর 2>&1 মানে "FD 2-কে এখন FD 1 যেখানে যাচ্ছে সেখানে পাঠাও" — তাই লেখার ক্রম জরুরি: আগে > file, তারপর 2>&1। Pipe | কোনো ফাইল ছাড়াই এক process-এর stdout পরের process-এর stdin-এ জুড়ে দেয়।

4.11 Path types

Absolute /home/alice/sim/in.dat — full path from root.
Relative sim/in.dat — relative to pwd.
Special tokens: . = here, .. = parent, ~ = home.

4.12 Filesystem Hierarchy Standard (FHS)

Dir Purpose
/ Root
/bin, /sbin Essential / system binaries
/usr/bin, /usr/local/bin User programs
/etc Configuration
/home/<user> User home
/var Variable data (logs, queues)
/tmp Temp
/proc, /sys Kernel pseudo-FS
/dev Devices
/opt Vendor / optional software
/lib, /lib64 Shared libraries
/boot Bootloader & kernel
/mnt, /media Mount points

The mini FHS tree to reproduce in the exam:

/                              ── root of the single tree
├── bin/                       ── essential commands: ls, cp, bash
├── sbin/                      ── system admin commands: mount, fdisk
├── etc/                       ── configuration files (plain text)
├── home/
│   └── alice/                 ── user home, reachable as ~
├── usr/
│   ├── bin/                   ── installed user programs
│   └── local/bin/             ── locally compiled programs
├── var/
│   └── log/                   ── growing data: logs, queues, mail
├── tmp/                       ── scratch space, mode 1777 (sticky bit)
├── dev/                       ── device files: /dev/null, /dev/sda
├── proc/                      ── kernel + process pseudo-files
├── lib/, lib64/               ── shared libraries
├── boot/                      ── kernel + bootloader
└── opt/                       ── vendor / optional software

5. Command / Syntax / Code Breakdown

ls -l

  • Purpose: long listing with permissions/size/date.
  • Output: -rw-r--r-- 1 alice users 24 May 8 12:00 file.txt
  • Common mistake: confusing - (file) with d (directory) at column 1.

chmod 755 file

  • Purpose: set file permissions numerically.
  • Common mistake: writing chmode (typo from the lecture solutions); the command is chmod.
  • Exam tip: always show the binary breakdown.

chmod u+x,g-w file

Multiple symbolic ops separated by ,.

chown user:group file

Both at once. Needs root for changing owner unless target is your own.

cp -rpv src dst

  • -r recursive (directories)
  • -p preserve mode/owner/timestamp
  • -v verbose

rm -rf dir

The most dangerous command in Linux. -r recurse, -f force-no-prompt. Always double-check pwd before pressing Enter.

mv old new

Rename or move; works across filesystems.

wc -l file

Count lines. Add -w for words, -c bytes, -m chars.

df -h /home

Free space on the filesystem holding /home.

du -sh sim/

Total size of sim/ (summarised, human readable).

find . -name "*.cpp" -type f -size +1k

Find files (covered in detail in Ch. 7).

Tab-completion / history

$ ls /h<TAB>     # → /home/
$ history | tail -5
$ !42            # rerun command #42
$ !!             # rerun previous
$ !ls            # rerun last command starting with ls

6. Mandatory Practical Example

Purpose. Practice navigation, file creation, redirection, permissions — the exact skill the exam tests.

Input. A sandbox directory ~/sim01/ with a file we will create.

Code / Command

cd ~                                  # go home
mkdir -p sim01/{input,output}         # nested dirs
cd sim01
ls -l > listing.txt 2> err.log        # stdout to listing, stderr to err
echo "case 1" > input/case.in         # write text into a file
echo "case 2" >> input/case.in        # append
cat input/case.in                     # show it
wc -l input/case.in                   # count lines
chmod 600 input/case.in               # private
chmod 755 .                           # let everyone enter dir
ls -ld . input/case.in

Expected Output

case 1
case 2
2 input/case.in
drwxr-xr-x 4 alice alice 4096 May  8 12:01 .
-rw------- 1 alice alice   14 May  8 12:01 input/case.in

Step-by-Step Explanation

  1. mkdir -p creates parents on the fly.
  2. The brace expansion {input,output} makes both dirs in one call.
  3. > overwrites, >> appends.
  4. 2> redirects errors only.
  5. chmod 600 = rw------- (private), chmod 755 = rwxr-xr-x (browseable dir).
  6. ls -ld shows the directory itself, not its contents.

বাংলায়: এই উদাহরণটাই পরীক্ষার সবচেয়ে কমন প্যাটার্ন — directory বানাও, redirection দিয়ে ফাইলে লেখো, তারপর permission ঠিক করো। মনে রাখো: > মানে আগের লেখা মুছে নতুন করে লেখা, >> মানে শেষে যোগ করা, আর chmod 600 মানে শুধু মালিক পড়তে-লিখতে পারবে। ls -ld-এর d flag-টা খুব জরুরি — এটা ছাড়া directory-র ভেতরের জিনিস দেখায়, directory-র নিজের permission নয়।

Real-Life HPC/CFD Meaning. CFD jobs are organised this way: input/ (boundary conditions, mesh), output/ (logs, snapshots), and a case.in text file. Permissions matter when the project is shared with co-workers in the same Unix group on the cluster.

Written Exam Relevance. You may be asked to translate an ls -l line into numeric chmod or vice-versa, or describe what each command above does.


7. Real HPC/CFD Workflow

# 1. Land in scratch
cd $WORK/sim_$(date +%Y%m%d)
mkdir -p {meshes,configs,logs,results}

# 2. Get inputs
cp -p ~/projects/case-A/* configs/
ls -l configs/

# 3. Make scripts executable
chmod 755 configs/run.sh

# 4. Tighten secrets
chmod 600 configs/license.key

# 5. Capture stdout + stderr
./configs/run.sh > logs/run.log 2>&1 &
disown

# 6. Watch and clean up later
tail -f logs/run.log
du -sh results

বাংলায়: একটা সত্যিকারের cluster job-এর জীবনচক্র এটাই: scratch-এ গিয়ে ফোল্ডার বানানো, input কপি করা, script-কে executable করা (755), গোপন ফাইল lock করা (600), তারপর > log 2>&1 & দিয়ে background-এ চালিয়ে log দেখা। পরীক্ষায় এই workflow-এর যেকোনো একটা লাইন দেখিয়ে "এটা কী করে?" জিজ্ঞেস করা হতে পারে।


8. Exercises and Solutions (E02)

Task 1: File operation tools (slide 2)

The slide shows a folder structure; the task is to use mkdir, cd, ls, cp, mv, rm, touch, cat to create / modify / inspect.

Generic solution (mirroring the lecture screenshot):

cd ~
mkdir test
cd test
mkdir dir-1 dir-2
touch dir-1/my-file.txt
cp dir-1/my-file.txt dir-2/      # copy
ls -lR ~/test                    # verify
mv dir-2/my-file.txt dir-2/your-file.txt
rm dir-2/your-file.txt

Task 2: Redirection and pipes (slide 4)

cd ~
ls -l > test/dir-1/my-file.txt                          # 2. overwrite
ls -l | grep "May" > test/dir-2/my-file.txt             # 3. pipe + filter
cat test/dir-1/my-file.txt >> test/dir-2/my-file.txt    # 4. append

বাংলায়: > মানে নতুন করে লেখা, >> মানে শেষে যোগ, | মানে এক কমান্ডের আউটপুট পরের কমান্ডের ইনপুট।

Common mistake. Using > when you meant to append — destroys the existing file.

Harder version. Capture only the lines starting with d (directories) of ls -l:

ls -l ~ | grep "^d" > dirs.txt

Task 3: Word counting and permissions (slide 6)

touch task_3.txt
echo "string of characters" > task_3.txt
echo "another line" >> task_3.txt
cat task_3.txt
wc -l task_3.txt          # → 2
wc -w task_3.txt          # → 5
chmod 777 task_3.txt      # full access
ls -l task_3.txt

Slide solution typo: chmode 777 should be chmod 777.

Common mistake. Forgetting that wc shows <count> <filename> — read only the number.

Marking scheme (5 marks): 1 mark each for create, write, print, count (lines+words), chmod.


9. Written Exam Focus

9.1 Short Answers

Q. Difference between > and >>. A. > redirects stdout overwriting the target file; >> redirects stdout appending. Both create the file if it does not exist.

Q. What does chmod 755 file.sh do? A. Sets owner = read+write+execute, group = read+execute, others = read+execute.

Q. Difference between hard and symbolic link. A. A hard link is a second directory entry pointing to the same inode; a symbolic link is a small file that contains the path to another file. Hard links share data; symlinks can break.

Q. Define umask. A. A bitmask removed from the default 0666 (files) / 0777 (dirs) at creation time. umask 022 → files 0644, dirs 0755.

9.2 Medium Answers

Q. (5 marks) Translate -rwxr-xr-- 1 alice users 0 May 8 a.sh into numeric permissions and explain.

A. rwx = 7, r-x = 5, r-- = 4 → 754. Owner alice can read, write, execute; group users can read+execute; everyone else can only read. The leading - says it is a regular file.

Q. (8 marks) Explain redirection of stdout, stderr, and combined.

A. Each program has three default file descriptors: 0 (stdin), 1 (stdout), 2 (stderr). > redirects FD 1: ls > out. 2> redirects FD 2: ls 2> err. 2>&1 ties FD 2 to wherever FD 1 currently points: ls > all 2>&1 → both go into all. &> (bash extension) is a shortcut for the same. Append variants are >>, 2>>. Useful when launching long simulations: ./run.sh > run.log 2>&1 &.

বাংলায়: 2>&1-এর order খুব গুরুত্বপূর্ণ — আগে > all দিয়ে FD 1-কে ফাইলে পাঠাও, তারপর 2>&1 দিয়ে FD 2-কে FD 1-এর জায়গায় বেঁধে দাও। উল্টো করলে (2>&1 > all) stderr টার্মিনালেই থেকে যায় — এটা পরীক্ষার একটা প্রিয় trick question।

9.3 Long Answer (12 marks)

Q. Discuss Linux file permissions in detail, including special bits, with examples.

A.

Introduction. Linux protects files via a 12-bit permission system divided into three triplets (owner, group, others) and three special bits.

Main concept. Each base triplet has read (4), write (2), execute (1). Special bits — setuid (4), setgid (2), sticky (1) — sit above. Total notation = 4 octal digits.

Step-by-step.

  1. View with ls -l-rwxr-xr-- ....
  2. Change with chmod: numeric (chmod 755 f) or symbolic (chmod u+x,g-w f).
  3. Owner via chown, group via chgrp (need privileges).
  4. Special bits: chmod 4755 prog → setuid; whoever runs prog gains owner privileges (used by passwd). chmod 2755 dir → setgid; new files inside inherit the directory's group (vital for shared HPC project dirs). chmod 1777 /shared → sticky; only the owner can delete inside.
  5. Default-permission control via umask.

Real HPC/CFD link. On a cluster, project directories are typically chmod g+s so every collaborator's outputs belong to the project group; sticky bit on /tmp prevents tampering.

Conclusion. Permissions, combined with groups and ACLs, give Linux fine-grained, multi-user file security at near-zero cost.

9.4 Output Prediction

# Given file rights -rw-r----- (you are not the owner, not in group):
echo "hi" > read_only.txt

→ Fails: the shell reports Permission denied.

$ ls -l | grep "^d" | wc -l

→ Number of subdirectories in the current directory.

9.5 Comparison Tables

> >>
Action Overwrite Append
If file missing Creates Creates
If file exists Truncates! Keeps
Pipe \| Redirect >
Source Output of cmd1 Output of cmd
Target Input of cmd2 A file
Persistent? No (in-memory) Yes (file)
Hard link Symlink
Same inode? Yes No
Cross filesystems? No Yes
Breaks if target gone? No Yes
Created with ln a b ln -s a b

9.6 Templates

chmod template (numeric to symbolic): "The first digit gives special bits; the next three give user/group/other. 7 = rwx, 6 = rw-, 5 = r-x, 4 = r--, …"

Redirection template: "> overwrites stdout, >> appends, 2> captures stderr, 2>&1 merges stderr into stdout, | pipes stdout to stdin."

9.7 Marking Scheme — "Explain chmod 4755 prog" (5 marks)

  • 1 mark: 4 is the setuid bit.
  • 1 mark: 7 = owner rwx.
  • 1 mark: 5 = group r-x.
  • 1 mark: 5 = other r-x.
  • 1 mark: effect — when executed, runs as the file owner.

10. Very Hard Questions

Beginner

  1. Numeric for rw-r--r--? → 644.
  2. Symbolic for 700? → rwx------.
  3. Command to count words in a file? → wc -w f.
  4. Command to copy a directory? → cp -r src dst.
  5. Symbol meaning home directory? → ~.

Intermediate

  1. Numeric for rwsr-xr-x. → 4755.
  2. Numeric for rwxrwxrwt. → 1777.
  3. Why chmod 644 cannot run a script. → no execute bit.
  4. Difference cp vs mv performance on same FS. → mv just renames the inode entry.
  5. Output of ls -ld /tmp. → drwxrwxrwt root root ... showing sticky bit.

Hard

  1. After umask 027 an mkdir new creates which permissions? → \(0777 \,\&\, \overline{027} = 0750\).
  2. One-liner that lists only files (no dirs) in the current dir. → ls -lp | grep -v '/$' or find . -maxdepth 1 -type f.
  3. What happens to a hard-linked file when you delete one of the names? → The other still works; only when refcount = 0 is the inode/data freed.
  4. Predict result of cp -r dir1 dir2 if dir2 does not exist. → dir2 becomes a copy of dir1.
  5. Why does rm -i matter on a cluster? → Adds confirmation; prevents catastrophic deletes.

Very Hard

  1. Convert -rwsrwsr-T 1 root staff to numeric. → 7766. (s user = setuid+x, s group = setgid+x, capital T = sticky-but-no-other-x.)
  2. umask defaults differ between login and non-login shells; explain why. → ~/.bashrc vs ~/.profile set it in different startup paths.
  3. Why is rm -rf $undef_var/ dangerous? → If undef_var is empty, the command becomes rm -rf /.

Deep Integration

  1. Why is chmod -R 777 on a project a security flaw on a shared cluster? → Anyone can edit your input/output, breaking reproducibility and risking malicious code.
  2. Why does HPC software like SLURM need setuid helpers? → Some helper binaries elevate privileges briefly to enforce policy.

Coding/Command

  1. Give group writability to data/ recursively without touching others. → chmod -R g+w data/.
  2. Count .cpp files. → find . -type f -name "*.cpp" | wc -l.

Debugging

  1. bash: ./run.sh: Permission denied even though the file exists. → Missing execute bit; fix with chmod +x run.sh.
  2. ls /missing > log — what is in log? → Nothing; only stderr appears (on the terminal). FD 1 was redirected, FD 2 was not. Use 2>&1 to capture both.

11. Debugging and Mistake Analysis

Mistake Why wrong Correct version Explanation
chmod 770 * "recursively" * skips hidden files, doesn't recurse chmod -R 770 . -R recurses
cp dir new (no -r) Fails for directories cp -r dir new recursive flag
mv * ../ from inside dir might clobber existing files mv -i * ../ interactive prompt
rm -rf /home /alice (typo space) Two args → wipes /home! rm -rf /home/alice space matters
chmod -x dir to "lock" it Removes traversal! chmod 700 dir execute on dir = traverse
ls > log 2> log The two streams race & overwrite ls > log 2>&1 merge properly
Hard link across mounts Hard links can't cross filesystems ln -s symlink supports cross-FS
chmode 777 typo Command is chmod chmod 777 file careful spelling (lecture solution typo)

বাংলায়: এই টেবিলের প্রতিটা ভুল পরীক্ষায় "find the bug" আকারে আসতে পারে। সবচেয়ে মারাত্মক দুটো মনে রাখো: rm -rf -এ ভুল জায়গায় স্পেস (পুরো /home মুছে যাবে!), আর directory থেকে execute bit সরানো — execute মানেই directory-তে ঢোকার অনুমতি।


12. Mini Project for Mastery

Goal: Permission playground.

mkdir -p perm_demo && cd perm_demo
echo "hi" > public.txt && chmod 644 public.txt
echo "secret" > secret.txt && chmod 600 secret.txt
printf '#!/bin/bash\necho "Hello $USER"\n' > greet.sh && chmod 755 greet.sh
mkdir shared && chmod 2775 shared        # setgid
ls -l
./greet.sh

Connection to exam: be ready to write each ls -l permission string and translate it.


13. Final Chapter Cheat Sheet

Item Memorise
r=4 w=2 x=1 Permission values
chmod 755 rwxr-xr-x (script default)
chmod 644 rw-r--r-- (text default)
chmod 600 rw------- (private)
Setuid/Setgid/Sticky 4 / 2 / 1 (front digit)
Sticky example /tmp 1777
umask math \(P_{file}=0666\,\&\,\overline{m}\), \(P_{dir}=0777\,\&\,\overline{m}\); umask 022 → file 644, dir 755
> overwrite, >> append output redirection
2>&1 merge stderr into stdout (order matters!)
\| pipe
~ home, . here, .. up path tokens
cp -r mandatory for dirs
rm -rf dangerous, double-check pwd
wc -l count lines
chmod not chmode spelling trap
Cluster FHS /scratch, /work, /home, /opt
Top-grade phrase "Permissions = (special bits) + (user/group/other × r/w/x), expressed as 4 octal digits."

14. Mock Exam — Four Levels

Level 1 — Basic (definitions & syntax)

Q1. Write the numeric mode for rw-rw-r--.

Solution: 6,6,4 → 664. (\(rw{-}=4+2=6\), \(r{-}{-}=4\).)

Q2. Which command shows the size of every file in the current directory in human-readable form?

Solution: ls -lh (or du -sh * for directory totals).

Q3. What does the first character of drwxr-xr-x mean?

Solution: File type: d = directory (- regular file, l symlink).

Q4. Which file descriptor numbers belong to stdin, stdout, stderr?

Solution: 0 = stdin, 1 = stdout, 2 = stderr.

Q5. Write the command that renames old.dat to new.dat.

Solution: mv old.dat new.dat.

Level 2 — Intuitive (predict the output / explain why)

Q1. umask prints 0027. You run touch a.txt and mkdir d. What permissions result?

Solution: Files start from 0666: \(0666\,\&\,\overline{0027}=0640\)rw-r-----. Dirs start from 0777: \(0777\,\&\,\overline{0027}=0750\)rwxr-x---.

Q2. echo hello > f; echo bye > f; cat f — what prints and why?

Solution: bye. The second > truncated the file before writing.

Q3. You can cat secret.txt inside /data but ls /data fails with Permission denied. Explain.

Solution: /data has execute (traverse) but not read for you: x lets you pass through and open known names; r is needed to list contents.

Q4. Why does chmod 777 script.sh still not guarantee ./script.sh runs on a cluster?

Solution: The filesystem may be mounted noexec, the interpreter on the shebang line may not exist, or the script may have CRLF line endings — the execute bit is necessary, not sufficient.

Q5. ls -l file shows link count 3 for a regular file. What does that mean?

Solution: There are 3 hard links (3 directory entries) pointing to the same inode; deleting one leaves the data reachable via the other two.

Level 3 — Hard (exam level)

Q1. (6 marks) A admin sets umask 0077. Show the binary computation of the resulting permission of a new file, and give one practical drawback on a shared project.

Solution: \(0666\,\&\,\overline{0077}\): \(110\,110\,110 \,\&\, 111\,000\,000 = 110\,000\,000 = 0600\)rw-------. Drawback: group members cannot read your results — shared post-processing breaks until you chmod g+r. বাংলা ইঙ্গিত: umask কখনো permission "যোগ" করে না, শুধু কেড়ে নেয় — file-এর ক্ষেত্রে base 666 থেকে শুরু, তাই umask যাই হোক execute আসবেই না।

Q2. (6 marks) Decode chmod 2754 dir fully (every digit, every triplet) and state the effect of the leading digit on files created inside.

Solution: 2 = setgid; 7 = owner rwx; 5 = group r-x; 4 = others r--rwxr-sr--. With setgid on a directory, new files inherit the directory's group instead of the creator's primary group — the standard setup for shared HPC project dirs. বাংলা ইঙ্গিত: প্রথম digit-টা special bits (4=setuid, 2=setgid, 1=sticky); directory-তে setgid মানে group inheritance — পরীক্ষায় এই effect-টা লিখতেই হবে।

Q3. (8 marks) Write ONE command line that runs ./solver so that stdout goes to out.log, stderr goes to err.log, and the job keeps running after you log out.

Solution: nohup ./solver > out.log 2> err.log & (then optionally disown). nohup shields from SIGHUP at logout; & backgrounds; separate redirections split the streams. বাংলা ইঙ্গিত: তিনটা শর্ত = তিনটা টুকরা: stdout redirect, stderr আলাদা redirect, আর logout-প্রুফ করতে nohup + &।

Q4. (8 marks) Given -rwsr-xr-x 1 root root ... /usr/bin/passwd, explain why an ordinary user can change their password although /etc/shadow is -rw------- root root.

Solution: passwd has the setuid bit (s in the owner triplet). When executed, the process runs with the file owner's effective UID (root), so it may write /etc/shadow. The kernel grants this only for the duration of that process. বাংলা ইঙ্গিত: setuid মানে "যে চালায় সে নয়, যার ফাইল তার অধিকারে চলে" — এটাই classic exam answer।

Q5. (10 marks) A colleague reports: bash: ./run.sh: /bin/bash^M: bad interpreter. Diagnose, give the fix, and explain why chmod +x does not help.

Solution: The script was edited on Windows: CRLF endings put a carriage return (^M) after /bin/bash in the shebang, so the kernel looks for an interpreter literally named /bin/bash\r. Fix: dos2unix run.sh or sed -i 's/\r$//' run.sh. The execute bit is already fine — the failure happens at interpreter lookup, after permission checks. বাংলা ইঙ্গিত: ^M দেখলেই বুঝবে Windows line ending — permission-এর সমস্যা নয়, shebang-এর সমস্যা।

Level 4 — Beyond the lecture (transfer + coding)

Q1. Write a bash one-liner that finds every file under results/ that is group-writable AND owned by you, and revokes the group write bit — printing each file it changes.

Solution:

find results/ -type f -perm -g+w -user "$USER" -exec chmod -v g-w {} \;
-perm -g+w matches files with at least group-write; -exec ... {} \; applies the change per file; -v prints it. বাংলা ইঙ্গিত: -perm এর তিন রূপ আছে (exact, -all-of, /any-of) — এখানে "-" মানে অন্তত এই bit-গুলো set থাকা চাই।

Q2. A C++ program writes a results file with std::ofstream f("out.csv");. After running it under umask 077, your teammate cannot read out.csv. Explain the chain from C++ to kernel, and give two fixes (one in shell, one in code).

Solution: ofstreamopen(2) with mode 0666 → kernel applies \(0666\,\&\,\overline{077} = 0600\). Shell fix: run with umask 022 (or chmod g+r out.csv afterwards). Code fix: after writing, call chmod() from <sys/stat.h>: chmod("out.csv", 0644);. বাংলা ইঙ্গিত: ভাষা যাই হোক — সব ফাইল তৈরিই শেষে kernel-এর open(2)-তে যায়, আর umask সেখানেই কাটে।

Q3. You run ./solver > log 2>&1 & then ls -l log repeatedly. The file stays size 0 for minutes although the solver prints progress when run interactively. Explain and give two remedies.

Solution: The C library switches stdout from line-buffered (terminal) to fully buffered (file, typically 4–8 KiB blocks), so output sits in the buffer. Remedies: run with stdbuf -oL ./solver > log 2>&1 & (line-buffer), or flush in code (std::cout << std::flush / fflush(stdout)); tail -f log will then update live. বাংলা ইঙ্গিত: টার্মিনালে line-buffered, ফাইলে block-buffered — এই fact-টা HPC log দেখার সময় বারবার কাজে লাগে।

Q4. Design the permission scheme for a shared CFD project dir /work/proj42 for group cfd: members must create/edit files, files must inherit the group, non-members must have no access, and nobody should delete others' files. Give the exact commands.

Solution:

chgrp -R cfd /work/proj42
chmod 3770 /work/proj42      # 2(setgid)+1(sticky)=3, rwxrwx---
setgid (2) → group inheritance; sticky (1) → only owners delete their own files; 770 → full access for owner+group, none for others. Members should also use umask 007 so new files are group-writable. বাংলা ইঙ্গিত: setgid+sticky একসাথে = প্রথম digit 3 — এটা মনে রাখলে পুরো প্রশ্নটা এক লাইনে নামে।


কোন কোন bit কাটা দরকার, সেটাই umask-এর digit।

End of Chapter 3.