CS代考 along with what sort of access is allowed (i.e., the “what”)

along with what sort of access is allowed (i.e., the “what”)
A security principal is normally a user or a group of users a file typically contains two pieces of information
which user owns the file (uid)
which group owns the file (gid)
each running process can have several security principals associated with it
for Sixth-Edition Unix, one user ID and one group ID
a process in some other OSes can have more than one group IDs
3
321 0
Operating Systems – CSCI 402
Access Protection
OS needs to make sure that only authorized processes are allowed access to system resources
various ways to provide this
Unix (and many other systems, such as Windows) associates with files some indication of which security principals (i.e., the “who”) are allowed access
Copyright ý . Systems – CSCI 402
Access Protection
% ls -l z
-rw-r–r– 1 bill adm 593 Dec 17 13:34 z
Each file has associated with it a set of access permissions
there are 3 classes of security principals:
user: owner of the file
group: group owner of the file others: everyone else
for each of the 3 classes of principals, specify what sorts of operations on the file are allowed
the operations are grouped into 3 classes:
read: can read a file or directory
write: can write a file or directory
execute: one must have execute permission for a directory in order to follow a path through it
321 0
4
Copyright ý . Systems – CSCI 402
Access Protection
Rules for checking permissions
1) determines the smallest class of principals the requester belongs to (“user” being smallest and “others” being largest)
2) then it checks for appropriate permissions within that class
Process P
Can process P access file F?
in (1), we need to determine which class is P puid: process uid fuid: file uid pgid: process gid fgid: file gid
if (puid == fuid) {
/* requester is “user/owner” */
} else if (pgid == fgid) {
/* requester is”group-owner” */
} else {
/* requester is”others”*/
}
File F
fuid fgid
puid pgid
5
321 0
Copyright ý . Cheng

% ls -lR
.:
total 2
drwxr-x–x 2 bill
drwxr—– 2 bill
./A:
total 1
-rw-rw-rw- 1 bill
./B:
total 2
-r–rw-rw- 1 bill
-rw—-rw- 1 trina adm
Permissions Example
adm adm
adm
1024 Dec 17 13:34 A
1024 Dec 17 13:34 B
593 Dec 17 13:34 x
446 Dec 17 13:34 x
446 Dec 17 13:45 y
adm
Suppose that bill and trina are members of the adm group and andy is not
1) Q: May andy list the contents of directory A?
Operating Systems – CSCI 402
6
321 0
Copyright ý . Cheng

% ls -lR
.:
total 2
drwxr-x–x 2 bill adm
drwxr—– 2 bill adm
./A:
total 1
-rw-rw-rw- 1 bill adm
./B:
total 2
-r–rw-rw- 1 bill adm
-rw—-rw- 1 trina adm
1024 Dec 17 13:34 A
1024 Dec 17 13:34 B
593 Dec 17 13:34 x
446 Dec 17 13:34 x
446 Dec 17 13:45 y
Permissions Example
Suppose that bill and trina are members of the adm group and andy is not
1) Q: May andy list the contents of directory A? A: No
Operating Systems – CSCI 402
7
321 0
Copyright ý . Cheng

% ls -lR
.:
total 2
drwxr-x–x 2 bill
drwxr—– 2 bill
./A:
total 1
-rw-rw-rw- 1 bill
./B:
total 2
-r–rw-rw- 1 bill
-rw—-rw- 1 trina adm
Permissions Example
adm adm
adm
1024 Dec 17 13:34 A
1024 Dec 17 13:34 B
593 Dec 17 13:34 x
446 Dec 17 13:34 x
446 Dec 17 13:45 y
adm
Suppose that bill and trina are members of the adm group and andy is not
2) Q: May andy read A/x?
Operating Systems – CSCI 402
8
321 0
Copyright ý . Cheng

% ls -lR
.:
total 2
drwxr-x–x 2 bill adm
drwxr—– 2 bill adm
./A:
total 1
-rw-rw-rw- 1 bill adm
./B:
total 2
-r–rw-rw- 1 bill adm
-rw—-rw- 1 trina adm
1024 Dec 17 13:34 A
1024 Dec 17 13:34 B
593 Dec 17 13:34 x
446 Dec 17 13:34 x
446 Dec 17 13:45 y
2) Q: May andy read A/x? A: Yes
Permissions Example
Suppose that bill and trina are members of the adm group and andy is not
Operating Systems – CSCI 402
9
321 0
Copyright ý . Cheng

% ls -lR
.:
total 2
drwxr-x–x 2 bill
drwxr—– 2 bill
./A:
total 1
-rw-rw-rw- 1 bill
./B:
total 2
-r–rw-rw- 1 bill
-rw—-rw- 1 trina adm
Permissions Example
adm adm
adm
1024 Dec 17 13:34 A
1024 Dec 17 13:34 B
593 Dec 17 13:34 x
446 Dec 17 13:34 x
446 Dec 17 13:45 y
adm
Suppose that bill and trina are members of the adm group and andy is not
3) Q: May trina list the contents of directory B?
Operating Systems – CSCI 402
10
321 0
Copyright ý . Cheng

% ls -lR
.:
total 2
drwxr-x–x 2 bill
drwxr—– 2 bill
./A:
total 1
-rw-rw-rw- 1 bill
./B:
total 2
-r–rw-rw- 1 bill
-rw—-rw- 1 trina adm
Permissions Example
adm adm
adm
1024 Dec 17 13:34 A
1024 Dec 17 13:34 B
593 Dec 17 13:34 x
446 Dec 17 13:34 x
446 Dec 17 13:45 y
adm
Suppose that bill and trina are members of the adm group and andy is not
3) Q: May trina list the contents of directory B? A: Yes
Operating Systems – CSCI 402
11
321 0
Copyright ý . Cheng

% ls -lR
.:
total 2
drwxr-x–x 2 bill
drwxr—– 2 bill
./A:
total 1
-rw-rw-rw- 1 bill
./B:
total 2
-r–rw-rw- 1 bill
-rw—-rw- 1 trina adm
Permissions Example
adm adm
adm
1024 Dec 17 13:34 A
1024 Dec 17 13:34 B
593 Dec 17 13:34 x
446 Dec 17 13:34 x
446 Dec 17 13:45 y
adm
Suppose that bill and trina are members of the adm group and andy is not
4) Q: May trina modify B/y?
Operating Systems – CSCI 402
12
321 0
Copyright ý . Cheng

% ls -lR
.:
total 2
drwxr-x–x 2 bill adm
drwxr—– 2 bill adm
./A:
total 1
-rw-rw-rw- 1 bill adm
./B:
total 2
-r–rw-rw- 1 bill adm
-rw—-rw- 1 trina adm
1024 Dec 17 13:34 A
1024 Dec 17 13:34 B
593 Dec 17 13:34 x
446 Dec 17 13:34 x
446 Dec 17 13:45 y
Permissions Example
Suppose that bill and trina are members of the adm group and andy is not
4) Q: May trina modify B/y? A: No
Operating Systems – CSCI 402
13
321 0
Copyright ý . Cheng

% ls -lR
.:
total 2
drwxr-x–x 2 bill
drwxr—– 2 bill
./A:
total 1
-rw-rw-rw- 1 bill
./B:
total 2
-r–rw-rw- 1 bill
-rw—-rw- 1 trina adm
Permissions Example
adm adm
adm
1024 Dec 17 13:34 A
1024 Dec 17 13:34 B
593 Dec 17 13:34 x
446 Dec 17 13:34 x
446 Dec 17 13:45 y
adm
Suppose that bill and trina are members of the adm group and andy is not
5) Q: May bill modify B/x?
Operating Systems – CSCI 402
14
321 0
Copyright ý . Cheng

% ls -lR
.:
total 2
drwxr-x–x 2 bill adm
drwxr—– 2 bill adm
./A:
total 1
-rw-rw-rw- 1 bill adm
./B:
total 2
-r–rw-rw- 1 bill adm
-rw—-rw- 1 trina adm
1024 Dec 17 13:34 A
1024 Dec 17 13:34 B
593 Dec 17 13:34 x
446 Dec 17 13:34 x
446 Dec 17 13:45 y
Permissions Example
Suppose that bill and trina are members of the adm group and andy is not
5) Q: May bill modify B/x? A: No
Operating Systems – CSCI 402
15
321 0
Copyright ý . Cheng

% ls -lR
.:
total 2
drwxr-x–x 2 bill
drwxr—– 2 bill
./A:
total 1
-rw-rw-rw- 1 bill
./B:
total 2
-r–rw-rw- 1 bill
-rw—-rw- 1 trina adm
Permissions Example
adm adm
adm
1024 Dec 17 13:34 A
1024 Dec 17 13:34 B
593 Dec 17 13:34 x
446 Dec 17 13:34 x
446 Dec 17 13:45 y
adm
Suppose that bill and trina are members of the adm group and andy is not
6) Q: May bill read B/y?
Operating Systems – CSCI 402
16
321 0
Copyright ý . Cheng

% ls -lR
.:
total 2
drwxr-x–x 2 bill
drwxr—– 2 bill
./A:
total 1
-rw-rw-rw- 1 bill
./B:
total 2
-r–rw-rw- 1 bill
-rw—-rw- 1 trina adm
Permissions Example
adm adm
adm
1024 Dec 17 13:34 A
1024 Dec 17 13:34 B
593 Dec 17 13:34 x
446 Dec 17 13:34 x
446 Dec 17 13:45 y
adm
Suppose that bill and trina are members of the adm group and andy is not
6) Q: May bill read B/y? A: No
Operating Systems – CSCI 402
17
321 0
Copyright ý . Systems – CSCI 402
Open
#include
#include
#include
int open(const char *path, int options [, mode_t mode])
options
O_RDONLY open for reading only
O_WRONLY open for writing only
O_RDWR open for reading and writing
O_APPEND set the file offset to end of file prior to each write O_CREAT if the file does not exist, then create it, setting its mode to mode adjusted by user mask (umask)
O_EXCL: if O_EXCL and O_CREAT are set, then open fails if the file exists
O_TRUNC delete any previous contents of the file O_NONBLOCK don¡¯t wait if I/O cannot be done immediately some options are not compatible with other options
18
321 0
Copyright ý . Cheng

% chmod 0640 z
% ls -l z
-rw-r—– 1 bill adm
593 Dec 17 13:34 z
321 0
Operating Systems – CSCI 402
Setting File Permissions
#include
#include
int chmod(const char *path, mode_t mode)
sets the file permissions of the given file to those specified in mode
only the owner of a file and the superuser may change its permissions
nine combinable possibilities for mode (read/write/execute for user, group, and others)
S_IRUSR (0400), S_IWUSR (0200), S_IXUSR (0100) S_IRGRP (040), S_IWGRP (020), S_IXGRP (010)
S_IROTH (04), S_IWOTH (02), S_IXOTH (01)
note: numeric prefix of 0 means the number is in octal format
19
Copyright ý . Systems – CSCI 402
Creating a File
Use either open or creat
open(const char *pathname, int flags, mode_t mode)
flags must include O_CREAT to create a file
creat(const char *pathname, mode_t mode) open is preferred
The mode parameter helps specify the permissions of the newly created file
permissions = mode & ~umask
20
321 0
Copyright ý . Systems – CSCI 402
Umask
Standard programs create files with “maximum needed permissions” as mode
compilers: 0777 editors: 0666
Per-process parameter, umask, used to turn off undesired permission bits
e.g., turn off all permissions for others, write permission for group: set umask to 027
compilers: permissions = 0777 & ~(027) = 0750
editors: permissions = 0666 & ~(027) = 0640
set with umask() system call or (usually) umask shell command
21
321 0
Copyright ý . Systems – CSCI 402
Midterm Exam Coverage
Midterm exam covers everything from the beginning of the semester to this slide
Ch 1 through Ch 4 only
Ch 5 materials are excluded from the midterm
final exam coverage will not overlap midterm coverage
since the topics covered by the final exam is not independent of the midterm coverage, we say the final exam “focuses” on Ch 5 plus everything beyond this slide
22
321 0
Copyright ý . Cheng