Presentation is loading. Please wait.

Presentation is loading. Please wait.

Operating Systems Recitation 11, June 9-10, 2002.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Operating Systems Recitation 11, June 9-10, 2002."— Presentation transcript:

1 Operating Systems Recitation 11, June 9-10, 2002

2 Motivation Privileged facility needs to be available for general users. Example: Allow user to perform specific operation that requires root permissions.

3 Process and file identities Process: (user ID, group ID) x (real, effective) real: user running program effective: user whose permissions are used to access files and resources. File: owner ID, group owner ID domain (set user ID) bit.

4 Domain bit (set user ID bit) If user X executes a file owned by Y, whose domain bit is off, then real and effective user ID’s of process are set to X. If domain bit is on, then real user ID of process is set to X, and effective user ID is set to Y.

5 Process real and effective user ID’s #include uid_t getuid(void); uid_t geteuid(void); Return real, effective user ID of calling process.

6 Process real and effective user ID’s #include int setuid(uid_t uid); Sets both real and effective user ID’s. Only super-user. int seteuid(uid_t uid); Set effective user ID of process. Return 0 if OK, -1 on error.

7 Password file User name Encrypted password Numerical user ID Numerical group ID Comment field Initial working dir Initial shell char* pw_name char* pw_passwd uid_t pw_uid gid_t pw_gid char* pw_gecos char* pw_dir char* pw_shell

8 Entries in password file #include struct passwd* getpwuid(uid_t uid); struct passwd* getpwnam(const char *name); Return pointer if OK, NULL on error. Examples: –getpwuid is used by ls program to map numerical user ID in i-node to user’s login. –getpwnam is used by login program when entering login name.

9 Passwords in Unix Encryption of Unix passwords: one-way function (crypt). User passwords are far from random. Brute force (statistical, dictionary): educated guess, apply function, compare result. Shadow passwords: instead of visible encrypted passwords (in /etc/passwd file), store with root access (in /etc/shadow file). Breakable.

10 Exercise description Write a program that reads information from two files which only have owner permissions, by setting the program’s set- user-ID bit. User x runs a program owned by user y, and the program’s domain (suid) bit is on. Users x and y each have a secret file in their initial directory that only they can access. Program prints a line from both files.

11 Exercise description 1.Get real user ID (user running program). Set effective user to real user (if file suid bit is on then effective user was initially the program owner). Read first line of file named secret which in user’s initial directory, and printout user’s name, full path of secret file, and first line of secret file.

12 Exercise description 2.Get user ID of program owner using stat function (st_uid member in stat structure).

13 Exercise description 3.Get user name and initial directory of program owner. Set effective user ID (back) to program owner. Read first line of secret file which is in user’s initial directory, and printout user’s name, full path of secret file, and first line of secret file.

14 Exercise notes Save file named secret only with owner read/write permissions (chmod 600). Other users can access this file only using the ex-suid program.

15 Exercise description Example run: % /tmp/y/program real user: x secret file: /a/home/cc/students/cs/x/secret secret: X program owner: y secret file: /a/home/cc/cs/y/secret secret: Y

16 Exercise submission Submission: optional. Software Directory: ~username/os02b/ex-suid Files: ex-suid.c Permissions: chmod ugo+rx (to above) Hardcopy name, ID, login, CID ex-suid.c submit in 281, Nir Noimark, nirn@post.tau.ac.ilnirn@post.tau.ac.il Environment: Unix, Linux

17 References Operating systems, Sivan Toledo, Akademon, 2001. Operating systems concepts, Abraham Silberschatz and Peter Galvin, 1994. Advanced programming in the Unix environment, Richard Stevens, Addison- Wesley, 1993.

Download ppt "Operating Systems Recitation 11, June 9-10, 2002."

Similar presentations

Unit 5 – User Administration Randy Marchany VA Tech Computing Center.

Unit 5 – User Administration Randy Marchany VA Tech Computing Center.
Computer Science CSC 405 LabBy Yuzheng Zhou1 CSC 405 Introduction to Computer Security Lab session.

Computer Science CSC 405 LabBy Yuzheng Zhou1 CSC 405 Introduction to Computer Security Lab session.
System Files and Process Environment Password file Group file System identification Time Process environment.

System Files and Process Environment Password file Group file System identification Time Process environment.
Operating Systems Recitation 5, April 21-22, 2002 slide 13 updated April 28 th.

Operating Systems Recitation 5, April 21-22, 2002 slide 13 updated April 28 th.
Unix Security Issues Process Creation/Space Users and Groups File Permissions Relationship of Program and File Security.

Unix Security Issues Process Creation/Space Users and Groups File Permissions Relationship of Program and File Security.
Chapter 10 File System Security. Security Policies security policies are doors maintain a balance between total access and total security UNIX has two.

Chapter 10 File System Security. Security Policies security policies are doors maintain a balance between total access and total security UNIX has two.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
UNIX Chapter 08 File Security Mr. Mohammad Smirat.

UNIX Chapter 08 File Security Mr. Mohammad Smirat.
Getting Started with Linux Linux System Administration Permissions.

Getting Started with Linux Linux System Administration Permissions.
O.S security Ge Zhang Karlstad University. Outline Why O.S. security is important? Security schemes in Unix/Linux system Security schemes in windows system.

O.S security Ge Zhang Karlstad University. Outline Why O.S. security is important? Security schemes in Unix/Linux system Security schemes in windows system.
Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.

Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.
Files & Directories Objectives –to be able to describe and use the Unix file system model and concepts Contents –directory structure –file system concepts.

Files & Directories Objectives –to be able to describe and use the Unix file system model and concepts Contents –directory structure –file system concepts.
CIT 140: Introduction to ITSlide #1 CSC 140: Introduction to IT File Security.

CIT 140: Introduction to ITSlide #1 CSC 140: Introduction to IT File Security.
File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)

File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.

Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.
IT2204: Systems Administration I 1 6b). Introduction to Linux.

IT2204: Systems Administration I 1 6b). Introduction to Linux.
Operating Systems Recitation 9, May 19-20, 2002. Iterative server Handle one connection request at a time. Connection requests stored in queue associated.

Operating Systems Recitation 9, May 19-20, Iterative server Handle one connection request at a time. Connection requests stored in queue associated.
Unix System Administration Chapter 6 Adding New Users.

Unix System Administration Chapter 6 Adding New Users.
File Permission and Access. Module 6 File Permission and Access ♦ Introduction Linux is a multi-user system where users can assign different access permission.

File Permission and Access. Module 6 File Permission and Access ♦ Introduction Linux is a multi-user system where users can assign different access permission.

Similar presentations

Ads by Google