DOC PREVIEW
U of I CS 241 - Discussion Section 9

This preview shows page 1-2-21-22 out of 22 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 22 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 22 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 22 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 22 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 22 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

CS241 System ProgrammingOutlinePOSIX ACLPOSIX ACL (continued)Slide 5ACL and file permission bitsManipulating file permission bitsAccess Check AlgorithmACL functionsPOSIX CapabilitiesPOSIX Capabilities (continued)Slide 12Capability functionsFragmentationStorage Placement AlgorithmsExercisemalloc revisitedmalloc revisited (continued)Slide 19Slide 20free revisitedSummaryCS241 System ProgrammingDiscussion Section 9April 3 – April 6OutlineUNIX SecurityAccess Control ListsCapabilitiesMemory ManagementFragmentationStorage Placement Algorithmsmalloc revisitedPOSIX ACLPOSIX standard (POSIX 1003.1e, POSIX 1003.2c)Currently withdrawnMany implementations follow this standardBasic file commands (cp, mv, ls, etc) support ACLsACL TypeDefault ACLAssociated with directoriesInitial access ACL to objects under the directoryAccess ACLAssociated with objectsInitialized when creat, mkdir, mknod, mkfifo, or open functionPOSIX ACL (continued)ACL FormatACL EntryEntry Tag TypeACL_USER_OBJ, ACL_USER, ACL_GROUP_OBJ, ACL_GROUP, ACL_MASK, ACL_OTHEREntry Tag Qualifier (optional)Set of permissionsExample (long text form)user::rw- # owneruser:lisa:rw- # named usergroup::r-- # owning groupgroup: toolies:rw- # named groupmask::r-- # maskother::r-- # otherPOSIX ACL (continued)Valid ACL Should contain exactly one entry with ACL_USER_OBJ, ACL_GROUP_OBJ, ACL_OTHER tag types.ACL_USER, ACL_GROUP is optional.Should have ACL_MASK if ACL has one of theseUser ID qualifiers or group ID qualifiers must be unique among ACL_USER or ACL_GROUP.ACL and file permission bitsACL permissions are a superset of permissions by file permission bitsACL_USER_OBJ corresponds to the file ownerACL_GROUP_OBJ (or ACL_MASK) corresponds to the file groupACL_OTHER corresponds to the other classModification of one results in modification of the other.Manipulating file permission bitsCommandschmod: changes file permission bitschown: changes file owner and groupchgrp: changes group ownershipExampleschmod go-w file1chmod go+rw file1 file2chmod ugo+rwx file1chmod 644 file1chown roger file1 file2Access Check AlgorithmUpon a read, write, or execute request of a file objectCase 1: user ID matches the file object ownerACL_USER_OBJ entry should contain the requested permissionCase 2: user ID matches ACL_USER qualifierMatching ACL_USER and ACL_MASK entry should contain the requested permissionCase 3: group ID matches file group or ACL_GROUP qualifierIf ACL contains ACL_MASK, matching ACL_GROUP_OBJ or ACL_GROUP entry should contain the requested permissionOtherwise, ACL_GROUP_OBJ entry should contain the requested permissionCase 4: OtherwiseACL_OTHER should contain the requested permissionIn other cases, the access is denied.ACL functions#include <sys/acl.h>ACL storage managementacl_dup, acl_free, acl_initACL entry manipulationacl_copy_entry, acl_create_entry, acl_delete_entry, acl_get_entry, acl_validacl_add_perm, acl_calc_mask, acl_clear_perms, acl_delete_perm, acl_get_permset, acl_set_permsetacl_get_qualifier, acl_get_tag_type, acl_set_qualifier, acl_set_tag_typeACL manipulation on an objectacl_delete_def_file, acl_get_fd, acl_get_file, acl_set_fd, acl_set_fileACL format translationacl_copy_entry, acl_copy_ext, acl_from_text, acl_to_text, acl_sizePOSIX CapabilitiesNo standards govern capabilitiesLinux implementation is based on POSIX 1003.1eSomewhat different concept from capability listMotivationPOSIX capabilities supports fine-grained root privilegesDividing privileges of superuser into distinct unitsPOSIX Capabilities (continued)Process CapabilitiesEach process has 3 capability setsEffective: capabilities used by the kernel to perform permission checksPermitted: capabilities that the process may assumeInherited: capabilities preserved across an execveA child created via fork inherits its parent’s capability setsPOSIX Capabilities (continued)Current ImplementationsThe kernel checks whether the process has the required capability for all privileged operationsThe kernel provides system calls to change or retrieve the capability sets of a processFuture ImplementationsFile system support for attaching capabilities to an executable file, so that a process can gain the capabilities while the file is executedCapability functions#include <sys/capability.h>capability storage managementcap_dup, cap_free, cap_initcapability manipulationcap_get_proc, cap_set_proccapability format translationcap_copy_int, cap_copy_ext, cap_from_text, cap_to_text, cap_sizeFragmentationExternal FragmentationFree space becomes divided into many small piecesCaused over time by allocating and freeing the storage of different sizesInternal FragmentationResult of reserving space without ever using its partCaused by allocating fixed size of storageStorage Placement AlgorithmsBest FitFirst FitNext FitWorst FitExerciseConsider a swapping system in which memory consists of the following hole sizes in memory order: 10KB, 4KB, 20KB, 18KB, 7KB, 9KB, 12KB, and 15KB. Which hole is taken for successive segment requests of (a) 12KB, (b) 10KB, (c) 9KB forFirst Fit?Best Fit?Worst Fit?Next Fit?malloc revisitedFree storage is kept as a list of free blocksEach block contains a size, a pointer to the next block, and the space itselfWhen a request for space is made, the free list is scanned until a big-enough block can be foundWhich storage placement algorithm is used?If the block is found, return it and adjust the free list. Otherwise, another large chunk is obtained from the OS and linked into the free listmalloc revisited (continued)typedef long Align; /* for alignment to long */union header { /* block header */ struct { union header *ptr; /* next block if on free list */ unsigned size; /* size of this block */ } s; Align x; /* force alignment of blocks */};typedef union header Header;sizepoints to next free blockmalloc revisited (continued)static Header base;static Header *freep = NULL;void *malloc(unsigned nbytes){ Header *p, *prevp; Header *morecore(unsigned); unsigned nunits; nunits = (nbytes + sizeof(Header) – 1) / sizeof(Header) + 1; if ((prevp = freep) == NULL) { base.s.ptr = freep = prevp = &base; base.s.size = 0; } for (p = prevp->s.ptr; ;


View Full Document

U of I CS 241 - Discussion Section 9

Documents in this Course
Process

Process

28 pages

Files

Files

37 pages

File I/O

File I/O

52 pages

C Basics

C Basics

69 pages

Memory

Memory

23 pages

Threads

Threads

14 pages

Lecture

Lecture

55 pages

C Basics

C Basics

24 pages

Signals

Signals

27 pages

Memory

Memory

45 pages

Threads

Threads

47 pages

Threads

Threads

28 pages

LECTURE

LECTURE

45 pages

Threads

Threads

30 pages

Threads

Threads

55 pages

Files

Files

37 pages

SIGNALS

SIGNALS

22 pages

Files

Files

37 pages

Threads

Threads

14 pages

Threads

Threads

13 pages

Load more
Download Discussion Section 9
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Discussion Section 9 and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Discussion Section 9 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?