CS241 System ProgrammingOutlinePOSIX ACLPOSIX ACL (continued)Slide 5ACL and file permission bitsManipulating file permission bitsAccess Check AlgorithmACL functionsPOSIX CapabilitiesPOSIX Capabilities (continued)Slide 12Capability functionsFragmentationStorage Placement AlgorithmsExercisemalloc revisitedmalloc revisited (continued)Slide 19Slide 20free revisitedSummaryCS241 System ProgrammingDiscussion Section 9April 3 – April 6OutlineUNIX SecurityAccess Control ListsCapabilitiesMemory ManagementFragmentationStorage Placement Algorithmsmalloc revisitedPOSIX ACLPOSIX standard (POSIX 1003.1e, POSIX 1003.2c)Currently withdrawnMany implementations follow this standardBasic file commands (cp, mv, ls, etc) support ACLsACL TypeDefault ACLAssociated with directoriesInitial access ACL to objects under the directoryAccess ACLAssociated with objectsInitialized when creat, mkdir, mknod, mkfifo, or open functionPOSIX ACL (continued)ACL FormatACL EntryEntry Tag TypeACL_USER_OBJ, ACL_USER, ACL_GROUP_OBJ, ACL_GROUP, ACL_MASK, ACL_OTHEREntry Tag Qualifier (optional)Set of permissionsExample (long text form)user::rw- # owneruser:lisa:rw- # named usergroup::r-- # owning groupgroup: toolies:rw- # named groupmask::r-- # maskother::r-- # otherPOSIX ACL (continued)Valid ACL Should contain exactly one entry with ACL_USER_OBJ, ACL_GROUP_OBJ, ACL_OTHER tag types.ACL_USER, ACL_GROUP is optional.Should have ACL_MASK if ACL has one of theseUser ID qualifiers or group ID qualifiers must be unique among ACL_USER or ACL_GROUP.ACL and file permission bitsACL permissions are a superset of permissions by file permission bitsACL_USER_OBJ corresponds to the file ownerACL_GROUP_OBJ (or ACL_MASK) corresponds to the file groupACL_OTHER corresponds to the other classModification of one results in modification of the other.Manipulating file permission bitsCommandschmod: changes file permission bitschown: changes file owner and groupchgrp: changes group ownershipExampleschmod go-w file1chmod go+rw file1 file2chmod ugo+rwx file1chmod 644 file1chown roger file1 file2Access Check AlgorithmUpon a read, write, or execute request of a file objectCase 1: user ID matches the file object ownerACL_USER_OBJ entry should contain the requested permissionCase 2: user ID matches ACL_USER qualifierMatching ACL_USER and ACL_MASK entry should contain the requested permissionCase 3: group ID matches file group or ACL_GROUP qualifierIf ACL contains ACL_MASK, matching ACL_GROUP_OBJ or ACL_GROUP entry should contain the requested permissionOtherwise, ACL_GROUP_OBJ entry should contain the requested permissionCase 4: OtherwiseACL_OTHER should contain the requested permissionIn other cases, the access is denied.ACL functions#include <sys/acl.h>ACL storage managementacl_dup, acl_free, acl_initACL entry manipulationacl_copy_entry, acl_create_entry, acl_delete_entry, acl_get_entry, acl_validacl_add_perm, acl_calc_mask, acl_clear_perms, acl_delete_perm, acl_get_permset, acl_set_permsetacl_get_qualifier, acl_get_tag_type, acl_set_qualifier, acl_set_tag_typeACL manipulation on an objectacl_delete_def_file, acl_get_fd, acl_get_file, acl_set_fd, acl_set_fileACL format translationacl_copy_entry, acl_copy_ext, acl_from_text, acl_to_text, acl_sizePOSIX CapabilitiesNo standards govern capabilitiesLinux implementation is based on POSIX 1003.1eSomewhat different concept from capability listMotivationPOSIX capabilities supports fine-grained root privilegesDividing privileges of superuser into distinct unitsPOSIX Capabilities (continued)Process CapabilitiesEach process has 3 capability setsEffective: capabilities used by the kernel to perform permission checksPermitted: capabilities that the process may assumeInherited: capabilities preserved across an execveA child created via fork inherits its parent’s capability setsPOSIX Capabilities (continued)Current ImplementationsThe kernel checks whether the process has the required capability for all privileged operationsThe kernel provides system calls to change or retrieve the capability sets of a processFuture ImplementationsFile system support for attaching capabilities to an executable file, so that a process can gain the capabilities while the file is executedCapability functions#include <sys/capability.h>capability storage managementcap_dup, cap_free, cap_initcapability manipulationcap_get_proc, cap_set_proccapability format translationcap_copy_int, cap_copy_ext, cap_from_text, cap_to_text, cap_sizeFragmentationExternal FragmentationFree space becomes divided into many small piecesCaused over time by allocating and freeing the storage of different sizesInternal FragmentationResult of reserving space without ever using its partCaused by allocating fixed size of storageStorage Placement AlgorithmsBest FitFirst FitNext FitWorst FitExerciseConsider a swapping system in which memory consists of the following hole sizes in memory order: 10KB, 4KB, 20KB, 18KB, 7KB, 9KB, 12KB, and 15KB. Which hole is taken for successive segment requests of (a) 12KB, (b) 10KB, (c) 9KB forFirst Fit?Best Fit?Worst Fit?Next Fit?malloc revisitedFree storage is kept as a list of free blocksEach block contains a size, a pointer to the next block, and the space itselfWhen a request for space is made, the free list is scanned until a big-enough block can be foundWhich storage placement algorithm is used?If the block is found, return it and adjust the free list. Otherwise, another large chunk is obtained from the OS and linked into the free listmalloc revisited (continued)typedef long Align; /* for alignment to long */union header { /* block header */ struct { union header *ptr; /* next block if on free list */ unsigned size; /* size of this block */ } s; Align x; /* force alignment of blocks */};typedef union header Header;sizepoints to next free blockmalloc revisited (continued)static Header base;static Header *freep = NULL;void *malloc(unsigned nbytes){ Header *p, *prevp; Header *morecore(unsigned); unsigned nunits; nunits = (nbytes + sizeof(Header) – 1) / sizeof(Header) + 1; if ((prevp = freep) == NULL) { base.s.ptr = freep = prevp = &base; base.s.size = 0; } for (p = prevp->s.ptr; ;
View Full Document