We use the notations r w and x to represent access privileges to read write and

We use the notations r w and x to represent access

This preview shows page 124 - 126 out of 129 pages.

We use the notations r , w , and x to represent access privileges to read, write, and execute the data or program in a file. An access descriptor can be repre- sented as a set of access privileges, e.g., the set { r , w } indicates privileges to both read and write a file. We will use a set representation in this chapter for simplicity; however, a set representation is expensive in terms of both memory requirements and access efficiency, so operating systems actually use a bit-encoding scheme for access descriptors. In this scheme, an access descriptor is a string of bits, where each bit indicates the presence or absence of a specific access privilege. For exam- ple, in an OS using only three access privileges r , w , and x , the access descriptor 110 could be used to indicate that the read and write privileges are present but the execute privilege is absent.
Image of page 124
Chapter 15 Security and Protection 639 15.9.2 Unix As mentioned in Section 15.5, Unix employs encryption for password security. Under an option, it uses a shadow passwords file that is accessible only to the root, which forces an intruder to use an exhaustive attack to crack passwords. Each Unix user has an unique id in the system. The system administrator creates nonoverlapping groups of users and assigns a unique group id to each group. The credential of a user is composed of his user id and group id. It is stored in the passwords table and becomes the authentication token of the user after the user is authenticated. Unix defines three user classes—file owner, user group, and other users—and provides only three access rights, r, w , and x , representing read, write, and execute, respectively. A 3-bit bit-encoded access descriptor is used for each user class and the access control list (ACL) contains access descriptors for three user classes in the sequence: file owner, user group, and other users. This way, the ACL requires only 9 bits; it is stored in the inode of a file (see Section 13.14.1). The identity of the file owner is stored in another field of the file’s inode. Figure 15.15 shows the Unix ACLs as reported in a directory listing. The file sigma can be read by any user in the system, but can be written only by its owner. delta is a read-only file for all user classes, while phi has the read, write, and execute privileges only for its owner. The access privileges of a Unix process are determined by its uid. When the kernel creates a process, it sets the uid of the process to the id of the user who created it. Thus the process operates in a protection domain determined by the id of the user who created it. Unix changes the protection domain of a process under two conditions—when the process makes a system call, and when the setuid or setgid feature is used. A process has two distinct running states— user running and kernel running (see Section 5.4.1). While in the user-running state, a process has access to the memory space and other resources allocated to it, and to files in the file system according to its uid. The process makes a transition to the kernel-running state through a system call. In this state, it can access kernel data
Image of page 125
Image of page 126

You've reached the end of your free preview.

Want to read all 129 pages?

  • Fall '19
  • Interrupt

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture