Under the UNIX system the superuser is called root 831 Network administration

Under the unix system the superuser is called root

This preview shows page 89 - 91 out of 102 pages.

Under the UNIX system, the superuser is called root . 8.3.1 Network administration Networks make it possible to link computer systems in an unprecedented way. We can `mount' (see chapter 5) filesystems from one computer onto another computer across a network and log in to systems all around the world (if we have an account!). We must ask: what is the role of the superuser in a networked environment? Consider the following. Suppose the administrator of one machine in Oslo gets permission from a system in California to access a filesystem on the Californian machine. When the Oslo administrator mounts the filesystem on his machine (without needing to give a password), he sees the files as though they were a part of his system. Now, since root has the rights to all files, it might seem natural that he would be able to read and modify the files of all users in California. But surely, this is wrong - the superuser of a machine in Oslo cannot be regarded as a trusted user for a system in California! UNIX gets around this problem by mapping the user root (which has user id and all rights) to the user nobody (which has user id and no rights) across a network. This means that the superuser has rights only on the local machine. To get rights on another machine, across a network, either special permission must be given by the remote machine - or the user must be able to log onto the machine by knowing the root password. As another example of network security - or lack of it - let us consider also the X-windows system. X is a windowing system which is designed to work transparently over a network. X works by connecting to a server, anywhere on the network. Normally the X-server only allows the machine on which it is running to access the display, but in a network situation it is not unusual to find users logged in on several different machines. Such a user wants all the windows to appear on his or her workstation, so the X server allows certain other named hosts to open windows on its display. Before the introduction of the xauthority mechanism, all security was based on the xhost program. This was host based meaning that anyone using a named host could open windows on the server. Many users do not understand the X system (which is quite complex) and simply disable access control by calling xhost + . This allows any host in the world to connect to the user's server. In practice, this means that anyone in the world can view the picture on such a user's screen. Many programs have not adopted the xauthority system which is user based , and so the xhost problem is still widespread, 8.3.2 Setuid programs in unix The superuser root is the only privileged user in UNIX. All other users have only restricted access to the system. Usually this is desirable, but sometimes it is a nuisance.
Image of page 89
A set-uid program is a program which has its setuid-bit set. When such a program is executed by a user, it is run as though that user were the owner of the program. All of the commands in the program are executed by the owner and not by the user-id of the person who ran the
Image of page 90
Image of page 91

You've reached the end of your free preview.

Want to read all 102 pages?

  • One '20

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Ask Expert Tutors You can ask You can ask ( soon) You can ask (will expire )
Answers in as fast as 15 minutes