Due: April 19, 2021
Revision 2 has changed the user “sushi” to “sshd” in the second example.
Revision 1 has the submission instructions added
You are to write a program called “access” that will say what rights a user or group has over a file or directory.
access[ -g ] name file1 …In this command, name is either a name or a non-negative integer. If the -g flag is given, name is interpreted as a group name or GID, and if that flag is not given, it is interpreted as a user name or UID. It is an error to give a non-existent user or group name, but it is not an error to give a UID or GID without an associated name.
In these examples, “files” is a file and “dirt” is a directory. Assume “filex” has owner bishop, group owner users, and protection mode 0654, and the directory “dirx” has the same owner and group and the protection mode 0751. Then the command
access bishop filexprints
The user bishop (UID 7000403) can read and write the file filexThe command
access sushi filexprints
The user sshd (UID 74) can read the file filexand the command
access 10 filexprints
The user with UID 10 can read the file filexbut the command
access -g 10 filexprints
Members of the group users (GID 10) can read and execute the file filexThe difference is that, without the -g option, the 10 is interpreted as a UID, and there is no associated name. But with that option, the 10 is interpreted as a GID, and that has the associated name “users”.
If any of the named files are directories, you are to print “list the contents of”, “modify”, or “search” rather than “read”, “write”, and “execute”, respectively. So, the command
access bishop dirxprints
The user bishop (UID 7000403) can list the contents of, modify, and search the directory dirx(all on the same line), the command
access -g users dirxprints
Members of the group users (GID 10) can list the contents of and search the directory dirxand the command
access -g cosmos dirxprints
Members of the group cosmos (GID 900) can search the directory dirx
A reference version of this program is available in the directory ~bishop/ecs153 on the CSIF; it is the executable file “access”. Your output, and especially your error output, is to match that of this program.
Please turn in the source code, the Makefile (you must include one) and any related information (such as manual pages and README files). Put these in a directory called lab1, create a tar(1) file called lab1.tar, and submit that on Canvas. We will grade your program on the CSIF, so be sure it runs there. To grade it, we will unpack the tar file, run make, and then run some tests. Your Makefile must create an executable called “access” as that is the command we will use to run the tests. If you use an interpreted language such as python, be sure you make the script executable in such a way that it can be executed by invoking it as “access”.
ECS 153, Computer Security
Version of April 7, 2021 at 11:54PM
|You can also obtain a PDF version of this.|