H 11.3. File-System Interface - Mounting Sharing.pptx

Download Report

Transcript H 11.3. File-System Interface - Mounting Sharing.pptx 

File system mounting, sharing,
protection
11.4. File System mounting
11.5. File Sharing
11.5.1. Multiple Users
Owner Group approach
UID in Unix, SID in Windows
11.6. Protection
11.6.1. Types of access
Silberschatz, 6th ed. Chapters 11.
File System Mounting
mount point
Mounted file system
New file system
This is not lost
File sharing
In a multiuser environment the operating system
• either can allow a user to access the files of other users by
default
• or it may require that a user specifically grant access to the
files.
[root@linuxhost home]#
.
|-- student1
|
`-- textfile.txt
`-- student2
`-- temp
|-- edit
|-- edit1
`-- text.txt
The Home Directories of Windows Users
tree
Default
Access
User Specific
Access
Student1
Student2
Protection
[root@linuxhost home]# tree
.
Controlled
|-- student1
Access
|
`-- textfile.txt
`-- student2
Full Access
`-- temp
No Protection
|-- edit
|-- edit1
`-- text.txt
No Access
Full Protection
Student1
Student2
Owner Group Universe approach
We need More Directory Attributes
Users
Groups
The group attribute of
a file is used to define
a subset of users who
may share access to
the file
Permissions
Owner Group Universe approach
Ownership
The owner is the user who:

may change attributes

grant access

has the most control over the file or directory.
Groups
The group attribute of a file is
used to define a subset of
users who may share access
to the file
-rw-r--r--
1 student1
CIS1group
1 2
5
7
Group owner
3
4
6
User owner
Protection
Ownership
124
Aug 24 11:00
.bashrc
8
9
file size last modific.date
10
file name
UID in Unix, SID in Windows
Usernames
Security ID
Username
UID in Unix, SID in Windows
Security Identifier (SID) in windows = User Identifier (UID) in Unix

These numerical identifiers are unique.

Every user can be in one or more groups.

Groups also have Group Identifiers (GID) and Group Names.

After user login and authentication the User ID and Group ID are determined (by



username and password).
That User IDs are associated with all of the User’s processes and files.
The GIDs also are included in any process or file association.
The OS uses only numerical IDs. Names are for people (to show on the screen, to print).
User name
/etc/passwd file keeps Usernames, UIDs of Unix system
student1:x:501:501::/home/stud1:/bin/bash
student2:x:502:502::/home/stud2:/bin/bash
Group ID (primary)
User ID
Group ID
/etc/group file keeps Group Names, GIDs of Unix system
student1:x:501:
student2:x:502:
cis215group:x:503:student1,student2
Process Effective Permissions
Runs vi command from vi
executable binary file
-rwxr-xr-x
1 root
student2
1277
1319
root
124
0 Feb11 tty3
Aug 24 11:00
00:00:00 vi
vi
vi becomes a process with the
Student2 user’s permissions even it
has root, root - owner, group
Effective User ID of Process
root
root
root
root
root
root
root
student1
student2
711
713
714
715
716
719
1189
1197
1277
1
1
1
1
1
711
1
1189
713
0
0
0
0
0
0
0
0
0
Feb11
Feb11
Feb11
Feb11
Feb11
Feb11
Feb11
Feb11
Feb11
tty1
tty3
tty4
tty5
tty6
tty1
tty2
tty2
tty3
00:00:00
00:00:00
00:00:00
00:00:00
00:00:00
00:00:00
00:00:00
00:00:00
00:00:00
login -- root
login -- student2
/sbin/mingetty tty4
/sbin/mingetty tty5
/sbin/mingetty tty6
-bash
login -- student1
-bash
-bash
student2 1319 1277 0 Feb11 tty3
00:00:00 vi
Now this process can access the files accessible for
Student2 user.
It can only read the .bashrc file below because .bashrc
group owner contains as a member the Student2 user.
-rw-r--r-1 student1 CIS215group
124
Aug 24 11:00
/etc/group file content
cis215group:x:503:student1,student2
.bashrc
Process User Identifiers in Windows
Process interaction with different permissions
root
root
root
root
root
root
root
student1
student2
student2
Can Kill
711
713
714
715
716
1
1
1
1
1
719
1189
1197
1
1189
1277
1319
1277
0
0
0
0
0
Feb11
Feb11
Feb11
Feb11
Feb11
711
tty1
tty3
tty4
tty5
tty6
0 Feb11 tty1
0 Feb11 tty2
0 Feb11 tty2
713
00:00:00
00:00:00
00:00:00
00:00:00
00:00:00
00:00:00 -bash
00:00:00 login -- student1
00:00:00 -bash
0 Feb11 tty3
0 Feb11 tty3
login -- root
login -- student2
/sbin/mingetty tty4
/sbin/mingetty tty5
/sbin/mingetty tty6
00:00:00 -bash
00:00:00 vi
Cannot Kil