Due: Friday, December 7, 2012 by midnight
My thanks to two of your fellow students, Jay Isaacks and Kevin Zander, for developing this assignment for me. I will rely on them to help me interpret it for you.
Note: Due to the nature of this assignment and its first implementation being this semester, please monitor Piazza for possible changes in this design. The assignment will be adjusted accordingly as we implement it if certain features are found to be too robust for the given time frame of implementation. This assignment is not meant to be complex conceptually, but it will require a great deal of thought and organization to handle some subtle details which access controls require. Please allow yourself adequate time to develop and implement your solutions.
Deliverables: You will be submitting your code electronically. Make sure that you clearly identify the members of your team (one or two people). Your assignment is to implement an access control system based off Unix's Access control system that will evaluate certain system calls that will be handled by your program. Make sure that all members of your team understand the code and contribute equally, as much as possible, to its development. Below are the specific instructions for this assignment.
java ACS option userList fileListWhere userList is a file containing username and associated groups and fileList is a list of files with files and their associated mode string in base8 format.
action user file
java ACS userList fileList Input: READ root file1 Output: READ root root 1
Java ACS -r userList fileList Input: READ root file1 Output: READ root root 0
In the following, the bits are numbered left to right. Bits 0-2 represent Set-ID on execute and the Sticky bit. If set, the first bit will set the running user-id to the id of the file owner; the second bit sets the running group-id to the group-id of the file owner; the third bit is the sticky bit which has no direct effects on the run of a file, only directories, but should still be set accordingly.
Groups of bits 3-5, 6-8, 9-11 are similar and just provide read, write or execute permissions for each tier. Bits 3-5 designate user permissions; bits 6-8 designate group permissions; bits 9-11 designate permissions for "other", meaning everyone. The leftmost bit for each section represents READ, the next WRITE and the least significant bit represents EXECUTE.
Note: Bits 0-2 are not shown in the character representation of the mode (what you see when you do ls -l). You should mimic that style. However, if these bits are set in Unix it alters how the character string is shown; this will be described later.
000111111111 = rwxrwxrwx //All users are able to read write and execute this file 000111101101 = rwxr-xr-x //The owner can read, write or execute, but everyone else can only read and execute 000111101000 = rwxr-x--- //Owner has full permissions, and group members can read and execute but others cannot 111111111111 = rwsrwsrwt //Everyone has full permissions, and if the file //is executed, then the id and group will be set to that of the owner.
userList will be a file with multiple lines and each line will contain a username followed by a group name.
user1 group1 user2 group1 user3 group2 etc.You may assume that each entry will be a unique user id.
fileList will be a file with multiple lines and each line will contain a filename owner mode (in base8).
file1 user1 0755 file2 user1 0700 file3 user2 0655you may assume that each entry will be a unique file id and that the mode will always be in a 4-digit Octal format.
Note: it is not necessary to create and track an object, the purpose of this exercise is only to evaluate and modify the permissions of a file.
The format of actions is:
action user fileLegal actions are:
CHMOD root file1 7777 CHMOD root file1 6644After each of the above four actions you should output to stdout:<
action running_user running_group resultFor ease of grading, please insure that each output is all lowercase, except for the mode which could contain "S" or "T", separated by a single space and ended with a new line character. Please note that the running_user and running_group may be different from the user that requested access to the file if the files set-user-ID or set-group-ID bits are set.
For instance, say the following hold:
EXECUTE user2 file1then your system should output
EXECUTE user1 group2 1since the set-user-id bit is 1 and the file allows execute from other.
On executing the EXIT command, print the current state of the system to state.log in the described format and end the program. All values should be lower case and separated by a single space. Each file should have its own line. The purpose of this is an easy way to check your access system and verify that the changes are being made in the system appropriately. This is also a subset of how Unix actually displays file permissions when you call ls -l
mode owner ownergroup filename
The mode should be represented in the string output configuration which will only have 9 values representing the permissions for the user, group and other sections.
For each 3-bit segment:
For the Owner and Group section, in the final bit of each section output the first of the following that applies.
Mode = 7755 = rwsr-sr-t Mode = 6755 = rwsr-sr-x Mode = 6765 = rwsrwSr-x Mode = 1754 = rwxr-xr-TTo further explore these concepts and get a better understanding of the available output, create a test file and use chmod mode filename to alter its mode. Then use ls -l to print the list of files and directories to see the string representations of various modes.