QATAR UNIVERSITY Operating Systems Lab (CMPS 405)

College of Engineering LAB [4] Fall 2021 Semester

Dept. of Computer Science & Eng.

Linux File Security & C Compiler

Objectives:
& Get Familiar with Linux File Permission Assignment.
& Write, compile and execute C programs under Linux.

File Security
• File security limits access to the files. The Unix/Linux system provides you with the commands to
specify who can access a file and, once accessed, what type of operations can be done on the file.
• The three types of permissions are: ‘r’ (read), ‘w’ (write) and ‘x’ (execute).
• To deny a certain permission ‘-’ is used in place of rwx (e.g. r-- r-x )
• Access may be granted to or revoked from the following types of users: the owner or user (u),
members of the group (g), other users (o). The ‘a’ option may be used instead of ugo.
• Operators used are ‘+’ (grants a permission), ‘-’ (denies or revokes a permission), and
‘=’(sets all permissions for a specified user).
• Permissions are listed and applied in the following order:

r w x r w X r w X
Owner or user Members of the group Other users
• The ls –l command is used to view or list permissions
• The chmod command is used to set the file permission (access mode).

Listing file permissions

File information may be displayed using ls –l
$ ls -l hello.cpp
-rw-rw-r-- 1 quroot quroot 106 Sep 14 10:24 hello.cpp
Size (bytes)

File name

Permission Owner (user) Group Last modify date

File type:
Link count

‘-‘ for plain file.

‘d’ for directory.

Types of users
Type of user Character Remarks
User u Owner of the file (usually the file creator)
Group g - Members of the group with which the file is associated.
- Usually the primary group of the file creator.
Others o The rest of the world (i.e. anyone who is not the file owner,
or a member of the group)
• To display your user id and group information, use the id command:
$ id
$ id –a
File and Directory Permissions
Character Permission Effect when applied to a file Effect when applied to a directory
R Read Examine or copy file contents. List filenames (ls)
W Write Modify file contents. Add and remove (cp, rm, touch, mv).
X Run or execute a script or a Obtain files’ details and search the
Execute
program. directory (cd, ls –l, find).
- Used in place of a permission to
Revoke Similar to the effect on files.
revoke it (deny access).
Changing permissions using chmod
• Permissions may be changed for several reasons:
o To hide private files from other users
o To share files with other users
o To make files modifiable
o To make files executable
o To prevent or allow modification of directory contents
• File and directory permissions are changed using the chmod command.
• Only the owner of the file or the superuser (root) can change the permissions.
• Permissions can be specified using either the symbolic method or the octal method.
Symbolic method
chmod [who] [action] [access] file [ file …]
u: user or owner +: add privilege r: read
g: group -: deny privilege w: write
o: other =: explicitly set x: execute
a: all privilege
Example
$ touch tigers bears zoolist
$ ls –l
total 36
-rw-rw-r--. 1 qustudent qustudent 0 Sep 15 21:22 bears
:
:
-rw-rw-r--. 1 qustudent qustudent 0 Sep 15 21:22 tigers
-rw-rw-r--. 1 qustudent qustudent 0 Sep 15 21:22 zoolist

$ chmod g-w tigers

$ ls -l tigers
-rw-r--r--. 1 qustudent qustudent 0 Sep 15 21:22 tigers
$ chmod go-r bears
$ ls -l bears
-rw--w----. 1 qustudent qustudent 0 Sep 15 21:22 bears

$ chmod u=rx,g=r zoolist

$ ls -l zoolist
-r-xr--r--. 1 qustudent qustudent 0 Sep 15 21:22 zoolist

$ chmod o= zoolist
$ ls -l zoolist
-r-xr-----. 1 qustudent qustudent 0 Sep 15 21:22 zoolist
$
 Hands on –Exercise 1:

1. Use touch to create a file called file_modes

2. List the file information by typing
ls –l file_modes
3. Remove all permissions from this file using:
chmod ugo= file_modes
4. List the file information and confirm the change
5. Verify that you can neither read from nor write to this file.
cat file_modes
echo "date" >> file_modes
6. Add write permission for yourself:
chmod u+w file_modes
7. Verify that you can write now to the file file_modes.
echo "date" >> file_modes
8. Now add write permission for everyone else. Also add read permission for yourself
chmod go+w,u+r file_modes
9. Verify that you can now read from the file file_modes.
cat file_modes
10. Assign everyone read and write permission to your file.
chmod ugo=rw file_modes
11. Now deny everyone write permission, but grant everyone execute permission.
chmod a-w,a+x file_modes
12. Finally, verify that your file can now be executed.
./file_modes
As file_modes contains the command date, the output should be the current system date.

Octal method
The permission categories rwx can be represented numerically. Let us represent a granted permission by
‘1’ and a revoked permission by ‘0’. The rwx combination for any user category may now be
represented as a three-digit binary number (which is equivalent to one octal digit).

rwx Binary Octal digit Privilege

4 2 1
--- 0 0 0 0 No privilege
--x 0 0 1 1 Execute only
-w- 0 1 0 2 Write only
-wx 0 1 1 3 Write and execute
r-- 1 0 0 4 Read only
r-x 1 0 1 5 Read and execute
rw- 1 1 0 6 Read and write
rwx 1 1 1 7 Read, write and execute
The effective access permission for the three user categories (ugo) is represented by just one 3-digit octal
number, as shown in the following table:

Access Permission Octal equivalent

rwxrwxrwx 777
r--r—r-- 444
rw-rw-r-- 664
rwxr-xr-x 755
r-------- 400
--------- 0
•Example

$ ls -l
-rw--w----. 1 qustudent qustudent 0 Sep 15 21:22 bears
:
:
-rw-r--r--. 1 qustudent qustudent 0 Sep 15 21:22 tigers
-r-xr-----. 1 qustudent qustudent 0 Sep 15 21:22 zoolist

$ chmod 664 *

$ chmod 0 tigers
$ ls -l
total 36
-rw-rw-r--. 1 qustudent qustudent 0 Sep 15 21:22 bears
:
:
----------. 1 qustudent qustudent 0 Sep 15 21:22 tigers
-rw-rw-r--. 1 qustudent qustudent 0 Sep 15 21:22 zoolist $

Hands-on –Exercise 2:

1. Create a file called practice using touch.

________________________________________________________________
2. List the files in your directory showing the permissions.
________________________________________________________________
3. Change the permissions on the file practice so that you only can read and write it.
________________________________________________________________
4. Change the permissions so that nobody can access the practice file (not even yourself).
________________________________________________________________
5. Verify that you have no access to the file.
________________________________________________________________
6. Try to create a file in someone else’s directory.
________________________________________________________________
Writing, Compiling, and Running a simple C program
Steps:
1- Edit & Save the File file_name.c
2- Compile cc file_name.c {The Compilation will produce an executable file called a.out}.
3- Run the file ./a.out
4- You can redirect the output of a.out to another file, as shown below:
./a.out > output
Note that at the compilation step you can rename a.out using the –o option:
cc file_name.c –o file_name.out

Example 1
!" Using the vi editor (or any other editor), type the following C program (save it as#prog1.c$"#
#include<stdio.h>
int main(){
int num1, num2, sum;
printf ( "Enter the first number : ");
scanf ( "%d" , &num1 );
/* %d means the type of the identifier, which is an integer */
/* &num1 means the address of the integer in memory */
printf ( "Enter the second number : ");
scanf ( "%d" , &num2 );
sum = num1 + num2;
printf ( "Sum is %d \n" , sum );
return 0;
}
#
%" &'()*+,#-.,#)/'0/1(#23*40#-.,#3-1451/5#&#6'()*+,/"#
$ cc prog1.c -o prog1
#
7" 8-,)#-./,,9#:;#-.,/,#1/,#4'#,//'/3#<'2#614#/24#-.,#)/'0/1("#
$ ./prog1

Hands-on Exercise 3:

Write a C program to store 5 array elements and print them on the screen as in the
following output:

Array [0]= value

Array [1]= value
Array [2]= value
Array [3]= value
Array [4]= value

Run!"#$%!&%#'%()!*$+!,(-.!/+,!#$+&$+!+#!(!0/1.2
C function system()

• The function system() will invoke the command processor to execute a command. If the command
execution is terminated the processor will give the control back to the program that has called the
system command.
• The system usage is: int system ( const char * command );
• The function will return zero value if the command processor is available. If it is not available
then nonzero is returned.
• Example:

#include<stdio.h>
#include<stdlib.h>

int main ()
{
int i;

printf ("Executing command ls\n");

i=system ("ls");

printf ("Returned value is: %d.\n",i);

return 0;
}

Hands-on Exercise 4:

1. &'()*+,#-.,#)/'0/1(#23*40#-.,#3-1451/5#&#6'()*+,/"#
2. Run!"#$%!&%#'%()!*$+!,(-.!/+,!#$+&$+!+#!(!0/1.2
3. 3.,+!+4.!&%#'%()!5/+4!6#67/8.6+/0/.8!9#))(68!&(,,.8!+#!+4.!,",+.)!0$69+/#62!:4(+!
-(1$.!/+!5/11!%.+$%6;!
!