CS 426, Spring, 2008, HW 4.
 <br>
Due February 22, 2007, 11:30 AM (beginning of class).
 <br>

 <br>
The purpose of this PSO is for you to experiment with file protection
methods. Use lore.cs.purdue.edu
 <br>

 <br>
Solaris has two forms of ACL (access control lists) to protect files and
 <br>
directories. The first is chmod bits for RWX for owner, group and others.
 <br>
The second is a more complicated ACL mechanism accessed via the setfacl
 <br>
and getfacl commands. Rights amplification is available with the setuid
 <br>
and setgid commands.
 <br>

 <br>
Read the man pages for these commands and experiment with them. Do each
 <br>
of the following and "turnin" output (from the ls command, running script,
 <br>
or other proof) that show what you did. Get someone else in the class
 <br>
(a buddy or two) to also turnin output to show that what you did works.
 <br>

 <br>
1. Create a file and use the chmod command to set its protections so
 <br>
that anyone on the system except you can read it.
 <br>

 <br>
2. Create a directory with files in it and use the chmod command on the
 <br>
directory only so that you can list the file names but not open or delete
 <br>
any of the files. Also, set the permissions on the directory and files
 <br>
so that anyone else on the system can open the files but cannot list
 <br>
their names, that is, they can list the files if they know the names,
 <br>
but they cannot find out the names with ls.
 <br>

 <br>
3. Recall that a directory under Solaris is just a special file with
 <br>
names and pointers to files (inodes). Does this fact help to explain the
 <br>
behavior of the permissions and file listing you observed above? Explain.
 <br>

 <br>
4. Write a C or C++ program that will chdir() into a directory you have
 <br>
created with chmod mode 700 (or mod 100) and then into a subdirectory with
 <br>
mode 777. Then it will set its effective UID to its real UID, and create
 <br>
a sentinel file before exiting. Use chmod to make the executable program
 <br>
setuid to your account and have someone else run it. (Setuid means that
 <br>
the program will start with its effective UID equal to the owner of the
 <br>
file and not to the user account running the program.) What happens?
 <br>
Can someone other than the superuser create the sentinel file without
 <br>
changing your program?
 <br>

 <br>
5. Create a default ACL on a directory so that any new files created
 <br>
in it have read/write access by you and by user ssw, have read access
 <br>
by user ashishk, and have no access rights by any other user. Create
 <br>
some files to demonstrate this behavior.
 <br>

 <br>
6. In the directory you just created with the default ACL, put a specific
 <br>
ACL on a file to give user ashishk read-only access, user ssw write-only
 <br>
access, yourself no access, and everyone else read/write access. Show
 <br>
that this does not disturb the default ACL on the other files.
 <br>