Assignment #2 - Access Control CMPSC443 - Introduction to Computer and Network Security Spring 2009 - Prof

Home , Chmod

Assignment #2 - Access Control CMPSC443 - Introduction to Computer and Network Security Spring 2009 - Prof. McDaniel Due date: February 17, 2009

In this assignment you will create a tool that identifies and repairs permissions in a UNIX filesystem. The following details the purpose and use of this program. Follow these instructions very carefully, as failure to do so will significantly reduce your final grade. 1. You are to create the permis program, a complex UNIX administration utility. The program will recursively search the UNIX filesystem for files whose access policy match a search criteria specified on the command line. At each run the program will determine the query parameters for (a) a target directory, (b) a target entity, and (c) query permissions as follows. 2. The target directory is specified by the command line argument1: -d where, directory is some absolute or relative path in the UNIX filesystem. The program should abort the query and notify the user if the directory does not exist. If this parameter is not specified, the local directory should be used. 3. The target entity is specified by one of the following the command line arguments: -u or -g or -o where, user is a user and group is a group. The -o refers the the ’world’ (of UNIX filesystem semantics). If this parameter is not specified, the user running the program should be used. Extra-credit: The program should abort the query and notify the user if the target entity does not exist by check- ing the /etc/passwd or /etc/groups files through the UNIX functions getgrnam and getpwnam. 4. The query permissions are determined through the specification of one or more of the following: -r or -w or -x whose semantics are–not surprisingly–read, write, and execute. The program should abort the query and notify the user if no permissions are specified. 5. The program works as follows. The program checks every file in the target directory (and all of its subdirec- tories). This check determines if the target entity has all of the permissions, and prints out the filename (with full path) to standard output. Note that you should expend some effort making the output look nice, e.g., by providing as much information about the file as possible, e.g., the output of the ’ls -lt’ command. 6. Extra-credit: The program should modify the permissions of the each of the files that match the permission query. The command is specified as --chmod where mode is one of the permission forms accepted UNIX chmod program, e.g., ’a+x’. Note: You can do a lot of damage to your system with this tool—you can brick your OS if you are not careful. Test it out very, very carefully. 7. Programming Notes: You are to create the program using C compiler and Makefile as in the first assignment. You will be graded on both correctness and code clarity. Therefore, comment the code thoroughly and format it carefully. Use the getopt function to process the arguments. Note that the command line parameters can appear in any order. Any argument received on the command line that does not adhere to the specifications above should cause the program to abort and warn the user (note: the specific argument that is causing the problem should be included in the error message). Use the stat() function to check the permissions of a file (type ”man 2 stat” at the UNIX prompt for details).

1The angle brackets ’¡...¿’ are used to identify non-literal inputs on the command line, e.g., user names.

1 8. Consider the following examples:

permis -u mcdaniel -d /usr/share -r would ﬁnd all ﬁles that the user ’mcdaniel’ has read access in the /usr/share directory tree.

permis -o -d /etc -x would ﬁnd all world writable ﬁles in the /etc directories.

permis -r -g students -x -w this would ﬁnd all ﬁles in the local directory tree that members of the ’student’ group can read, write, and execute.

permis -w -d /home/mcdaniel -o --chmod o-w would remove all the world write permissions in the home directory of user ’mcdaniel’

9. Create a gzipped tar file containing the commented code and Makefile. The tar file -assign2.tgz should contain a single directory -assign2 with all the submission files. 10. Attach the gziped tar file to an email with the subject ’CMPSC 443 – Assignment #2’ and addressed to [email protected] and [email protected] by 5:00PM on the due date. Any projects will be subject to the late penalties outlined in the course syllabus.

Note: Like all assignments in this class you are prohibited from copying any content from the Internet or sharing ideas, code, conﬁguration, text or anything else or getting help from anyone in or outside of the class. Con- sulting online sources is acceptable, but under no circumstances should anything be copied. Failure to abide by this requirement will result dismissal from the class.