CMSC 412 Project #6
File System (Aka Project #5 Part 2)
Due Tuesday, December 13 2011, at 6:00pm
Introduction
The purpose of this project is
to add the notion of users and access control lists to the Geek OS
kernel. This will allow different processes to access only files they are
allowed to see.
Users and I/O Protection
This project will also introduce the idea of user's
and I/O protection to the OS. Adding the system calls SetAcl,
SetSetUid, and SetEffectiveUid will do this. The key idea to adding users is
simply to have a field in the user context data structure that identifies the
current user that is running this process. The user will be represented by an
integer called the uid. There is a special user
(uid 0) that is the super user. The super user (and
only the super user) may change the user id of a running process via the SetEffectiveUid system call. If the uid
of a process is 0 (superuser) when this system call
is made, the uid is changed to the passed uid. The GetUid call returns the current uid
of the process. When the shell starts, it runs with uid
0, i.e. super-user privileges. When a process is spawned, it normally will
inherit the uid of the parent process. There
may be instances where a process may need more rights than its parent (think of
the passwd command in unix). In order to allow this, there is a special
bit, setUid stored in the GOSFSFileNode.
If this bit is enabled (set to 1) for the executable, the process should
inherit the uid of the owner of the executable file
rather than the parent process. The function SetSetUid is used to set this bit for a file. Each file in the
file system can be “owned” by exactly one user.
The uid is also used by the
file system to check if a particular user is able to perform a particular operation
on a given file. A process running with the uid
of the superuser can open any file regardless of the
ACLs. If the uid is any other value, the I/O
operation will only succeed if the uid has
appropriate privilege based on the ACL of the file (or directory). For
the Open system call, if the file exists the current uid
must have the requested access level (i.e. Read privilege if the file is being
opened with read access). If the file does not exist, then the user must
have write access to the parent directory. The read, write,
seek, stat, and close system calls do not require checking the ACL since
the check is made on the Open call. The createDirectory
call requires write access to the parent directory. The delete and setAcl calls require write access to the named file.
The SetAcl system call sets the file permissions for the passed uid on the named file. If the permissions are 0, this
should delete any access that uid had to the passed
file. If the request is for a new uid to have
some privilege for a file, and the ACL table for that file is full, you should
return -1 as an error code. This code should also be used for invalid
permissions or for non-existent files.
The SetAcl system call can also be used to
change the owner of a file. However, the
effective id of the process making the SetAcl system
call must be 0 if you are changing a file’s ownership. The files owner is
defined as the uid of the zeorith
entry of the ACL table for that file. All ACL information must be stored on
disk as part of the file’s meta data (i.e. in the GOSFSfileNode).
No new project files will be provided for this
project. You should use your project #5
implementation as the starting point..
New System Calls
The following system calls will need to be added to
your operating system.
|
Call/User Function |
Return on success |
Return on failure |
Reasons for failure |
Comment |
|
SYS_SET_ACL SetAcl(char *name, int uid, int permissions) |
0 |
-1 |
· name does not exist · illlegal value
for uid (it must be greater than 0) · illegal value for permissions · the ACL table for name is full |
· The permissions values are flags and may be OR'ed together in a call. For example:
|
|
SYS_SET_SET_UID SetSetUid(char *name, int setUid) |
0 |
-1 |
· name does not exist · illegal value for setUid
(it can only be 0 or 1) |
· This call will set the setUid
bit in the GOSFSFileNode structure for the file
corresponding to name |
|
SYS_SET_EFFECTIVE_UID SetEffectiveUid(int uid) |
0 |
-1 |
· current Uid is
not superuser |
Set the user id for the
current process |
|
SYS_GET_UID |
uid |
-1 |
|
Return the user id of the
current process |
Testing
You should modify your implementation of stat from the first part of this project to return the ACL information and setuid information as part of the fileStat.
You should write some new
user mode programs that test out your new system calls. The examples in the
directory src/user should provide a starting point. We have included programs setuid.c and setacl.c to help you get started.