Chapter 2 - UNIX Utilities for Nonprogrammers

Quiz

1. What is one way that hackers try to break UNIX security?
A hacker might try to break security by trying to obtain your password or get a copy of an password file that is not shadowed and write a program to compare encrypted results to the contents of the password file.
2. Whatís the best kind of password?
Passwords should be long, at least 6 characters, and made up of nonsense letters and numbers, not words out of the dictionary. However, there should also be some pattern that you can recognize because if you wind up having to write down your password in order to remember it, you have defeated the purpose. One trick is to pick a phrase and then use the first letter from each word in the phrase (and still add a digit or two somewhere). For example, ìi0icluî is a good password and you can remember it by remembering: ìif only I could learn UNIXî (using a zero for the ìoî in ìonlyî).
3. What UNIX command do you use to change the name or location of a file?
Use the mv command to move (or rename) a file.
4. Is UNIX case sensitive?
This can be a confusing issue. UNIX itself differentiates between uppercase and lowercase characters. In the file system, for example, the file ìabcî and ìABCî are not the same file. So you would say that UNIX is case sensitive. However, applications may or may not make this distinction. E-mail addresses processed by sendmail and most other mail programs are not case sensitive because the e-mail message standard specifies that addresses should not be.
5. Name the four most common UNIX command shells.
  • Bourne shell (sh)
  • C shell (csh)
  • Korn shell (ksh)
  • Bourne Again shell (bash)
    • 6. Why are shells better suited than C programs to some tasks?
    Shell scripts can usually be written faster because there is less overhead and you can take advantage of existing UNIX commands to perform the task. Scripts do not require compilation the way a C program does. For small tasks where the power and speed advantages of a C program are not a requirement, a shell script is probably easier and faster to write.
    7. How do you terminate a process?
    You can terminate a process by sending it an INTR signal (either with the kill command or by typing the corresponding interrupt character, usually Control-C, if the program is running at the terminal or in a terminal window).
    8. How do you indicate the end of input when entering text from the keyboard?
    You can indicate the end-of-input when entering text by typing the character set as the ìeofî character by stty, usually Control-D.
    9. How do you terminate a shell?
    Terminate a shell by typing the exit command or the ìeofî character (as in #8). The C shell can be set where the eof character wonít work and you must type exit or logout.
    10. What term is given to the current location of a process?
    The location of a process is where its current working directory points in the directory hierarchy.
    11. What attributes does every file have?
  • type
  • access permissions
  • owner
  • group membership
  • hard link count
  • modification date and time
    • 12. What is the purpose of groups?
    Groups provide another level of file access specification than just the owner and all other users. Users in the same group can, for example, set read access on a file that applies only to the members of that group while still denying access to the file to all other users.
    13. How do permission flags relate to directories?
    The read and write flags allow access to the directory just as regular files. The execute flag allows access to the files and subdirectories contained in the directory (based on their own access permission, of course).
    14. Who may change the ownership of a file?
    Only the owner of the file and the superuser (root) may change a fileís owner.

    Exercises

    2.1 Obtain the Internet mailing address of an acquaintance in another country, and send him or her e-mail. How long does it take to get there? Does the travel time seem reasonable? [level: easy]
    At the time of the printing of the first edition of this book, many network connections were via UUCP instead of direct Internet connections. In this scenario, email was often  ìstored and forwardedî and might take several hops, requiring hours or even days to reach its destination. Today, most sites are connected to Internet Service Providers and access to the Internet is more direct, so email will likely arrive within a few minutes.
    2.2 Why may a process have only one current group? [level: medium]
    The ìcurrent groupî of a process is its effective group ID. This may differ from its real group ID as it can be changed with the newgrp command. So at any given moment, a process can belong to a different group than its userís default group, but only one. The real group ID is still used for accounting purposes, but the effective group ID determines file access or modification permission.
    Some versions of UNIX honor access permissions for multiple groups (without requiring you change your effective group ID with the newgrp command) but even in these cases, the process still has only one group to which it really belongs at any moment. This group is the one that will be used when the process creates files. A file may only belong to a single group, so the effective group ID of the process is used. If a process could belong to multiple groups at once, there would be no way to determine which one should be used when creating a file.
    2.3 Design a file security mechanism that alleviates the need for the ìset user IDî feature.  [level: hard]
    There is no real answer here, the exercise should lead to a discussion of issues. One might use an Access Control List (found in other operating systems) to solve the problem.
    2.4 Even seemingly trivial inventions such as a flashing cursor and a scrolling window have been granted patents. Many software designers construct programs, only to find that they have unintentionally reinvented someone elseís patented invention. Do you think that patents are fair, and if not, can you think of a better mechanism to protect intellectual property? [level: hard]
    There is no correct answer here, but it should lead to a lively discussion.

    Project

    Send mail to the system administrator and set up two new groups for yourself.  Experiment with the group-related utilities and explore the permissions system.  [level: easy]
    Set and change group access for files and see how access is allowed or denied.