1. Assume the following struct is declared for the permission list of a file in
ID: 3794371 • Letter: 1
Question
1. Assume the following struct is declared for the permission list of a file in Linux.
Each permission (u or g or o) is represented as an octal. For example, u=7 means rwx, u=5 means r-x.
typedef struct {
unsigned int uid; // owner id
unsigned int gid; // group id
unsigned char u; // owner's permission
unsigned char g; // group's permission
unsigned char o; // other's permission
} Permission;
The permission check procedure is
(1) A user requests an operation on a file.
(2) If the user is the owner of the file, the operation will be checked against the owner's permission of the file. The result is either grant or deny.
(3) Otherwise, if the user is not the owner but in the group of the file, the operation will be checked against the group's permission of the file. The result is either grant or deny.
(4) Otherwise, if the user is neither the owner nor in the group of the file, the operation will be checked against the other's permission of the file. The result is either grant or deny.
Write a C/C++ function accesscheck(unsigned int uid, unsigned int gid, unsigned char req, int fid) to enforce access control in Linux.
The arguments of the function accesscheck are explained below:
1) uid and gid are the user id and the group id of the user who requests to take an operation on the file.
2) fid is the file id.
3) req is the requested operation. For example, req=7 means three operations rwx, req=5 means two operation r-x.
Request will be granted only if req is contained by the permission set of the file.
Assume Permission getPermission(int fid) can get the permission of the file fid.
Copy and paste your code in report and explain each line of code of your function in comments.
Explanation / Answer
char* accesscheck(unsigned int uid, unsigned int gid, unsigned char req, int fid) {
Permission p = getPermission(fid); //get the Permission of the file
char* msg = (char*)malloc(sizeof(char)*6); //dynamic declaration of array to store msg
if (uid == p.uid) { //checks if it request is from owner
if( p.u & req == req ) //bit wise and to see if all requests are granted
msg = "Allow"; // since after bitwise and, req value does not change, we can say all requests are granted
else //request not granted
msg = "Deny"; // set msg as deny
else if (gid == p.gid) //checks if it request is from group
if( p.g & req == req ) //bit wise and to see if all requests are granted
msg = "Allow"; // since after bitwise and, req value does not change, we can say all requests are granted
else //request not granted
msg = "Deny"; // set msg as deny
else
if( p.o & req == req ) //bit wise and to see if all requests are granted
msg = "Allow"; // since after bitwise and, req value does not change, we can say all requests are granted
else //request not granted
msg = "Deny"; // set msg as deny
return msg
}
note:
suppose request is 101
and permission is 111
so permission & request = 101
which indicates all request are granted
or
suppose request is 101
and permission is 110
so permission & request = 100 which is not equal to the original request
which indicates some request are not granted
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.