Section 15.4 described the traditional Unix (and Linux) file permissions scheme. For many applications, this scheme is sufficient. However, some applications need finer control over the permissions granted to specific users and groups. To meet this requirement, many Unix systems implement an extension to the traditional Unix file permissions model known as access control lists (ACLs). ACLs allow file permissions to be specified per user or per group, for an arbitrary number of users and groups. Linux provides ACLs from kernel 2.6 onward.
This chapter provides a description of ACLs and a brief tutorial on their use. It also describes some of the library functions used for manipulating and retrieving ACLs.
17 Access Control Lists
17.1 Overview
17.2 ACL Permission-Checking Algorithm
17.3 Long and Short Text Forms for ACLs
17.4 The ACL_MASK Entry and the ACL Group Class
17.5 The getfacl and setfacl Commands
17.6 Default ACLs and File Creation
17.7 ACL Implementation Limits
17.8 The ACL API
17.9 Summary
17.10 Exercises
2009-08-18
2009-08-14
Chapter 16: Extended Attributes
In this chapter, we describe extended attributes (EAs), which allow arbitrary metadata, in the form of name/value pairs, to be associated with file i-nodes. EAs were added to Linux in version 2.6.
16 Extended Attributes
16.1 Overview
16.2 Extended Attribute Implementation Details
16.3 System Calls for Manipulating Extended Attributes
16.4 Summary
16.5 Exercises
16 Extended Attributes
16.1 Overview
16.2 Extended Attribute Implementation Details
16.3 System Calls for Manipulating Extended Attributes
16.4 Summary
16.5 Exercises
2009-08-12
Chapter 15: File Attributes
In this chapter, we investigate various attributes of files (file metadata). We begin with a description of the stat() system call, which returns a structure containing many of these attributes, including file timestamps, file ownership, and file permissions. We then go on to look at various system calls used to change these attributes. (The discussion of file permissions continues in Chapter 16, where we look at access control lists.) We conclude the chapter with a discussion of i-node flags (also known as ext2 extended file attributes), which control various aspects of the treatment of files by the kernel.
15 File Attributes
15.1 Retrieving File Information: stat()
15.2 File Timestamps
15.2.1 Changing File Timestamps with utime() and utimes()
15.2.2 Changing File Timestamps with utimensat() and futimens()
15.3 File Ownership
15.3.1 Ownership of New Files
15.3.2 Changing File Ownership: chown(), fchown(), and lchown()
15.4 File Permissions
15.4.1 Permissions on Regular Files
15.4.2 Permissions on Directories
15.4.3 Permission Checking Algorithm
15.4.4 Checking File Accessibility: access()
15.4.5 Set-user-ID, Set-group-ID, and Sticky Bits
15.4.6 The Process File Mode Creation Mask: umask()
15.4.7 Changing File Permissions: chmod() and fchmod()
15.5 I-node Flags (ext2 Extended File Attributes)
15.6 Summary
15.7 Exercises
15 File Attributes
15.1 Retrieving File Information: stat()
15.2 File Timestamps
15.2.1 Changing File Timestamps with utime() and utimes()
15.2.2 Changing File Timestamps with utimensat() and futimens()
15.3 File Ownership
15.3.1 Ownership of New Files
15.3.2 Changing File Ownership: chown(), fchown(), and lchown()
15.4 File Permissions
15.4.1 Permissions on Regular Files
15.4.2 Permissions on Directories
15.4.3 Permission Checking Algorithm
15.4.4 Checking File Accessibility: access()
15.4.5 Set-user-ID, Set-group-ID, and Sticky Bits
15.4.6 The Process File Mode Creation Mask: umask()
15.4.7 Changing File Permissions: chmod() and fchmod()
15.5 I-node Flags (ext2 Extended File Attributes)
15.6 Summary
15.7 Exercises
2009-08-10
Chapter 14: File Systems
In Chapters 4, 5, and 13, we looked at file I/O, with a particular focus on regular (i.e., disk) files. In this and the following chapters, we go into detail on a range of file-related topics:
We conclude the chapter with a discussion of the system calls used to mount and unmount a file system, and the library functions used to obtain information about mounted file systems.
14 File Systems
14.1 Device Special Files (Devices)
14.2 Disks and Partitions
14.3 File Systems
14.4 I-nodes
14.5 The Virtual File System (VFS)
14.6 Journaling File Systems
14.7 Single Directory Hierarchy and Mount Points
14.8 Mounting and Unmounting File Systems
14.8.1 Mounting a File System: mount()
14.8.2 Unmounting a File System: umount() and umount2()
14.9 Advanced Mount Features
14.9.1 Mounting a File System at Multiple Mount Points
14.9.2 Stacking Multiple Mounts on the Same Mount Point
14.9.3 Mount Flags That Are Per-mount Options
14.9.4 Bind Mounts
14.9.5 Recursive Bind Mounts
14.10 A Virtual Memory File System: tmpfs
14.11 Obtaining Information about a File System: statvfs()
14.12 Summary
14.13 Exercises
- This chapter looks at file systems.
- Chapter 15 describes various attributes associated with a file, including the file timestamps, ownership, and permissions.
- Chapters 16 and 17 consider two new features of Linux 2.6: extended attributes and access control lists (ACLs). Extended attributes are a method of associating arbitrary metadata with a file. ACLs are an extension of the traditional Unix file permission model.
- Chapter 18 looks at directories and links.
We conclude the chapter with a discussion of the system calls used to mount and unmount a file system, and the library functions used to obtain information about mounted file systems.
14 File Systems
14.1 Device Special Files (Devices)
14.2 Disks and Partitions
14.3 File Systems
14.4 I-nodes
14.5 The Virtual File System (VFS)
14.6 Journaling File Systems
14.7 Single Directory Hierarchy and Mount Points
14.8 Mounting and Unmounting File Systems
14.8.1 Mounting a File System: mount()
14.8.2 Unmounting a File System: umount() and umount2()
14.9 Advanced Mount Features
14.9.1 Mounting a File System at Multiple Mount Points
14.9.2 Stacking Multiple Mounts on the Same Mount Point
14.9.3 Mount Flags That Are Per-mount Options
14.9.4 Bind Mounts
14.9.5 Recursive Bind Mounts
14.10 A Virtual Memory File System: tmpfs
14.11 Obtaining Information about a File System: statvfs()
14.12 Summary
14.13 Exercises
2009-08-09
Chapters 29 to 33 are in copyedit
Chapters 22 to 25 are back from copyedit. Chapters 29 to 33 have gone to copyedit.
2009-08-07
Chapter 13: File I/O Buffering
In the interests of speed and efficiency, both I/O system calls (i.e., the kernel) and the I/O functions of the standard C library (i.e., the stdio functions) buffer data when operating on disk files. In this chapter, we describe both types of buffering and consider how they affect application performance. We also look at various techniques for influencing and disabling both types of buffering, and look at a technique called direct I/O, which is useful for bypassing kernel buffering in certain circumstances.
13 File I/O Buffering
13.1 Kernel Buffering of File I/O: The Buffer Cache
13.2 Buffering in the stdio Library
13.3 Controlling Kernel Buffering of File I/O
13.4 Summary of I/O Buffering
13.5 Giving the Kernel Hints about I/O Patterns: posix_fadvise()
13.6 Bypassing the Buffer Cache: Direct I/O
13.7 Mixing Library Functions and System Calls for File I/O
13.8 Summary
13.9 Exercises
13 File I/O Buffering
13.1 Kernel Buffering of File I/O: The Buffer Cache
13.2 Buffering in the stdio Library
13.3 Controlling Kernel Buffering of File I/O
13.4 Summary of I/O Buffering
13.5 Giving the Kernel Hints about I/O Patterns: posix_fadvise()
13.6 Bypassing the Buffer Cache: Direct I/O
13.7 Mixing Library Functions and System Calls for File I/O
13.8 Summary
13.9 Exercises
2009-08-05
Chapters 1 to 12
Chapters 1 to 12 form the first two of eight logical parts of my book (see this earlier post). So, this is a good point to post the detailed table of contents so far. Here's the current table of contents for chapters 1 to 12.
1 History and Standards [~20 pages]
1.1 A Brief History of Unix and C
1.2 A Brief History of Linux
1.2.1 The GNU Project
1.2.2 The Linux Kernel
1.3 Standardization
1.3.1 The C Programming Language
1.3.2 The First POSIX Standards
1.3.3 X/Open Company and The Open Group
1.3.4 SUSv3 and POSIX.1-2001
1.3.5 SUSv4 and POSIX.1-2008
1.3.6 Unix Standards Timeline
1.3.7 Implementation Standards
1.3.8 Linux, Standards, and the Linux Standard Base
1.4 Summary
2 Fundamental Concepts [~20 pages]
2.1 The Core Operating System: The Kernel
2.2 The Shell
2.3 Users and Groups
2.4 Single Directory Hierarchy, Directories, Links, and Files
2.5 File I/O Model
2.6 Programs
2.7 Processes
2.8 Memory Mappings
2.9 Static and Shared Libraries
2.10 Interprocess Communication and Synchronization
2.11 Signals
2.12 Threads
2.13 Process Groups and Shell Job Control
2.14 Sessions, Controlling Terminals, and Controlling Processes
2.15 Pseudoterminals
2.16 Date and Time
2.17 Client-server Architecture
2.18 Realtime
2.19 The /proc File System
2.20 Summary
3 System Programming Concepts [~25 pages]
3.1 System Calls
3.2 Library Functions
3.3 The Standard C Library; The GNU C Library (glibc)
3.4 Handling Errors from System Calls and Library Functions
3.5 Notes on the Example Programs in This Book
3.5.1 Command-line Options and Arguments
3.5.2 Common Functions and Header Files
3.6 Portability Issues
3.6.1 Feature Test Macros
3.6.2 System Data Types
3.6.3 Miscellaneous Portability Issues
3.7 Summary
3.8 Exercises
4 File I/O: The Universal I/O Model [~20 pages]
4.1 Overview
4.2 Universality of I/O
4.3 Opening a File: open()
4.4 Reading from a File: read()
4.5 Writing to a File: write()
4.6 Closing a File: close()
4.7 Changing the Current File Offset: lseek()
4.8 Operations Outside the Universal I/O Model: ioctl()
4.9 Summary
4.10 Exercises
5 File I/O: Further Details [~25 pages]
5.1 Atomicity and Race Conditions
5.2 File Control Operations: fcntl()
5.3 Open File Status Flags
5.4 Relationship Between File Descriptors and Open Files
5.5 Duplicating File Descriptors
5.6 File I/O at a Specified Offset: pread() and pwrite()
5.7 Scatter-gather I/O: readv() and writev()
5.8 Truncating a File: truncate() and ftruncate()
5.9 Nonblocking I/O
5.10 I/O on Large Files
5.11 The /dev/fd Directory
5.12 Creating Temporary Files
5.13 Summary
5.14 Exercises
6 Processes [~25 pages]
6.1 Processes and Programs
6.2 Process ID and Parent Process ID
6.3 Memory Layout of a Process
6.4 Virtual Memory Management
6.5 The Stack and Stack Frames
6.6 Command-line Arguments (argc, argv)
6.7 Environment List
6.8 Performing a Nonlocal Goto: setjmp() and longjmp()
6.9 Summary
6.10 Exercises
7 Memory Allocation [~15 pages]
7.1 Allocating Memory on the Heap
7.1.1 Adjusting the Program Break: brk() and sbrk()
7.1.2 Allocating Memory on the Heap: malloc() and free()
7.1.3 Implementation of malloc() and free()
7.1.4 Other Methods of Allocating Memory on the Heap
7.2 Allocating Memory on the Stack: alloca()
7.3 Summary
7.4 Exercises
8 Users and Groups [~15 pages]
8.1 The Password File: /etc/passwd
8.2 The Shadow Password File: /etc/shadow
8.3 The Group File: /etc/group
8.4 Retrieving User and Group Information
8.5 Password Encryption and User Authentication
8.6 Summary
8.7 Exercises
9 Process Credentials [~20 pages]
9.1 Real User ID and Real Group ID
9.2 Effective User ID and Effective Group ID
9.3 Set-user-ID and Set-group-ID Programs
9.4 Saved Set-user-ID and Saved Set-group-ID
9.5 File System User ID and File System Group ID
9.6 Supplementary Group IDs
9.7 Retrieving and Modifying Process Credentials
9.7.1 Retrieving and Modifying Real, Effective, and Saved Set IDs
9.7.2 Retrieving and Modifying File System IDs
9.7.3 Retrieving and Modifying Supplementary Group IDs
9.7.4 Summary of Calls for Modifying Process Credentials
9.7.5 Example: Displaying Process Credentials
9.8 Summary
9.9 Exercises
10 Times and Dates [~25 pages]
10.1 Calendar Time
10.2 Time-Conversion Functions
10.2.1 Converting time_t to Printable Form
10.2.2 Converting Between time_t and Broken-down Time
10.2.3 Converting Between Broken-down Time and Printable Form
10.3 Timezones
10.4 Locales
10.5 Updating the System Clock
10.6 The Software Clock (Jiffies)
10.7 Process Time
10.8 Summary
10.9 Exercises
11 System Limits and Options [~10 pages]
11.1 System Limits
11.2 Retrieving System Limits (and Options) at Run Time
11.3 Retrieving File-related Limits (and Options) at Run Time
11.4 Indeterminate Limits
11.5 System Options
11.6 Summary
11.7 Exercises
12 System and Process Information [~10 pages]
12.1 The /proc File System
12.1.1 Obtaining Information about a Process: /proc/PID
12.1.2 System Information under /proc
12.1.3 Accessing /proc Files
12.2 System Identification: uname()
12.3 Summary
12.4 Exercises
1 History and Standards [~20 pages]
1.1 A Brief History of Unix and C
1.2 A Brief History of Linux
1.2.1 The GNU Project
1.2.2 The Linux Kernel
1.3 Standardization
1.3.1 The C Programming Language
1.3.2 The First POSIX Standards
1.3.3 X/Open Company and The Open Group
1.3.4 SUSv3 and POSIX.1-2001
1.3.5 SUSv4 and POSIX.1-2008
1.3.6 Unix Standards Timeline
1.3.7 Implementation Standards
1.3.8 Linux, Standards, and the Linux Standard Base
1.4 Summary
2 Fundamental Concepts [~20 pages]
2.1 The Core Operating System: The Kernel
2.2 The Shell
2.3 Users and Groups
2.4 Single Directory Hierarchy, Directories, Links, and Files
2.5 File I/O Model
2.6 Programs
2.7 Processes
2.8 Memory Mappings
2.9 Static and Shared Libraries
2.10 Interprocess Communication and Synchronization
2.11 Signals
2.12 Threads
2.13 Process Groups and Shell Job Control
2.14 Sessions, Controlling Terminals, and Controlling Processes
2.15 Pseudoterminals
2.16 Date and Time
2.17 Client-server Architecture
2.18 Realtime
2.19 The /proc File System
2.20 Summary
3 System Programming Concepts [~25 pages]
3.1 System Calls
3.2 Library Functions
3.3 The Standard C Library; The GNU C Library (glibc)
3.4 Handling Errors from System Calls and Library Functions
3.5 Notes on the Example Programs in This Book
3.5.1 Command-line Options and Arguments
3.5.2 Common Functions and Header Files
3.6 Portability Issues
3.6.1 Feature Test Macros
3.6.2 System Data Types
3.6.3 Miscellaneous Portability Issues
3.7 Summary
3.8 Exercises
4 File I/O: The Universal I/O Model [~20 pages]
4.1 Overview
4.2 Universality of I/O
4.3 Opening a File: open()
4.4 Reading from a File: read()
4.5 Writing to a File: write()
4.6 Closing a File: close()
4.7 Changing the Current File Offset: lseek()
4.8 Operations Outside the Universal I/O Model: ioctl()
4.9 Summary
4.10 Exercises
5 File I/O: Further Details [~25 pages]
5.1 Atomicity and Race Conditions
5.2 File Control Operations: fcntl()
5.3 Open File Status Flags
5.4 Relationship Between File Descriptors and Open Files
5.5 Duplicating File Descriptors
5.6 File I/O at a Specified Offset: pread() and pwrite()
5.7 Scatter-gather I/O: readv() and writev()
5.8 Truncating a File: truncate() and ftruncate()
5.9 Nonblocking I/O
5.10 I/O on Large Files
5.11 The /dev/fd Directory
5.12 Creating Temporary Files
5.13 Summary
5.14 Exercises
6 Processes [~25 pages]
6.1 Processes and Programs
6.2 Process ID and Parent Process ID
6.3 Memory Layout of a Process
6.4 Virtual Memory Management
6.5 The Stack and Stack Frames
6.6 Command-line Arguments (argc, argv)
6.7 Environment List
6.8 Performing a Nonlocal Goto: setjmp() and longjmp()
6.9 Summary
6.10 Exercises
7 Memory Allocation [~15 pages]
7.1 Allocating Memory on the Heap
7.1.1 Adjusting the Program Break: brk() and sbrk()
7.1.2 Allocating Memory on the Heap: malloc() and free()
7.1.3 Implementation of malloc() and free()
7.1.4 Other Methods of Allocating Memory on the Heap
7.2 Allocating Memory on the Stack: alloca()
7.3 Summary
7.4 Exercises
8 Users and Groups [~15 pages]
8.1 The Password File: /etc/passwd
8.2 The Shadow Password File: /etc/shadow
8.3 The Group File: /etc/group
8.4 Retrieving User and Group Information
8.5 Password Encryption and User Authentication
8.6 Summary
8.7 Exercises
9 Process Credentials [~20 pages]
9.1 Real User ID and Real Group ID
9.2 Effective User ID and Effective Group ID
9.3 Set-user-ID and Set-group-ID Programs
9.4 Saved Set-user-ID and Saved Set-group-ID
9.5 File System User ID and File System Group ID
9.6 Supplementary Group IDs
9.7 Retrieving and Modifying Process Credentials
9.7.1 Retrieving and Modifying Real, Effective, and Saved Set IDs
9.7.2 Retrieving and Modifying File System IDs
9.7.3 Retrieving and Modifying Supplementary Group IDs
9.7.4 Summary of Calls for Modifying Process Credentials
9.7.5 Example: Displaying Process Credentials
9.8 Summary
9.9 Exercises
10 Times and Dates [~25 pages]
10.1 Calendar Time
10.2 Time-Conversion Functions
10.2.1 Converting time_t to Printable Form
10.2.2 Converting Between time_t and Broken-down Time
10.2.3 Converting Between Broken-down Time and Printable Form
10.3 Timezones
10.4 Locales
10.5 Updating the System Clock
10.6 The Software Clock (Jiffies)
10.7 Process Time
10.8 Summary
10.9 Exercises
11 System Limits and Options [~10 pages]
11.1 System Limits
11.2 Retrieving System Limits (and Options) at Run Time
11.3 Retrieving File-related Limits (and Options) at Run Time
11.4 Indeterminate Limits
11.5 System Options
11.6 Summary
11.7 Exercises
12 System and Process Information [~10 pages]
12.1 The /proc File System
12.1.1 Obtaining Information about a Process: /proc/PID
12.1.2 System Information under /proc
12.1.3 Accessing /proc Files
12.2 System Identification: uname()
12.3 Summary
12.4 Exercises
Chapter 12: System and Process Information
In this chapter, we look at ways of retrieving and modifying a variety of system information. The primary focus of the chapter is a discussion of the /proc file system. We also describe the uname() system call, which is used to retrieve various system identifiers.
12 System and Process Information
12.1 The /proc File System
12.1.1 Obtaining Information about a Process: /proc/PID
12.1.2 System Information under /proc
12.1.3 Accessing /proc Files
12.2 System Identification: uname()
12.3 Summary
12.4 Exercises
12 System and Process Information
12.1 The /proc File System
12.1.1 Obtaining Information about a Process: /proc/PID
12.1.2 System Information under /proc
12.1.3 Accessing /proc Files
12.2 System Identification: uname()
12.3 Summary
12.4 Exercises
2009-08-04
Chapter 11: System Limits and Options
Each Unix implementation sets limits on various system features and resources, and provides--or chooses not to provide--options defined in various standards. Examples include the following:
11 System Limits and Options
11.1 System Limits
11.2 Retrieving System Limits (and Options) at Run Time
11.3 Retrieving File-related Limits (and Options) at Run Time
11.4 Indeterminate Limits
11.5 System Options
11.6 Summary
11.7 Exercises
- How many files can a process hold open at one time?
- Does the system support realtime signals?
- What is the biggest value that can be stored in a variable of type int?
- How big an argument list can a program have?
- What is the maximum length of a pathname?
- Across Unix implementations: Although limits and options may be fixed on an individual implementation, they can vary from one Unix implementation to another. The maximum value that can be stored in an int is an example of such a limit.
- At run time on a particular implementation: The kernel may have been reconfigured to change a limit, for example. Alternatively, the application may have been com-piled on one system, but run on another system with different limits and options.
- From one file system to another: For example, traditional System V file systems allow a filename to be up to 14 bytes, while traditional BSD file systems and most native Linux file systems allow filenames of up to 255 bytes.
- Some limits and options can be determined at compile time. For example, the maximum value of an int is determined by the hardware architecture and compiler design choices. Such limits can be recorded in header files.
- Other limits and options may vary at run time. For such cases, SUSv3 defines three functions--sysconf(), pathconf(), and fpathconf()--that an application can call to check these implementation limits and options.
11 System Limits and Options
11.1 System Limits
11.2 Retrieving System Limits (and Options) at Run Time
11.3 Retrieving File-related Limits (and Options) at Run Time
11.4 Indeterminate Limits
11.5 System Options
11.6 Summary
11.7 Exercises
Chapter 10: Times and Dates
Within a program, we may be interested in two kinds of time:
10 Times and Dates
10.1 Calendar Time
10.2 Time-Conversion Functions
10.2.1 Converting time_t to Printable Form
10.2.2 Converting Between time_t and Broken-down Time
10.2.3 Converting Between Broken-down Time and Printable Form
10.3 Timezones
10.4 Locales
10.5 Updating the System Clock
10.6 The Software Clock (Jiffies)
10.7 Process Time
10.8 Summary
10.9 Exercises
- Real time: This is the time as measured either from some standard point (calendar time) or from some fixed point (typically the start) in the life of a process (elapsed or wall clock time). Obtaining the calendar time is useful to programs that, for example, timestamp database records or files. Measuring elapsed time is useful for a program that takes periodic actions or makes regular measurements from some external input device.
- Process time: This is the amount of CPU time used by a process. Measuring process time is useful for checking or optimizing the performance of a program or algorithm.
10 Times and Dates
10.1 Calendar Time
10.2 Time-Conversion Functions
10.2.1 Converting time_t to Printable Form
10.2.2 Converting Between time_t and Broken-down Time
10.2.3 Converting Between Broken-down Time and Printable Form
10.3 Timezones
10.4 Locales
10.5 Updating the System Clock
10.6 The Software Clock (Jiffies)
10.7 Process Time
10.8 Summary
10.9 Exercises
2009-08-03
Chapter 9: Process Credentials
Every process has a number of associated numeric user identifiers (UIDs) and group identifiers (GIDs). Sometimes these are referred to as process credentials. These identifiers are as follows:
9 Process Credentials
9.1 Real User ID and Real Group ID
9.2 Effective User ID and Effective Group ID
9.3 Set-user-ID and Set-group-ID Programs
9.4 Saved Set-user-ID and Saved Set-group-ID
9.5 File System User ID and File System Group ID
9.6 Supplementary Group IDs
9.7 Retrieving and Modifying Process Credentials
9.7.1 Retrieving and Modifying Real, Effective, and Saved Set IDs
9.7.2 Retrieving and Modifying File System IDs
9.7.3 Retrieving and Modifying Supplementary Group IDs
9.7.4 Summary of Calls for Modifying Process Credentials
9.7.5 Example: Displaying Process Credentials
9.8 Summary
9.9 Exercises
- real user ID and group ID;
- effective user ID and group ID;
- saved set-user-ID and saved set-group-ID;
- file system user ID and group ID (Linux-specific); and
- supplementary group IDs.
9 Process Credentials
9.1 Real User ID and Real Group ID
9.2 Effective User ID and Effective Group ID
9.3 Set-user-ID and Set-group-ID Programs
9.4 Saved Set-user-ID and Saved Set-group-ID
9.5 File System User ID and File System Group ID
9.6 Supplementary Group IDs
9.7 Retrieving and Modifying Process Credentials
9.7.1 Retrieving and Modifying Real, Effective, and Saved Set IDs
9.7.2 Retrieving and Modifying File System IDs
9.7.3 Retrieving and Modifying Supplementary Group IDs
9.7.4 Summary of Calls for Modifying Process Credentials
9.7.5 Example: Displaying Process Credentials
9.8 Summary
9.9 Exercises
Chapter 8: Users and Groups
Every user has a unique login name and an associated numeric user identifier (UID). Users can belong to one or more groups. Each group also has a unique name and a group identifier (GID).
The primary purpose of user and group IDs is to determine ownership of various system resources and to control the permissions granted to processes accessing those resources. For example, each file belongs to a particular user and group, and each process has a number of user and group IDs that determine who owns the process and what permissions it has when accessing a file (see Chapter 9 for details).
In this chapter, we look at the system files that are used to define the users and groups on the system, and then describe the library functions used to retrieve information from these files. We conclude with a discussion of the crypt() function, which is used to encrypt and authenticate login passwords.
8 Users and Groups
8.1 The Password File: /etc/passwd
8.2 The Shadow Password File: /etc/shadow
8.3 The Group File: /etc/group
8.4 Retrieving User and Group Information
8.5 Password Encryption and User Authentication
8.6 Summary
8.7 Exercises
The primary purpose of user and group IDs is to determine ownership of various system resources and to control the permissions granted to processes accessing those resources. For example, each file belongs to a particular user and group, and each process has a number of user and group IDs that determine who owns the process and what permissions it has when accessing a file (see Chapter 9 for details).
In this chapter, we look at the system files that are used to define the users and groups on the system, and then describe the library functions used to retrieve information from these files. We conclude with a discussion of the crypt() function, which is used to encrypt and authenticate login passwords.
8 Users and Groups
8.1 The Password File: /etc/passwd
8.2 The Shadow Password File: /etc/shadow
8.3 The Group File: /etc/group
8.4 Retrieving User and Group Information
8.5 Password Encryption and User Authentication
8.6 Summary
8.7 Exercises
Subscribe to:
Posts (Atom)
