 So with a with a computer system, we'd like to better control what different users can do on that computer system That's what access control does prevent unauthorized use of resources where the resources the resources maybe files maybe Physical resources like disks CPU part of files processes So typical things that the resources of any computer or computer system for access control to work we rely on some authentication mechanism because the access control is usually specified per user and So we assume that the users of the computer system have already been authenticated They've somehow logged in and we've checked that they are the correct user and then the access control Mechanisms depend upon that user identity We often specify this user can do these things the other things we need to do is be able to Have some way to To set up the access control to say who can do what and that's some authorization function Sometimes we'll just have a database that specifies who's authorized to do what and Often we want to be able to check that our access control is doing what we expect it to do to perform some audit And there are three main policies for access control discretionary mandatory and role-based and we briefly introduced discretionary last last lecture We'll go through the others and quite quick just talk about the differences between them and give a couple of examples They can be combined that is concepts and reach can be combined in a particular computer system. They're not mutually exclusive Let's look at Again We talk generally about subjects the users objects the resources the things we want to control access to and for which users which subjects and We usually give subjects some access right some right to use some object Or a permission you have permission to execute this file So the subject has some access right on some object as the general terminology the subjects often classified And there are different classifications one will see in an example is Okay, we can talk about owners groups of users the world meaning all users on a computer system and there are other Classifications it doesn't have to be these three Many different types of objects and access rights. There may be different ones depending upon our computer system Then they're not fixed so discretionary access control some entity is act is granted access rights and The discretionary part is that we're allowed to modify these access rights It's up to the discretion of the owner as to who we can access or who we can Permit to access a particular resource so we can modify them. We have some discretion there And it's commonly used in operating systems and in database management systems So databases and many operating systems use discretionary discretionary access control But they can be extended to use the others that we'll talk about The way to specify who can do what? The the general form is a matrix. We have a set of Resources or objects we have a set of users or subjects and Then we form a matrix and then in the elements of that matrix we specify what the Subject can do with what resource so we specify the permission or the access right inside the element of each of the matrix So we can think of it as a matrix And that's what this example does And a very simple example. We have four files Three subjects and we specify the access rights in the elements of those matrix that matrix wrong way Of course imagine we have many many files many objects and many users Not all users Can access all files There may be some empty elements. So in this case user C can't do anything with file 3 Imagine there are a hundred thousand files on our computer system. Then maybe user C cannot do anything with most of those files So we'd have empty elements in the matrix So even though the matrix captures our access control we To store that information on a computer system will often use other data structures. So this information must be stored somewhere because This is stored say in the operating system and Then when a user wants to access a particular object the operating system must check what Access rights that user has so it looks up in the matrix and if the user B tries to open file 3 It checks the permissions in the matrix So this data is stored somewhere so it can be stored as a matrix But because the matrix will be quite large in some cases and have many empty elements There are more efficient ways to store them and The next three slides shows three main approaches access control lists List for each object or each file in this example what the users can do So we see this is the same case as the previous slide the same data is stored But just in a different data structure. This is a set of think of linked lists for each file user a Has these access rights on that file ownership read write and that matches Here Fire one user a own read write. So it's the same information just stored in a different way and as we have So currently we have three users can access file one if there's a fourth user on the system added user D And they also have access rights on file one then we can add a new element into this list So for each file think we have a linked list specifying the access rights It's just a data structure to store this information conveniently on on our computer system and we do it for each file So that's a set of access control lists Control who can access each resource Of course you need less space to store this compared to a matrix because a matrix has many empty elements Whereas that information is not stored. For example file three User C cannot access file three File three. There's no entry for user C. We don't need to store anything here. That's the idea Capability lists are the other way around where we store per user user a has these capabilities on These resources user B has capabilities on these resources So it's the same information just stored in a different manner and again, it depends upon your computer system as to which one to choose So we'll see an example that operating systems will often use access control lists For each file on your operating system The the access rights are specified and a third way is a table just list all those values Okay, the subject The mode in which you can access that object So it's the same information again But in a different data structure just a table and this is useful for example to in a database Let's say you need to create a database that controls Access to different resources and store it in a table where your database has a set of three columns specifying who the subject the Permission or access right here listed the access mode and the object and Now the database whenever a user tries to access some object the database first checks in this authorization table checks if user B is trying to write to file for User B what can user B do on file for they can only read so the authorization table is checked and the system can check But user B cannot write to file for So three different ways to store these access control information in a more convenient manner Databases often use this approach. We'll see Capability lists may be used in some web systems We'll see an example access control this often often in Operating systems, but they don't have to be it depends upon the computer system And that's what those three examples capture this information here We talk about in practice. We have access control lists and capability lists and we could have an authorization table For a database especially I'll show you I'll come back at the end of this topic and show you a more detailed example and I think most of you know it If you took my lab yesterday, then you know about the access control in Linux And you get more chance to explore that is in a small homework task in your virtual network to look at access control So I'll give you a few examples of this one after I go through the other two role-based access control Instead of looking at individual users of your computer system allocate users to particular roles in the computer system So users that are assigned roles And then access rights are assigned to roles They can be assigned in the same way We'll see we can have a matrix or a particular table or list to map the access rights to roles But in this case each user on the computer system is assigned to some role and Roles in practice are usually related to some job function. Okay, so if it for an organization the role may be faculty member student head of school or or Accounted HR staff CEO Okay, so you can think of the roles being assigned to job functions and then particular users Take on those roles We can implement similar using groups of users, but there's some subtle differences that is in in discretionary access control we listed for Okay, we have users access give access rights We'll see when we look at the Linux file system and access control in Linux that we can also say a group of users Okay, that is the group of users the group of student users includes a and B and Give permissions based upon groups So we can do that in in Linux or Unix based operating systems Role-based is there's some similarities there We can implement the similar features using groups But we'll see there are some more details with role-based that we normally cannot do with just groups in a Linux system We'll see in a few slides Users may be assigned multiple roles. Okay, so a particular user may have multiple roles It may be static in that it's fixed assignment Or the roles may change so a user may change roles Usually a session Is defined as some Assignment of a user to a role that is When I log into a system Some I log into a web-based system then I'll often take on a particular role when I log in I May change roles When I'm logged in which effectively creates a different session So it's different things different access rights are permitted when I change roles and Similar to discretionary access control the we can have a matrix that maps the roles to the access rights on particular objects Like this one first we map users to roles Okay, so the user one Can take role one user to can take role one user three can take roles two or four So we map users to roles for example, we need some way to specify that the faculty members maybe role one faculty member and then Map the actual user names or user identities to the those who can be act as the role faculty member and then the permissions are assigned per Where have we got a role here on the vertical access here? These are the roles and These are the objects Note that this example from the textbook uses some different notation here What is it got our F P and D I think? F refers to a file P refers to a process D refers to a disk R Maybe just a general resource. I can't remember but again. These are objects our objects don't have to be files I can control who can access a particular software process running on my computer or who can access a disk a physical hard disk So we can have different types of objects So in this case our roles Mat to the objects given different access rights And we see some different examples on for example on a disk disk one role one Then we can do different operations on that disk So we have different access rights like to seek or to search through the disk to be the owner of the disk Similar on files read write and execute but these are just examples of access rights We may have other ones specific to our computer system So similar to discretionary. We have this matrix mapping objects Not to users but to roles that's similar as before and a second matrix that maps users to roles It becomes a little bit easier to manage in an organization because in most organizations The policy would specify the access rights are related to roles It doesn't necessarily matter about the individual user. So therefore You don't have to care about who the user is when you specify this matrix You just say all faculty members have these permissions All students have these permissions or all accountants in the organization have this these permissions And then separately manage who is the accountant or the set of accountants So that's similar except one. This is more suited to easy management when we have well-defined Job positions of roles in the organization. It can be more complex We don't necessarily just have a single mapping of one user to one role They can have multiple roles One role can have multiple users and we can start to have hierarchies to Hierarchies in the roles that reflect the the typical structure of organizations So Some organization which has a director some project leaders and on each project there may be some engineers of different take different roles in those projects and Then we can start to assign permissions to the different roles and Also, we can do things like okay the project lead has as a role has some permissions The two engineer or the engineers on that project have a set of permissions based on that role And since there's a hierarchy in that the project leader is the boss of the project They may inherit the the permissions of the engineers that is what we can do is say that Production engineer has these access rights Quality engineer has these access rights the project lead Automatically inherits those access rights because they are the higher level in the hierarchy So we can start to map the access rights and access control back to how that the organization is often structured So can you get more complex and that's start to get more complex than what you normally do with groups in Linux file systems a very simple example In the Moodle web-based system that we use it has a very basic role-based access control in that this is one part of the admin interface of the Moodle website and You can think that we'll see that It has a set of what at least capabilities that you can do on the website things you can do on the website like take quizzes View lecture notes add new users so the many different operations that you can do and Then it specifies which roles have those permissions So think of these are the access rights the things we're allowed to do This is the set of Roles that have those access rights so the manager can do this The lecturer and the manager can do this and who is the manager who is the lecturer? Well, then we have a separate Separate database that assigns individual users like myself to be the lecturer or Another faculty member to be a lecturer and if we scroll down we may see some students Okay The student can unenroll themselves from a course Okay, because it's only students that are enrolled in course So they have the the capability to unenroll themselves from the course So this is role-based where student really encompasses the set of students related to a particular course A very simple example of a role-based access control The mapping of roles to users is not shown here. It's in a different page or a different Part of the website Know that the objects and the resources are not just file So these isn't this is not saying that these users can access files It's to perform operations on different bit sets of data. The website is really just a database containing quiz questions containing student information and This column shows the access rights that we have on those different pieces of data So it's not always just files that are the resources one last slide on role-based access control The other thing that we can have sometimes is constraints. We can start to define once we have a set of roles Some relationship between those roles for example This hierarchy of roles a high role can include the access rights of all lower role. So the CEO Automatically inherits that the access rights of all the other employees of the organization We can quite do that. We can do that quite easily in role-based systems in Discretionary based system. It's more complex to do that to set that up and manage it You can have mutually exclusive roles so a user can only be assigned to one particular role in some set so a What's an example a user can if they are assigned to be a What's an example that's mutually exclusive If they're assigned to be a student they cannot be a faculty member Okay, all right, that's commonly the case not always the case But that may be a condition that is if a student is in the role if a particular person is Assigned to the role of student Then they cannot be otherwise assigned to the role of faculty member That may be a constraint from our organization perspective and we can implement that constraint in a role-based access control system So it usually provides easier mechanisms to represent the policies of an organization in the implementation in the computer system We can do things like max put limits the maximum number of users assigned to a role so Maybe the the administrator for a particular server we we have some policy that we We must have two users and no more than two users exactly two users So we can have implement limits in the role-based access control system to make sure that policy is met that we always have two users assigned to that role no more and we can have implement prerequisites in The way that users assigned assigned to roles So an example is that a user can be only assigned to a senior role if they've previously had a junior role Let's say some organizations have junior engineer senior engineer so a user to be assigned to the senior engineer role must have Previously been in the junior engineer role that may be the policy of the organization and we can implement that in The role-based access control system So there are different constraints and this makes it more complex and more suited to organizational structures than simple discretionary access control So two different approaches so far one more will go through and then we'll come back to discretionary with one example Last one mandatory access control In both of these cases role-based and discretionary we can usually change the access control Someone has permissions to modify the access rights Someone has permissions to assign this user to this role mandatory access control is usually fixed or more static And it's based on the concept of multi-level security and the best example if you think about a military situation where you or a Security organization where you you know that there may be different classifications of of documents or information and one classification you may see is okay. We can talk about top-secret secret confidential restricted and unclassified as a common classification of Military information or security organization information for governments where Unclassified information is the lowest level More important information is classified as restricted and then confidential secret and top secret so we say that top secret is of course more secret than confidential information So often some organizations use such classification we can implement that in an access control system The idea is that we have a subject gets a security clearance at one of the levels These are just example levels the ones listed here. There are other classifications in general. There can be any classification But this is an example. I think many You'll recognize some parts of it So a subject a user has some clearance So the you I may have a clearance of confidential and Then objects are given a classification So this file on the system has a classification of top secret I have a clearance of confidential the file has a classification of top secret. Can I access the file? No, the way that Multilevel security and mandatory access control says that you cannot Access or read a file or read access an object which has a higher level classification than your clearance level and that's what the well the first property Specifies here for mandatory access control a subject can only read an object of less or equal security level So a subject which has clearance of confidential Can only read objects can only view objects that are confidential restricted or unclassified That is objects, which are the same or lower classification level no read up That's summarized as you cannot read an object that is Has a higher level than you are you cannot read up so that's the common requirement of mandatory access control system The other one which is not so obvious, but is also necessary is no write down a Subject can only write into an object of greater or equal security level So if we think of say a file as an object reading is being able to see the contents Writing being able to modify the contents including delete What's the second one no write down mean? Why do we need that? So no read up means you cannot read anything at a higher level of classification than you are no write down means if I Have clearance of confidential No read up means I can read confidential restricted and unclassified objects I cannot read secret or top-secret objects. That's no read up. No write down means If I'm classified cleared at confidential I Cannot write into objects lower That is restricted or unclassified Why is that? Why do we need this one? Yeah first yeah Protect the file for how? You're not modified without authorization. Why why do we want to restrict this? Yeah Yeah, we don't want the the the file to be exposed or released to a lower level So I have confidential clearance okay The ability to write means let's say I can take confidential information a file which is classified as confidential If I can write it into an object Which is classified as restricted then I've released that confidential information into a lower level and then someone who's classified as Or cleared as restricted can read that previously confidential information so this is this to stop the release of Higher classified information down to lower levels We cannot write down so that's also required So if I'm cleared at secret I can read secret and everything below information Even though I can read secret information I'm not allowed to write that into an object which is in the confidential or lower clearance so if there's a file that's Classified as confidential and another one is secret I can read the secret file But I cannot write to the confidential file because that will allow me to release that secret to people who are classified as confidential which would be Against the requirements of our mandatory access control so that one's a little bit non-obvious But necessary any questions so far so All objects must be classified and All users must be cleared For this system to work if you don't have a clearance then okay Then you're down here the lowest level less than unclassified or you get a default clearance and all objects Must be Classified and usually there's some administrator that must do that or some process for doing that and The users cannot change this policy So there's no discretion to make changes as to what you can do. That's fixed by the administrator of the system All right If something needs to be changed that if an object For some reason needs to be changed from confidential down to restrictive There must be a set procedure for how to do that and it's up to the administrator The the users the normal users cannot make those changes So that's mandatory access control or concept at least It's much more stricter in the requirements than the other two And therefore often used when we need a higher level of security in our computer system There are different implementations of it But that's I think all we need to go through today on on mandatory access control just introduce the concept many operating systems use discretionary access control But often there are extensions you can add some extension to the operating system to support Mandatory access control if you want a more secure operating system So some lists of some extensions to support mandatory access control for Linux for BSD Windows has mandatory integrity control which effectively adds this capability to the operating system used in Organizations that need this high level of security and that's all we want to cover on the concepts of access control We'll go through one more example, but any questions before we go to that example Yep, role-based access control So users may be assigned multiple roles It may be fixed by the administrator So we can think there's always an administrator of the system someone who sets it up if we just quickly go back in our picture We have some administrator who has the the job of setting up this access control system and specifying the rights With a role-based access control that can be static the users are assigned to roles But the system may be set up such that users within the system users within the system may Change the roles for other users the administrator assigns the roles option one or The system is set up so that users can assign roles to other users Where are we the CEO? So there's an administrator who set up the computer system There's the role of CEO the boss of the company Maybe they have the permission to assign roles to other users and to modify the system So some dynamic changes while the system is operating So maybe I have the role of faculty member as a permission of that role I can change a student from the normal student user to be a teaching assistant role So I can change the roles of users The admin role usually Has all permissions. They control the system. They can do anything they like The other the roles to find in the system are often restrictive if we go back to one of our principles I think it's listed The principle of least privilege We use in all these cases is that you give the permissions you give minimum Permissions such that they can do their job Does the CEO Need the permission to assign roles to other users probably not They can still do their job without that does a faculty member need the permission to Assign roles for students Maybe for their course, but maybe not. Maybe it's the job of someone else to do that So the this principle of least privilege is that Give the least amount of privileges such that they can do their job Don't give them more Don't give them all privileges Just because other faculty member don't give them the entire access to the system That's the idea there So that is related to your question about what's the difference between admin and a faculty member A faculty member usually would have much Much fewer privileges than the admin Admin has everything the faculty member has a subset The faculty member doesn't need privileges to do things in accounting the accounting department Any other questions before we look at a Linux example Which should be familiar to most of you So just the concepts of what do we mean by access control and three different alternatives That's quite easy Let's look at a simple example of Access control discretionary access control and it's a typical Unix based operating system And we'll use Linux as an example And we'll look at this approach Where we have a set of files on a file system And those files There's some record in the file system that Specifies which users on the system can access and do what with those files What access rights they have And this will be boring for some of you because you took the lab yesterday and you learned it already So you know it, but there's a few people that haven't so let's go through it Let's bring up the Lectures So this is available on the website and I think pretty sure you have it in front of you File permissions So let's use Linux as an example for discretionary access control A few slides and then a demo So most operating systems today are multi-user systems Multiple users can access the computer that that operating system is running on Linux systems are commonly used in this case One example you know of is that there's the ICT server in SIT That's one computer running one operating system. There are multiple users of that computer You are all users because in fact your account on Moodle Is linked to your account on that Linux operating system So it's actually the same account So we need to we're going to use Linux as an example in this case Some reasons why there first to understand how access control works We need to know something about how the file system is organized So we have a hard disk with a bunch of files, but how is that? How does the operating system keep track of those files? Most of the things the concepts we talk about can be applied to other operating systems The file system organization in Linux first, there's some hierarchy of files And you can explore this because you all have your own virtual node that you use from the first homework And you'll give it a chance in your second homework to explore the file system and set up some access control system This is an example of the Linux file system where we have a root directory this denoted as a forward slash and Then we may have sub directories Which have sub directories and so on and we have files in those directories So we have two types of objects directories and files and this applies to many operating systems They differ slightly on the the hierarchy here and the names of the directories and this one's not complete But it's just an example that often will have under the root directory a home directory and The users of that computer system will have their directories under that home directory So s Gordon one user has a directory in that home directory and other users as well. It's not mandatory, but it's common Bin usually refer is short for binaries programs applications. So most Applications of your operating system are stored in these bin directories binary directories. There's slash bin but there are others User slash bin another set of binaries and there's some definitions of what The expected applications will be stored in here and what ones would be stored in here The required ones for the base of the operating system here some additional applications here Not so important for this But we have files and directories That lists and describes some of those base directories like the home directory Libraries if you come from the windows background the libraries are usually DLLs They used to be the dynamic linked libraries. So they are Object code that's linked from other that multiple applications may link to so libraries that just shared between different binaries or applications Yeah, you can have a look at that not so necessary for today now So we have files and directories our file system keeps track of them So we actually have some software and some Effectively some database that keeps track of all of them and the relationship when you create a new file where is it and You create a new directory. How is it related to other directories and in Unix or Linux base systems? We use the concept of I nodes think of them as some data structure for storing information about the file or directories So it's a data structure that stores the important information about a file or directories. All right Some of that information is listed here The owner of the file or directory So a user on that computer system is specified as the owner of that file the size Some time stamps like when it was created When it was last modified so we may have different time stamps When was it last accessed so we can think usually with files we create a file on this time Then we modify the file. So we usually will keep track of that Someone may read the file not modify but just access the file So we often keep track of that as well. So different time stamps are stored The mode think of the access rights We'll come to that in a moment, but one part of the mode of the file is the access rights for that file And that's what we want to get to So this is the data structure For each file or directory and then pointers to the data blocks Which contain the actual file so you say a one megabyte file may be split across multiple data blocks The I node has a set of pointers to each of those data blocks That's the basic way that the file system file system keeps track of the the files and directories and The operating system maintains a list of I nodes in our I node table So the OS has this list of I nodes each I node is For each file or directory Directories are a special case of a file really So directories really treat it as a file. It has its own I node There are file that lists the entry for each file in that directory So if we have a directory home No, not home a directory ABC and there are three files in it Then the file will see really points to the directory is a file that points to those files inside that directory so Directory has an I node and it points To the other I nodes or entries for other files in that directory and The way that it points to them is that keep track of the I node number of the file The length of the file name and the name of the file Can we draw that? Thought I had a picture Let's try and draw it Just briefly or summary of that concept of a directory We have Some directory That's the directory the directories ABC. It's a sub directory of the Steve directory Which is sub directory of the home directory. So there's our directory. We can think that there's an I node for this directory for the directory ABC and It contains the mode the permissions on that directory What else do we have the owner the size the timestamps those values listed same as a file maybe other information and then think of this directory as Just I'll come back to that a file has pointers to data blocks a directory is just a file Which lists the entries inside that directory so our our I node for the directory ABC has pointers to Data blocks and those data blocks list entries of the files inside our directory. So let's create some let's say we have Inside here. We have File one dot txt Just to and file to Dot txt two files inside this directory then The pointers would link to entries about those files So for file one and another pointer to file two dot txt not to the actual file But the information about those files in particular For each of those There'll be an I node number. I know number The length of the file name and this is on the previous slide and the name of the file the file name that is the directory ABC think of it as a file inside that file as For this file file one dot txt is an I node number The length of this file name which is six characters not the length of the file the length of the file name and The actual file name itself f1 dot txt. So that's stored in there and then same for the next file So that's what a directory is again, maybe I'm going a bit too much out of scope here But directories are treated like files But really think of them as files that point to other files The important point is that a directory has the same We'll have the same set of permissions that we can do on a file the same mode owner size and timestamps The size of the directory is the size of this directory file So the directory thing is a file that stores information about what's inside this directory So it's the size of this information It's not the size of the files in that directory That just pointers If you don't follow that then you'll survive. That's okay. It's not so relevant for what we're going to discuss But remember files and directories will see they both have what's we call a mode The mode will see is the permissions on that file or directory. They also have our owner information So more details about those contents Each I node a mode 16 bits. So there are 16 bits 12 bits are related to permissions And we'll look at those in detail four bits about the file type Is this file a normal file a regular file? Is this file really a directory? From an I know perspective. They're all files, but there are different types a normal file a Directory and there are some special cases as well some special types of files So there's others The I node contains the owner information which includes the user that owns the file Some ID of the user The group that owns the file So in fact, we have two sets of ownership a user owner and a group owner The size of the file invites and some timestamps and we access time creation time and or change time and Change I thought creation. I'll check that one and Modification time M time There are other fields. These are the common ones the main ones We want to get to the permissions and see for a file what permissions can a user have and That's about our access control permissions and users We can talk about for any file and when I say file it includes a directory now Because from the file system perspective a directory is a special type of file So any file we can have read write and execute permissions that are our access rights and We can talk about a categories or categories of users and in it we have the user that owns the file the users in the file group so For each file we have a owner and a group And then all other users those that are not the owner and not in the file group. They're the other users and Sometimes we refer to all users on the computer system All users and we'll use these letters to abbreviate these concepts With respect to a real file a regular file those access rights read write and execute read Means you can see the contents of the file Right means you can change the contents of the file Execute means you can execute that file Which is really relevant if it's a a binary application or a script So we can execute some files With respect to directories Those permissions read means you can see the contents of the directory You can list the contents of the directory Write you can create or remove files from that directory. You can add a new file inside the directory Or we can delete a file from inside that directory and Execute of a directory means you can access files in the directory So you will see that directories and files are related so that in some directory you need the X Permission on that directory to be able to access files inside it access includes read and write files inside it So there it becomes quite complex when you start can consider permissions of files and directories We'll come back to the special bits in a moment and an example So in the I know there are 12 bits which are protection bits the first nine bits indicate Those three permissions read write or execute for each of those three sets of users the user the group and others and Of the 12 bits there are another three bits which specify some special permissions, which will return to if necessary later and on a on a Linux system we often see this information summarized in the output of LS and other programs Let's create a file Have a directory here inside this directory We have one file and three sub directories in this example How do I know it's a file and three sub directories the first character here indicates the file type And remember the two a directory is a file type So directory d No d here indicates that it's a file and then these next nine characters are about our permissions for those Entities those objects in our access control system and they come in groups of three three three three we'll go back to the slide to explain them so Looking here in the example we say the first character indicates the file type If it's a dash it's a normal file if it's a d it's a directory Then next then then we have a group a set of three characters The first three identify the permissions for the user owner of the file The next three for the group associated with the file and the last three were all other users on the computer So we've got three sets of users the owner The group owner and others the rest of the world And the way that we interpret this output of LS is that if there's an R here in the first character It means that entity can read the file If there's a w Then they can write to the file if the third character and it's not on this example If it's an x then they'll be able to execute the file If there's no character there there's a dash it means they don't have that particular permission And it's always rwx rwx rwx So if the letter is not shown, you know, they don't have that particular permission or access right so in this example The user can read the file The user can write the file The user cannot execute the file because there's no x here The group associated with this file that is any user in the group associated with this file can read the file They cannot write or execute the file Any other user on the computer system Cannot either read write or execute that file So that's how we capture those permissions with typical applications like LS It's actually stored in a set of bits by the operating system in the inode Those permissions as bits either on or off read and write on so nine bits correspond to these nine values here There are three other bits that indicate special permissions, but they're not shown in the output of LS They are there, but just not shown by this program Any crop questions? Again, a lot of you know this though, but there's a few who haven't seen this before so Any questions? So you should be able to answer questions about in the exam about given some setup of this File system what can different users do? and so Again, this is just one way to implement the the access control matrix The matrix is a set of users a set of objects And the permissions those users have on those objects And it's just stored in a in a different way here Going back. What do we miss? So permissions read write execute Apply to either files or directories Three sets of users the owner the group and others And one that captures all of them all users There are some special permissions And here it gets a bit more complex With respect to files When you execute a file When you run a program for example run an application you execute a file The owner of the process that's executing that file can be set so if I'm user steve And I execute a file which is owned by user john Then normally the process is owned by user john Even though I started it But we can modify that and there's some a bit to indicate that the process that we run when we execute a file Is set to that of the the particular file. It's called the set user id bit So this is related to executing files I see blank faces and complex things. So I think we'll not go through this today. We'll We're not explain it much more today. We'll focus on the easier parts We will not see it in many cases If you want to explore how These extra special permissions, I can maybe explain to you In another setting Let's skip over them It goes straight to a demo So I'm logged in as the user steve on my node my virtual node here. I have some files Let's log in as another user switch to a different user who's already has an account on this computer system So I'll pretend to be this other user I know his password. He's got a very weak password So I'm logged in as this other user and Let's clear this and go back Where am I? I'm in his home directory What's in here and there's nothing in here, okay? There's no files in his home directory. There's nothing created yet. So his home directory and there's nothing in here But there are other users on this system and what can this user do with respect with respect to accessing the files of other users Let's try Let's go into the home directory And see that there are other users on this system and let's try and access some of them So let's access something in steve's directory What's there? Well In steve's directory. There's three sub directories as we saw before in a file What can our user do? On The first directory What can tanawit do on the directory lectures here? You may have to guess something but uh He may read write and execute Why? He is in the group of faculty. Do you think so? Are you in the group? Are you a faculty member? Well, let's check. Okay. So first point our user Let's look at the permissions First we know it's a directory because it d here the first three permissions rwx mean for the owner of this file And the owner of this file the user owner is specified here the owner of this file And again, I say file for the general meaning it includes a directory is steve steve has read write and execute permissions The group owner of this file is faculty Anyone in the faculty group has read write execute permissions other users Have no permissions. That's the last three characters here. So other users have no permissions. So Tanawit is not the the user owner Is he in the faculty group? Well, I hope not But we can check there's a file that keeps track of those things An easy way to check though The groups That he is in his own group and the student's group. He's not in the faculty's group So groups just list the set of groups that this user is currently in He's in his own group and he's in a group called students He's not in the faculty group Therefore with respect to this directory. He's considered an other user He has no permissions Let's check We try to change into that directory. We cannot permission denied. We try to ls. So change into the directory To access the directory ls to list the contents cannot Make a file in that directory. So write to the directory Cannot so cd is trying to access the directory ls is listing the contents of the directory Touch is just a way to create a file Touch my new file inside this directory is trying to write to the directory So this is testing. Can I Write to the directory Ls is testing. Can I read the directory cd is testing. Can I access the directory and that are the three permissions? And I've got them in the wrong order, but cd is x on a directory. The ability to execute is to access There's no x permission on this directory. He cannot access There's no r permission. He cannot read Or ls there's no w condition permissions. So he cannot create a new file in that directory As we'd expect. He can't do anything in that directory. What about Shared files What can he do? So again We check the owner is steve the group owner is steve. We know our user is not in that group So we he's an other user from that perspective and the permissions for other users read And execute so Of the three operations Cd ls and create a file using touch. Which ones can he do? cd and ls Let's try ls what are we shared files All right, there's nothing in there. It worked not a good example, but it didn't return permission denied So he can do that. It's just there's nothing in there to see Ls works cd Yep, okay, we can change into it ls. There's nothing there go back Actually cd into that directory and let's create a new file I spelled it wrong permission denied. I cannot write to this directory I don't have the right permissions on this directory. Sorry Maybe There we go So permission denied when I try to create a new file using touch. I cannot write to the directory Uh another example Let's log out And I'll log in as a different user and I've guessed his password too But it's hard. I forgot it Note here's a password protection mechanism S user switches user and it prompts for the password for that user So I press enter I type in the password And I press enter now It takes several seconds to respond Now I'll Try with the correct password And I press enter now immediately responds My computer's not that slow that it takes a long time to respond There's a deliberate delay put in there when you enter a wrong password And that's common with many systems if you enter the wrong password the system checks almost immediately the matter of milliseconds and then It adds a delay so you cannot do a brute force attack and quickly repeat trying many passwords So there's a delay in the response if there's a failure for the password So this is a way to slow down the attempts to try different passwords So that's from our previous topic What can Tanarak do he is a member of the faculty group so What can he do in the lectures directory? In the lectures directory, which is owned by the faculty group Which our user is a member of We have read write and execute permissions So the Tanarak can change into the lectures directory Can ls I'll just clear so it's up the top Can ls inside this directory It's not his directory, but he's a member of the group that has permissions on the directory He can open the file and a text editor And change it add some words and save And the file has changed so we can modify files inside that directory Can he delete this file if you can modify the contents you can effectively delete it One way to delete a file is to open it in an editor and delete all the contents and save it Okay, so yes, you can delete the file And you can create new files Okay, so he has permissions to What did I do here? What did I sorry I made a mistake Shouldn't have been touched should have been echo The commands I'm using here are not so important echo and touch just the concept. Can we edit? read And execute files and directories. That's the importance here Okay, so some examples of the file system your next homework will have you using your virtual node create some accounts I'll give you some instructions for how to create accounts and use some of these commands just to explore And set up the permissions to meet some particular requirements So what we need to start with is a is a policy for the organization For this computer system these users should be allowed to do these things And then you as the it person must implement that policy using the file access control system questions Can a file have a can have multiple group owners? In in the basic way know the the the inode stores the one user owner and one group owner So I know there's one group and one user associated with each file I think there may be extensions of of the different file systems that allow Different features. So this is one particular file system, which is very common If we go back to our inode Which is the data structure that stores information about each file and directory There's one entry 16 bits that store an identity of the user And 16 bits that store the group ID. So that's that's the restriction in this case We'd need a different file system to support multiple groups And that's where role-based access control systems become more Useful to represent multiple different groups Not for a file, but for other resources One last demo There's a program called stat which shows you it Sorry my file Stat shows you some information more detailed about the inode And I'll just zoom out so we'll see it on one line Show again It shows the details about this particular file. Here's the file the size The blocks because actually a hard disk is made up of blocks So we may depending upon the block size may use a bit more space than the number of bytes It's a regular file. I'm not going through all of this detail. This is the inode number The file system keeps track of these numbers in a in a data structure So this is the the core representation of this file is stored in this inode number 61377 We may have links between files So we may have a real file on the disk and another file which is represented in an inode But links to the real file So we don't have to store two copies of the file. We store one copy of the file and another one links to it Similar to links you see in most operating systems Like yes like a shortcut. That's the word awesome for like shortcuts in in windows Yep, it can be a little bit more complex. But yeah, that's the concept links Here are the access permissions represented in the nice format of these 9 plus 1 character the 1 to indicate it's a File then the next 9 to indicate the permissions The user ID the name actually most users or all users are represented by a 16 bit number This is just the the textual representation the group ID and then those Times so the timestamps So that's the the core information of the inode you can see You know a little bit more detail than what you see when you use ls And to finish this lecture for today What do we miss special permissions? We're not going to talk about but you can explore them if you like and see what they mean Have a read through Some common linux commands ls and stat DF reports total file system disk usage To change permissions And that will be your task in your homework You'll have to use another program called change mode. The mode is the permissions You can change who can read and write to particular files And there's for the special permissions, there's some more advanced commands like list attributes and change attributes Extending beyond the capabilities that we've seen here enough for today enough for this topic