Rootly Power
1
Ownership
• Every Unix file has both an owner and a group owner
• Only the owner can modify permissions on a file
• The owner can specify which operations the group
owners may perform on a file
• Owners can be found in /etc/passwd
• Group owners can be found either in /etc/group or by
looking at the GID field of users in /etc/passwd
• An entry in the /etc/passwd
Name:Password: UserID:PrincipleGroup:Gecos:
HomeDirectory:Shell
2
UID and GID
• Kernel associates 4 numbers with each process
– real and effective UID
– real and effective GID
– getuid, geteuid, seteuid
• Normally both real and effect numbers are the
same
• SETUID or SETGID programs can modify
them
3
The SuperUser
• On the UNIX system, the superuser is a privileged
account with unrestricted access to all files and
commands!!!
• The user name of this account is root. Many
administrative tasks and their commands require
superuser status.
• There are two ways to become superuser:
– log in directly
– su while logged in as someone else
4
Superuser
• Choose a good root password
• Change the root password every so often
• Try using “sudo” instead of giving out the root
password
5
sudo command
• The sudo facility allows specified users to run
specific commands as root without having to
know the root password.
• sudo uses the configuration file /etc/sudoers
6
sudo command
• Advantages
7
Other pseudo-users
• bin – owners of system commands
• daemon – owner of unprivileged system
software
• nobody – the generic NFS user
8
Controlling Processes
9
Processes and Files
• UNIX is built upon processes and files. A process is
basically an executing program. All the work
performed by a UNIX system is carried out by
processes.
• All the long term information stored on a UNIX
system is stored in files. Every file on a UNIX system
has a number of attributes that serve different
purposes.
• There are a collection of commands that allow users
and SA’s to to manipulate files and processes.
10
Process
• Whenever you run a program, a process is created.
The UNIX command line that you use to enter the
commands is actually another program/command
called the shell.
• To execute a command, that command has to be in
one of the directories in your search path.
11
What information does kernel keep about
each process?
• Process’s address space map
• Current status of the process (sleeping, stopped,
runnable, etc)
• Execution priority of the process
• Resources the process has used
• Process’s signal mask
• Owner of the process
12
Process
• Process information
–
–
–
–
–
PID: process ID number
PPID: parent PID
UID and EUID: real and effective user ID
GID and EGID: real and effective group ID
Status of the process: R – runnable, S – Sleeping, Zombie,
Stopped (use ps aux to get the process status)
– Niceness
– Control terminal
13
Process State (man ps)
• PROCESS STATE CODES: Here are the different values that
the s, stat and state output specifiers
(header "STAT" or "S") will display to describe the state of a
process.
• D Uninterruptible sleep (usually IO)
• R Running or runnable (on run queue)
• S Interruptible sleep (waiting for an event to complete)
• T Stopped, either by a job control signal or because it is
being traced.
• W paging (not valid since the 2.6.xx kernel)
• X dead (should never be seen)
• Z Defunct ("zombie") process, terminated but not reaped by
its parent.
14
Process Management
• A user can communicate with a running process via
signals, a facility which enables a running process to
be notified about the occurrence of
– an error event generated by the executing process
– an asynchronous event generated by a process outside the
executing process
• Signals are sent to the process ultimately by the
kernel. The receiving process has to be programmed
such that it can catch a signal and take a certain action
depending on which signal was sent.
• A running process can be sent a signal by using the
kill command: kill [-signal] pid
15
Manipulating Process
• At any given time, there might be hundreds of
processes running. There are many times when
process information is needed. One of the most
commonly used commands to find process
information is the ps command.
• On a single CPU system, there can only be one
process running at a given time. This is called the
foreground process. It is the process which owns the
terminal for input and output.
16
ps command
17
signal (man 7 signal)
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Signal Value Action Comment
------------------------------------------------------------------------SIGHUP
1
Term Hangup detected on controlling terminal
or death of controlling process
SIGINT
2
Term Interrupt from keyboard
SIGQUIT
3
Core Quit from keyboard
SIGILL
4
Core Illegal Instruction
SIGABRT
6
Core Abort signal from abort(3)
SIGFPE
8
Core Floating point exception
SIGKILL
9
Term Kill signal
SIGSEGV
11
Core Invalid memory reference
SIGPIPE
13
Term Broken pipe: write to pipe with no readers
SIGALRM
14
Term Timer signal from alarm(2)
SIGTERM
15
Term Termination signal
SIGUSR1 30,10,16 Term User-defined signal 1
SIGUSR2 31,12,17 Term User-defined signal 2
SIGCHLD 20,17,18 Ign Child stopped or terminated
SIGCONT 19,18,25
Continue if stopped
SIGSTOP 17,19,23 Stop Stop process
SIGTSTP 18,20,24 Stop Stop typed at tty
SIGTTIN 21,21,26 Stop tty input for background process
SIGTTOU 22,22,27 Stop tty output for background process
The signals SIGKILL and SIGSTOP cannot be caught, blocked, or ignored.
kill command is used to send signals from the command line
18
/proc Filesystem
19
strace and System Calls
• man 2 syscalls
• strace –p pid
20
Other Stuff
• The “nice” value is the value that influences
the process CPU priority
– nice
– renice
• All processes, except those created by the
kernel at boot time, are decedents of the init
(PID 1) process
21