\
`
`\
`
`THE
`
`\
`
`UNIX
`PROGRAMMING
`ENVIRONMENT
`
`Brian WKernighan
`Rob Pike
`
`p-
`
`Ir •
`
`PRENTICE-HALL SOFTWARE SERIES
`
`Google - Exhibit 1024, cover
`
`

`
`. Library
`
`of Congress Catalog Card Number 8 3 -62851
`
`Prentice-Hall Software Series
`W. Kernighan, Advisor
`Brian
`
`Ros Her ion
`Editorial/production supervision:
`Cover design: Photo Plus Art, Celine Brandts
`Manufacturing buyer; Gordon Osbourne
`
`Copyright * 1984 by Bell Telephone Laboratories, Incorporated.
`AH rights reserved. No part of this publication may be reproduced, stored in a retrieval
`" t t«i«ed, in any form or by any means, electronic, mechamca . p o=-
`I recording, or otherwise, without the prior written permtssron of the pubhsher.
`Printed in the United States of America. Published simultaneously m Canada.
`and Courier by the authors, using a Mer-
`This book was typeset in Times Roman
`V AX-11/750 running the 8th Edition
`genthaler Ltootron 202 phototypesetter driven by a
`of the UNIX operating system.
`trademark of Bell Laboratories.
`UNIX is a
`Digital Equipment Corporation.
`10 9876543
`
`DEC, PDP and VAX sure trademarks of
`
`ISBN
`ISBN 0-lB-'13?fci61"X IPBKJ
`
`ScI:Zll SSS'ii™ .
`EDITORA PRENTICE-HALL DO BRASIL, LTDA., Rio de Janeiro
`
`London
`
`PRENTICE-HALL OF SOUTHEAST ASIA PTE. LTD.. Singapore
`WHITEHALL BOOKS LIMITED, Wellington, New Zealand
`
`PIP
`
`' 'V
`
`mm
`•* :•
`' Google - Exhibit 1024, page i
`
`'
`
`I I
`
`

`
`f
`>
`
`5 V
`
`. in %i
`
`I a
`
`52 THE UNIX PROGRAMMING ENVIRONMENT
`
`CHAPTER 2
`
`_
`Exercise 2-3. (Harder) How does the pwd command operate? □
`Fxercise 2-4 du was written to monitor disc usage. Using it to find files in a directory
`is at best . s.rangi idiom; ud perhaps inappropriate. A. .»
`2
`the manual page A. »*.M-
`£ “X
`W
`^^, .*« -on.«»«. >«,«,*«.<.»««»«? °
`
`2.4 Permissions
`Pverv file has a set of permissions associated with it, which determine who
`do what with the file, if you’re so organized that you keep your love
`can
`perhaps hierarchically arranged in a directory, you prob-
`letters on the system
`to be able to read them. You could therefore
`*
`ably don’t want other people
`frustrate gossip (or only on some of
`JT.S* *-
`-he permissions
`on the
`
`the XX who ea» read or modify tm, file on the system. The spec, 1
`X rame root carries super-user privileges, it is used by system admtn.str.-
`tXwhen they do system maintehauce. There is also a commasI cal«-
`that grants super-user status if you know the root password. Thus anyone
`who knows the super-user password can read your love letters, so don t keep
`sensitive material in the file system.
`,
`. ri tha. even *ue
`If vou need more privacy, you can change the data in a file so that even
`super-user cannot read (or at least understand) it, using the crypt command
`(crvpt(l)) Of course, even crypt isn’t perfectly secure. A super-user can
`ihalge the crypt command itself, and there are cryptographic attacks on the
`crypt algorithm. The former requires malfeasance and the latter takes hard
`Wt1cThS:r,XXy bX^'XdXm pa-otd, that me give.
`away or easif guessed. Occasionally, system administrative lapses make i
`possible for a malicious user to gain super-user permission. Security issues are
`discussed further in some of the papers cited in the bibliography at the end of
`this chapter.
`and then verify that you are that person
`a name
`When you log in, you type
`is your login identification, or login-id. But
`name
`by typing a password. The
`number, called your user-id, or uid. In
`the system actually recognizes you by
`uid, making them indistinguishable
`same
`fact different login-id’s may have the
`secu-
`and perhaps undesirable for
`rare
`tXeasX'BtSSpuTeXgnbd a group identification, or Sr«p-
`f Xh pla “'you id • diass of use,,. On many systems all ord.n.r, users
`(as opposed to those with login-id’s like root) are placed m a single group
`railed other, bu, your system may be different. T)“7 u^cX'd"" by she
`fore the UNIX system in general, determines what y
`
`Google - Exhibit 1024, page 52
`
`

`
`CHAPTER 2
`
`CHAPTER 2
`
`THE FILE SYSTEM 53
`
`i? O
`it to find files in a directory
`ate. As an alternative, look
`imands. In particular, com-
`:>nding invocation of find,
`ride effect of an old one? o
`
`i it, which determine who
`that you keep your love
`. in a directory, you prob-
`sm. You could therefore
`>ssip (or only on some ol
`ge the permissions on the
`that way.
`every UNIX system, called
`i the system. The special
`ised by system administra-
`tlso a command called su
`; password. Thus anyone
`love letters, so don’t keep
`
`ta in a file so that even the
`ising the crypt command
`secure. A super-user can
`yptographic attacks on the
`j and the latter takes hard
`
`passwords that are given
`ninistrative lapses make it
`fission. Security issues arc
`bibliography at the end of
`
`ify that you are that person
`itification, or login-id. Bui
`led your user-id, or uid. In
`king them indistinguishable
`irhaps undesirable for secu-
`up identification, or group-
`systems, all ordinary use, ■
`■e placed in a single group
`The file system, and there-
`vhat you can do by the Jj
`
`permissions granted to your uid and group-id.
`The file /etc/passwd is the password file; it contains all the login infor­
`mation about each user, You can discover your uid and group-id, as does the
`system, by looking up your name in /etc/passwd:
`$ grep you /etc/passwd
`you: gkrabCTrJ0 4COM :604:1;Y,O .A.People:/usr/you:
`$
`The fields in the password file are separated by colons and are laid out like this
`(as seen in passwd(5)):
`login-id: encrypted-password: uid: group-id: miscellany: login-directory; shell
`The file is ordinary text, but the field definitions and separator : :
`.......
`are a conven-
`tion agreed upon by the programs that use the information in the file.
`The shell field is often empty, implying that you use the default shell,
`/bin/ah. The miscellany field may contain anything; often, it has your
`name
`and address or phone number.
`Note that your password appears here in the second field, but only in ah
`„ encrypted form. Anybody can read the password file (you just did), so if your
`password itself were there, anyone would be able to use it to masquerade as
`>ou. When you give your password to login, it encrypts it and compares the
`? result against the encrypted password in /etc/passwd. If they agree, it lets
`;.ou log in. The mechanism works because the encryption algorithm has the
`pioperty that it’s easy to go from the clear form to the encrypted form, but
`.ery hard to go backwards. For example, if your password is ka-boom, it
`-light be encrypted as gkmbCTrJ04COM, but given the latter, there’s
`no easy
`>*uv to get back to the original.
`The kernel decided that you should be allowed to read /etc/passwd by
`...viking at the permissions associated with the file. There are three kinds of
`f. permissions for each file: read (i.e., examine its contents), write (i.e,, change
`contents), and gxijcute (i.e,, run it as a program). Furthermore, different
`permissions can apj# to different people. As file owner, you have one set of
`.-ad, write and execute permissions. Your “group” has a separate set. Every-
`e else has a third set,
`The option of Is prints the permissions information, among other
`things:
`
`$ Is -1 /etc/passwd
`-rw~r-— r— 1 root
`4 Is -lg /etc/passwd
`-rw-r~~r— 1 acta
`
`5115 Aug 30 10:40 /etc/passwd
`5115 Aug 30 10:40 /etc/passwd
`
`. ::cse two lines may be collectively interpreted as: /etc/passwd is owned by
`-ini-id root, group adm, is'5115 bytes long, was last modified on August 30
`-t '0:40 AM, and has one link (one name in the file system; we’ll discuss links
`
`Google - Exhibit 1024, page 53
`
`

`
`I
`
`Tf
`
`>
`*.
`
`j.
`
`;■
`
`?
`■
`■>I
`
`11V A1 1 9?
`
`-I
`%
`
`ai
`
`1i ■* *
`
`I
`I
`
`If I n*
`
`I
`
`i
`
`||
`
`54 THE UNIX PROGRAMMING ENVIRONMENT
`
`/" ”
`
`CHAPTER 2
`
`in the next section). Some versions of Is give both owner and group in one
`invocation, -
`4:v
`'
`The string ~rw~r—-r-~ is how Is represents the permissions on the file.
`The first - indicates that it is an ordinary file. If it were a directory, there
`would bead there. The next three characters encode the file owner’s (based
`means that root (the
`uid) read, write and execute permissions, rw-
`on
`owner) may read or write, but not execute the file. An executable file would
`have an x instead of a dash.
`The next three characters (r—) encode group permissions, m this case that
`people in group adm, presumably the system administrators, can read the file
`but not write or execute it. The next three (also r—) define the permissions
`for everyone else — the rest of the users on the system. On this machine,
`then, only root can change the login information for a user, but anybody may
`read the file to discover the information. A plausible alternative would be for
`group adm to also have write permission on /etc/passwd. . ^
`The file /etc/group encodes group names and group-id’s, and defines
`which users are in which groups, /etc/passwd identifies only your login
`group; the newgrp command changes your group permissions to another
`group.
`Anybody can say
`$ ed /etc/passwd
`and edit the password file, but only root can write back the changes. You
`might therefore wonder how you can change your password, since that involves
`editing the password file. The program to change passwords is called passwd;
`you will probably find it in /bin:
`$ Is -1 /bin/passwd
`-rwsr-xr-x 1 root
`$
`(Note that /etc/passwd is the text file containing the login information,
`while /bin/pasdwd, in a different directory, is a file containing an executable
`program that lets you change the password information.) The permissions here
`state that anyone may execute the command, but only root can change the
`passwd command. But the s instead of an x in the execute field for the file
`owner states that, when the command is run, it is to be given the permissions
`corresponding to the file owner, in this case root. Because /bin/passwd is
`the passwd command to edit the pass-
`“set-uid” to root, any user can run
`word file.
`The set-uid bit is a simple but elegant ideat that solves a number of security
`problems. For example, the author of a game program can make the program
`set-uid to the owner, so that it can update a score file that is otherwise
`t The set-uid bit is patented by Dennis Ritchie.
`
`8454 Jan 4 1983 /bin/pasewd
`
`Google - Exhibit 1024, page 54
`
`

`
`.'CHAPTER 2
`
`THE FILE SYSTEM 55
`
`protected from other users’ access. But the set-uid concept is potentially
`dangerous, /bin/passwd has to be correct; if it were not, it could destroy
`system information under": root’s auspices,
`If it had the permissions
`-rwsrwxrwx, it could be overwritten by any user, who could therefore replace
`the file with a program that does anything. This is particularly serious for a
`set-uid program, because root has access permissions to every file on the sys­
`tem. (Some UNIX systems turn the set-uid bit off whenever a file is modified,
`to reduce the danger of a security hole.)
`The set-uid bit is powerful, but used primarily for a few system programs
`such as passwd. Let’s look at a more ordinary file.
`$ Is -1 /bin/who
`-rwxrwxr-x 1 root
`$ .
`who is executable by everybody, and writable by root and the owner’s group.
`What “executable” means is this: when you type
`$ who
`to the shell, it looks in a set of directories, one of which is /bin, for a file
`named “who.” If it finds such a file, and if the file has execute permission,
`the shell calls the kernel to run it. The kernel checks the permissions, and, if
`they are valid, runs the program. Note that a program is just a file with exe­
`cute permission. In the next chapter we will show you programs that are just
`text files, but that can be executed as commands because they have execute
`permission set.
`Directory permissions operate a little differently, but the basic idea is the
`same.
`
`6348 Mar 29 1983 /bin/who
`
`80 Sep 27 06:11 .
`
`$ Is -Id ,
`drwatrwxr-x 3 you
`$
`The -d option of Xs/asks it to tell you about the directory itself, rather than its
`contents, and the leading d in the output signifies that ’ is indeed a directory.
`An r field means that you can read the directory, so you can find out what
`files are in it with Is (or od, for that matter), A w means that you can create
`and delete files in this directory, because that requires modifying and therefore
`writing the directory file.
`Actually, you cannot simply write in a directory — even root is forbidden
`to do so.
`$ who >.
`.: cannot create
`$
`Instead there are system calls that create and remove files, and only through
`them is it possible to change the contents of a directory. The permissions idea,
`
`Try to overwrite ‘,
`You can't
`
`■
`I'
`
`I
`
`m iI 1
`
`■
`
`nII
`
`In
`
`CHAPTER 2
`
`3waer and group in one
`
`permissions on the file.
`We a directory, there
`t tfec file owner’s (based
`aeans that root (the
`kst executable file would
`
`sessions, in this case that
`Mtors, can read the file
`define the permissions
`Stem. On this machine,
`it user, but anybody may
`alternative would be for
`t»srd.
`group-id’s, and defines
`ientifies only your login
`permissions to another
`
`back the changes. You
`f«*rd, since that involves
`swords is called passwd;
`
`■83 /bin/passwd
`
`I the login information,
`containing an executable
`a.) The permissions here
`ly root can change the
`execute field for the file
`be given the permissions
`ecause /bin/passwd is
`mmand to edit the pass-
`
`ves a number of security
`n can make the program
`e file that is otherwise
`
`Google - Exhibit 1024, page 55
`
`

`
`:■
`
`56 THE UNIX PROGRAMMING ENVIRONMENT
`
`::
`
`CHAPTER 2
`
`1
`|
`;
`:
`
`;
`
`;
`
`however, still applies: the w fields tell who can use the system routines to
`modify the directory.
`Permission to remove a file is independent of the file itself. If you have
`write permission in a directory, you may remove files there, even files that are
`protected against writing. The rm command asks for confirmation before
`removing a protected file, however, to check that you really want to do so —
`one of the rare occasions that a UNIX program double-checks your intentions.
`(The -f flag to rm forces it to remove files without question.)
`The x field in the permissions on a directory does not mean execution; it
`means “search.” Execute permission on a directory determines whether the
`directory may be searched for a file. It is therefore possible to create a direc-
`tory with mode --x for other users, implying that users may access any .file
`that they know about in that directory, but may not run Is on it or read it to
`fee what files are there. Similarly, with directory permissions r—, users can
`see (Is) but not use the contents of a directory. Some installations use this '
`device to turn off /usr/games during busy hours.
`The chxaod (change mode) command changes permissions on files,
`$ chmod permissions filenames ...
`The syntax of the permissions is clumsy, however. They can be specified in
`two ways, either as octal numbers or by symbolic description. • The octal :
`numbers are easier to use, although the symbolic descriptions are sometimes
`convenient because they can specify relative changes in the permissions. It
`would be nice if you could say
`9 chmod rw-rw-rw- junk
`rather than
`$ chmod 666 junk
`but you: cannot. The octal modes are specified by adding together a 4 for
`read, 2 for write and 1 for execute permission. The three digits specify, as in
`Is, permissions for the owner, group and everyone else. The symbolic codes
`difficult to explain; you must look in chmod(l) for a proper description.
`are
`For our purposes, it is sufficient to note that + turns a permission on and that
`- turns it off. For example
`$ chmod *x command
`allows everyone to execute command, and
`$ chmod -v file
`turns off write permission for everyone, including the file’s owner. Except for
`the usual disclaimer about super-users, only the owner of a file may change the
`permissions on a file, regardless of the permissions themselves. Even if some­
`body else allows you to write a file, the system will not allow you to change its
`
`Doesn't work this way.1
`
`Google - Exhibit 1024, page 56
`
`

`
`1i ■
`I
`
`ill
`I
`1
`
`I!
`
`ii 2
`
`:o
`
`vc
`ire
`■e
`
`k: it
`:-.e
`le­
`•; -7e
`hto
`sn
`s t-.is
`is
`It
`
`in
`■ xtal
`.es
`It
`
`tor
`. in
`cs
`■n.
`■ that
`m
`
`for
`ip the
`le-
`£jr its
`
`CHAPTER 2
`
`THE FILE SYSTEM 57
`
`permission bits.
`$ Is -Id /usr/mary
`drwxrwxrwx 5 mary ■
`704 Sep 25 10:18 /usr/mary
`$ chmod 444 /usr/mary
`chmod: can't change /usr/mary
`$
`If a directory is writable, however, people can remove files in it regardless of
`the permissions on the files themselves. If you want to make sure that you or
`your friends never delete files from a directory, remove write permission from
`it;
`
`Moke directory unwritable
`
`80 Sep 27 11:48 .
`
`Can’t remove file
`Restore permission
`80 Sep 27 11:48 .
`
`ts cd
`$ date >temp
`$ chmod ~w ,
`$ls -Id .
`dr-xr-xr-x 3 you
`$ rm temp
`rat: temp not removed
`$ chmod 77S ,
`$ Is -Id ,
`drwxrwxr-x 3 you
`$ rm temp
`$
`Now you can
`temp is now gone. Notice that changing the permissions on the directory
`didn’t change its modification date. The modification date reflects changes to
`the file’s contents, not its modes. The permissions and dates are not stored in
`the file itself, but in a system structure called an index node, or i-node, the
`subject of the next section.
`Exercise 2-5. Experiment with chmod. Try different simple modes, like 0 and 1, Be
`careful not to damage your login directory! □
`
`2.5 Inodes ”!• ;■
`A file has several components; a name, contents, and administrative infor­
`mation such as permissions and modification times. The administrative infor­
`mation is stored in the inode (over the years, the hyphen fell out of “i-node”),
`along with essential system data such as how long it is, where on the disc the
`contents of the file are stored, and so on.
`There are three times in the inode: the time that the contents of the file
`were last modified (written); the time that the file was last used (read or exe­
`cuted); and the time that the inode itself was last changed, for example to set
`the permissions.
`
`Google - Exhibit 1024, page 57