Download presentation
Presentation is loading. Please wait.
1
240-491 Adv. UNIX: info/191 Advanced UNIX v Objectives –examine a few system data files (and their C interfaces) which record user and system information 240-491 Special Topics in Comp. Eng. 2 Semester 2, 2000-2001 19. User and System Information
2
240-491 Adv. UNIX: info/192 Overview 1. /etc/passwd 2. /etc/group 3. Other Data Files 4. /etc/hosts 5. /etc/protocols continued
3
240-491 Adv. UNIX: info/193 6. /etc/services 7. Login Accounting 8. The System Log: syslog 9. Process Information 10. System Information
4
240-491 Adv. UNIX: info/194 1. /etc/passwd v The password file: root:jheVopR58x9Fx:0:1:The superuser:/:/bin/sh nobody:*:65534:65534::/: stevens:3hKVD8R58r9Fx:224:100: Richard Stevens:/home/stevens:/bin/ksh : : More details on the passwd file format: –$ man 5 passwd
5
240-491 Adv. UNIX: info/195 Notes root has the user ID 0 The password is encrypted using crypt() –one-way: there is no known way to decrypt (decode) a password nobody cannot login, but programs can run as nobody –can only access world readable or writable files
6
240-491 Adv. UNIX: info/196 Finger finger accesses the GECOS field: stevens:3hKVD8R58r9Fx:224:100: Richard &, B232, 555-1111, 555-2222: /home/stevens:/bin/ksh –different fields are separated by commas: u user name, office, work and home phone numbers –& is replaced by the capitalised user name
7
240-491 Adv. UNIX: info/197 struct passwd v v struct passwd{ char *pw_name;/* user name */ char *pw_passwd;/* encrypted passwd */ uid_t pw_uid;/* user ID */ uid_t pw_gid;/* group ID */ char *pw_gecos;/* comment field */ char *pw_dir;/* initial working dir */ char *pw_shell;/* initial shell */ } Located in pwd.h
8
240-491 Adv. UNIX: info/198 Get a User’s Details v #include #include struct passwd *getpwuid(uid_t uid); struct passwd *getpwnam(char *name); Return a pointer to the password structure for the specified user, or NULL on error. v For long term use, the struct should be copied, since it will be over-written on the next call.
9
240-491 Adv. UNIX: info/199 Search the passwd file v #include #include struct passwd *getpwent(void); void setpwent(void); // open void endpwent(void); // close getpwent() returns a pointer if ok, NULL on error or end of file.
10
240-491 Adv. UNIX: info/1910 Search for Stupid Passwords #include #include #include #include /* for crypt() */ int main() { struct passwd *pw; char *cry; setpwent(); while ((pw = getpwent()) != NULL) { printf(“Trying %s\n”, pw->pw_name); : continued
11
240-491 Adv. UNIX: info/1911 if (pw->pw_passwd[0] == ‘\0’) printf(“**%s has no password\n”, pw->pw_name); else { cry = (pw->pw_name, pw->pw_passwd); if (strcmp(cry, pw->passwd) == 0) printf(“##%s used as own passwd\n”, pw->pw_name); } } ; return 0; } if (pw->pw_passwd[0] == ‘\0’) printf(“**%s has no password\n”, pw->pw_name); else { cry = crypt(pw->pw_name, pw->pw_passwd); if (strcmp(cry, pw->passwd) == 0) printf(“##%s used as own passwd\n”, pw->pw_name); } } endpwent(); return 0; }
12
240-491 Adv. UNIX: info/1912 crypt() #include char *crypt(char *text, char *salt); Returns a pointer to the encrypted version of the text or NULL on error. salt is a string. crypt() takes the first two chars and treats them as a 12-bit number between 0 and 4095 to slightly modify things.
13
240-491 Adv. UNIX: info/1913 v The salt is stored at the start of the encrypted password: e.g. “mi” in “miqkFWCm1fNJI” When the encrypted password is first created, /bin/passwd uses the time of day as salt. v Salt means that the same (original) password will be encrypted in different ways on different machines.
14
240-491 Adv. UNIX: info/1914 The Shadow Password File /etc/shadow stores encrypted password strings –only readable by root –/etc/passwd contains only ‘ x ’s in its password fields This prevents password cracking by copying /etc/passwd and then using ‘guess and test’ –some crypt() ’s can generate 50,000 encrypted strings/second –many passwords are very simple!
15
240-491 Adv. UNIX: info/1915 2. /etc/group v Lists every group on the system, an optional password, its group ID, and the users who are members: wheel:*:0:root, rachel uucp:*:10:uucp vision:AweHG67Ket4Ds:101:keith, arlin users:*:100: $ man 5 group
16
240-491 Adv. UNIX: info/1916 Joining Groups /etc/group lists group users in addition to the ones who are members because of their /etc/passwd group ID. –e.g. stevens is in users because he has group ID 100 A user can change group with newgrp –usually must be a member of that group –some groups have passwords (e.g. vision )
17
240-491 Adv. UNIX: info/1917 Accessing /etc/group Use struct group and its operations in : v struct group { char *gr_name; /* group name */ char *gr_passwd; /* encrypted passwd */ int gr_gid; /* group id */ char **gr_mem; /* array of names */ } gr_mem is terminated by NULL.
18
240-491 Adv. UNIX: info/1918 Fetch Group Details v #include #include struct group *getgrgid(gid_t gid); struct group *getgrnam(char *name); Return a pointer to a group structure, NULL on error. v For long term use, the structure should be copied since it is over-written on the next call.
19
240-491 Adv. UNIX: info/1919 Search the group file #include #include struct group *getgrent(void); void setgrent(void); // open void endgrent(void); // close getgrent() returns a pointer if ok, NULL on error.
20
240-491 Adv. UNIX: info/1920 Supplementary Group IDs v In earlier UNIXs, each user belonged to one group at a time. –change was possible with newgrp v Some UNIXs now have supplementary group IDs: –a user can belong to up to 16 additional groups –no longer need to use newgrp (so much)
21
240-491 Adv. UNIX: info/1921 Supplementary Group Functions v #include int getgroups(int gidsetsize, gid_t grouplist[]); int setgroups(int ngroups, gid_t grouplist[]); int initgroups(char *username, gid_t basegid);
22
240-491 Adv. UNIX: info/1922 getgroups() returns the number of supplementary group IDs if ok, -1 on error. Both setgroups() and initgroups() return 0 if ok, -1 on error. initgroups() is called at login, and makes use of setgroups( ) to initialise a user’s supplementary group IDs by examining /etc/group.
23
240-491 Adv. UNIX: info/1923 3. Other Data Files Most UNIX data files have similar interfaces to those used to access/change /etc/passwd and /etc/group. v At least three ‘search’ functions: –set??() Opens the file and rewinds it. –get??() Reads next record. Returns a pointer to a struct which will be over-written on the next call. –end??() Close the file. $ man 5
24
240-491 Adv. UNIX: info/1924 v “Lookup a record” functions: –uses keys to identify the record of interest –e.g. user name, service ID v The next three sections illustrate these patterns used with the files: –/etc/hosts –/etc/protocols –/etc/services
25
240-491 Adv. UNIX: info/1925 v Keeps track of the network addresses for every host on the local network. v Often incomplete since the system can also ask address servers on other machines. Typical /etc/hosts : 127.0.0.1 localhost 192.100.77.3 ratree.psu.ac.th ratree loghost 192.100.77.5 ns.psu.ac.th ns 203.154.130.11 ratree2.psu.ac.th ratree2 4. /etc/hosts
26
240-491 Adv. UNIX: info/1926 Accessing /etc/hosts Header: Header: C structure: hostent v Keyed lookup functions: –gethostbyname() –gethostbyaddr()
27
240-491 Adv. UNIX: info/1927 5. /etc/protocols v Stores details about network protocols supported by the system. Fragment of /etc/protocols : tcp 6 TCP # transmission control protocol : udp 17 UDP # user datagram protocol :
28
240-491 Adv. UNIX: info/1928 Accessing /etc/protocols Header: netdb.h C structure: protoent v Keyed lookup functions: –getprotobyname() –getprotobynumber()
29
240-491 Adv. UNIX: info/1929 6. /etc/services v Stores details on the network services supported by the system –built on top of network protocols Fragment of /etc/services ftp21/tcp smtp25/tcpmail : irc194/tcp# internet relay chat irc194/udp :
30
240-491 Adv. UNIX: info/1930 Accessing /etc/services Header: netdb.h C structure: servent v Keyed lookup functions: –getservbyname() –getservbyport()
31
240-491 Adv. UNIX: info/1931 7. Login Accounting /var/run/utmp –records which users are currently logged in –used by who, users, finger, ps –may be located in /var/adm/ /var/log/wtmp –records all logins, logouts, shutdowns, reboots –used by last –may be located in /var/adm/
32
240-491 Adv. UNIX: info/1932 File Format v Both files are binary files (unlike all the previous examples). v Each record has the basic form: struct utmp { char ut_line[8]; /* ttty line: ttyp0, etc. */ char ut_name[8]; /* login name */ long ut_time; /* secs since 1st Jan 1970 */ }
33
240-491 Adv. UNIX: info/1933 v At login: –create a utmp struct, add to utmp and wtmp files v At logout: –entry in utmp is wiped (filled with 0s) –new entry added to wtmp, with ut_name filled with ‘\0’ characters v At shutdown, reboot, time change: –special entries added to wtmp
34
240-491 Adv. UNIX: info/1934 Linux utmp & wtmp (non-standard) v v struct utmp { short ut_type; /* login type */ pid_t ut_pid; /* process pid */ char ut_line[UT_LINESIZE]; /* device name */ char ut_id[2]; /* abbrev ttyname */ time_t ut_time; /* login time */ char ut_user[UT_NAMESIZE]; /* uname */ char ut_host[UT_HOSTSIZE]; /* host nm */ long ut_addr; /* host address */ : } $ man 5 utmp
35
240-491 Adv. UNIX: info/1935 String fields may end with ‘\0’ if there is enough space! v Some login types: –UT_UNKNOWN unknown –BOOT_TIME started at system boot –INIT_PROCESS started at system init –LOGIN_PROCESS login process –USER_PROCESS user-created process –DEAD_PROCESS dead (zombie)
36
240-491 Adv. UNIX: info/1936 Accessing utmp/wtmp Entries v v #include void utmpname(char *file); void setutent(void); void endutent(void); struct utmp *getutent(void); struct utmp *getutid(struct utmp *ut); struct utmp *getutline(struct utmp *ut); void pututline(struct utmp *ut);
37
240-491 Adv. UNIX: info/1937 utmpname() can be supplied with the default pathnames stored in _PATH_UTMP and _PATH_WTMP in. getutline() is restricted to entries with login type LOGIN_PROCESS and USER_PROCESS. Updates can only be done by root.
38
240-491 Adv. UNIX: info/1938 Example: sw.c, a simple who #include #include #include #include #include /* for ctime() */ int main() { struct utmp *ut; struct passwd *pw; char name[UT_NAMESIZE+1]; utmpname(“/var/run/utmp”); setutent(); :
39
240-491 Adv. UNIX: info/1939 while ((ut = ()) != NULL) { if (ut->ut_user[0] != ‘\0’) { strncpy(name,ut->ut_user,UT_NAMESIZE); name[UT_NAMESIZE] = ‘\0’; if ((pw = getpwnam(name)) == NULL) printf(“%s has no passwd!\n”,name); else printf(“%s %s %s %s”, name, ut->ut_line, pw->pw_gecos, ctime(&(ut->ut_time)) ); } } (); return 0; } while ((ut = getutent()) != NULL) { if (ut->ut_user[0] != ‘\0’) { strncpy(name,ut->ut_user,UT_NAMESIZE); name[UT_NAMESIZE] = ‘\0’; if ((pw = getpwnam(name)) == NULL) printf(“%s has no passwd!\n”,name); else printf(“%s %s %s %s”, name, ut->ut_line, pw->pw_gecos, ctime(&(ut->ut_time)) ); } } endutent(); return 0; }
40
240-491 Adv. UNIX: info/1940 Usage v $ sw reboot has no password! runlevel has no password! LOGIN has no password! LOGIN has no password! LOGIN has no password! LOGIN has no password! LOGIN has no password! LOGIN has no password! s4210075 pts/0 ????,,, Thu Feb 15 15:56:33 2001 ad pts/5 Dr.Andrew DAVISON,,, Thu Feb 15 16:00:17 2001 s4010041 pts/6 MR. Kemarat CHAIYO,,, Thu Feb 15 15:32:36 2001 s4010237 pts/7 MR. Paween CHOKENUKUL,,, Thu Feb 15 15:58:57 2001 s4010041 pts/8 MR. Kemarat CHAIYO,,, Thu Feb 15 15:34:00 2001 $
41
240-491 Adv. UNIX: info/1941 “Simple who ” returns similar information to who, but also includes details about: –system processes –dead user processes Notes
42
240-491 Adv. UNIX: info/1942 last Displays wtmp in an understandable form. v Lists all logins, logouts, etc. since file creation. $ last rich ttypbmit.usa Tue Aug 19 13:19 still logged in zonkttyp3129.10.1.22 Tue Aug 19 13:12 - 13:14 (00:02) rich ttypalisa.ac.thTue Aug 19 13:11 still logged in zonk ttyp3lennyTue Aug 19 12:06 - 12:21 (00:14) : continued
43
240-491 Adv. UNIX: info/1943 $ last rich rich ttypbmit.usaTue Aug 19 13:19 still logged in rich ttypafoo.lisa.ac.th Tue Aug 19 13:11 still logged in rich ttyp0goo.lisa.ac.th Mon Aug 18 11:01 - 11:45 (00:44) rich ftpmit.usaSat Aug 16 00:03 - 00:04 (00:01) : $ last | grep boot reboot System boot Fri Aug 15 22:15 reboot System boot Fri Aug 15 15:21 reboot System boot Fri Aug 4 17:24 reboot System boot Fri Aug 4 15:41
44
240-491 Adv. UNIX: info/1944 8. The System Log: syslog syslogd user process /dev/log UDP port 514 /dev/klog kernel routines Unix domain datagram socket Internet domain datagram socket TCP/IP network syslog() files, console or e-mail Kernel log() $ man 8 syslogd
45
240-491 Adv. UNIX: info/1945 Logging Messages v Any program can generate log messages. v A log message should include: –the program name, a facility, a priority, and the message text v Example: login: Root LOGIN REFUSED on ttya –sent by an authorization facility ( login ); it is critical
46
240-491 Adv. UNIX: info/1946 Some syslog Facilities NameFacility kern The kernel. user Regular user processes. mail The mail system. lpr The printer system. : auth The authorization system, or programs that ask for user names and passwords (e.g. login, su, getty, ftp ).
47
240-491 Adv. UNIX: info/1947 Some Syslog Priorities (levels) PriorityMeaning emerg Emergency (e.g. crash). alert Fix immediately (e.g. bad db). crit Critical (e.g. hardware error). err Ordinary error. : notice Not an error, but important. : debug Debug messages.
48
240-491 Adv. UNIX: info/1948 Configuring syslog At system start-up, it reads the /etc/syslog.conf configuration file. syslog.conf specifies what messages to log, and where to log them –see $ man 5 syslog.conf
49
240-491 Adv. UNIX: info/1949 General format of a syslog.conf line: facility.priorityaction facility and priority can be one of the labels listed in the ealier slides (or * to mean all) action can be: –log to a file / device / program –send message to a user –send message to all users (*) –send message to another machine
50
240-491 Adv. UNIX: info/1950 Typical syslog.conf file v v kern.debug/dev/console *.err/dev/console auth.notice/usr/adm/messages lpr.*/usr/adm/lpd-errs auth.*root,ad auth.*@catsix.coe.psu.ac.th auth.*/dev/console *.emerg* $ man 5 syslog.conf
51
240-491 Adv. UNIX: info/1951 Some critical auth messages ProgramMessage ProgramMessage halthalted by loginROOT LOGIN REFUSED ON [FROM ] loginREPEATED LOGIN FAILURES ON [FROM ] suBAD SU ON
52
240-491 Adv. UNIX: info/1952 Some notice auth messages ProgramMessage ProgramMessage datedate set by loginROOT LOGIN [FROM ] su on
53
240-491 Adv. UNIX: info/1953 The syslog() Function v v #include void openlog(char *ident, int option, int facility); void syslog(int priority, char *format,...); void closelog(void); $ man 3 syslog
54
240-491 Adv. UNIX: info/1954 Some openlog() Options OptionMeaning LOG_CONS If syslogd is ‘down’, send the message to the console. LOG_PID Log the process ID. LOG_PERROR Print to stderr as well. :
55
240-491 Adv. UNIX: info/1955 Some openlog() Facilities FacilityMeaning LOG_USER User-process message. LOG_MAIL Mail system. LOG_LPR Printer system. LOG_AUTH An authorization program. :
56
240-491 Adv. UNIX: info/1956 Some syslog() Priorities PriorityMeaning LOG_EMERG Emergency LOG_ALERT Alert LOG_CRIT Critical LOG_ERR Error : LOG_NOTICE Notice : LOG_DEBUG Debug
57
240-491 Adv. UNIX: info/1957 Examples v Postscript printer program: openlog(“lprps”, LOG_PID, LOG_LPR); syslog(LOG_ERR, “open error for %s”, filename); Without the openlog() call: syslog(LOG_ERR | LOG_LPR, “open error for %s”, filename); combined priority and facility
58
240-491 Adv. UNIX: info/1958 UNIX logger logger –can specify facility, priority, identifier –intended for logging in non-interactive shell scripts –simple version: logger [-p priority] [message] v e.g. $ logger System Rebooted $ logger -p auth.notice
59
240-491 Adv. UNIX: info/1959 9. Process Information lastcomm –displays information on previously executed commands –examples: $ lastcomm $ lastcomm ad $ lastcomm ftp $ lastcomm ad ftp $ lastcomm --strict-match --user ad --command ftp
60
240-491 Adv. UNIX: info/1960 Example $ lastcomm cronFroot??0.08 secs Mon Sep 19 15:06 datemartinttyp70.02 secs Mon Sep 19 15:06 shsmithttyp30.05 secs Mon Sep 19 15:04 cshngttypf3.45 secs Mon Sep 19 14:53 calculus Dchavez ttyq80.95 secs Mon Sep 19 15:09 moreXng ttypf0.17 secs Mon Sep 19 15:03 ruptimemartin console 0.14 secs Mon Sep 19 15:03 mailSroot ttyp00.95 secs Fri Sep 16 10:46 : Not working on calvin; fine on fivedots
61
240-491 Adv. UNIX: info/1961 On linux, lastcomm examines the binary file /var/account/pacct v The letter flags meaning: S command was run by superuser; F command ran after a fork; D command terminated with a core dump; X command was terminated with a signal (e.g. a control-c).
62
240-491 Adv. UNIX: info/1962 Accessing /var/account/pacct Use : #define ACCT_COMM 16 struct acct { char ac_comm[ACCT_COMM]; /* cmd */ time_t ac_utime; /* user time */ time_t ac_stime;/* sys time */ time_t ac_etime;/* elapsed time */ time_t ac_btime;/* begin time */ uid_t ac_uid;/* user ID */ gid_t ac_gid;/* group ID */ dev_t ac_tty;/* dev. no. */ char ac_flag;/* flags */ : $ man 5 acct
63
240-491 Adv. UNIX: info/1963 ac_flag Bit Values v Bit ConstantMeaning ASU Command was run by superuser. AFORK Command ran after a fork. ACORE Command terminated with a core dump. AXSIG Command was terminated with a signal (e.g. a control-c).
64
240-491 Adv. UNIX: info/1964 Example: slc.c, a Simple lastcomm #include #include #include #include #define ACC “/var/account/pacct” int main() { struct acct ac; FILE *fp; if ((fp = fopen(ACC,”rb”)) == NULL){ printf(“Cannot open %s\n”, ACC); exit(1); } : continued Works on fivedots
65
240-491 Adv. UNIX: info/1965 while ((fread(&ac, sizeof(struct acct), 1, fp) == 1) printf(“%10s %5d %c%c%c%c %s”, ac.ac_comm, ac.ac_uid, ac.ac_flag & ACORE ? ‘D’ : ‘ ‘, ac.ac_flag & AXSIG ? ‘X’ : ‘ ‘, ac.ac_flag & AFORK ? ‘F’ : ‘ ‘, ac.ac_flag & ASU ? ‘S’ : ‘ ‘, ctime(&(ac.ac_btime)) ); fclose(fp); return 0; } while ((fread(&ac, sizeof(struct acct), 1, fp) == 1) printf(“%10s %5d %c%c%c%c %s”, ac.ac_comm, ac.ac_uid, ac.ac_flag & ACORE ? ‘D’ : ‘ ‘, ac.ac_flag & AXSIG ? ‘X’ : ‘ ‘, ac.ac_flag & AFORK ? ‘F’ : ‘ ‘, ac.ac_flag & ASU ? ‘S’ : ‘ ‘, ctime(&(ac.ac_btime)) ); fclose(fp); return 0; }
66
240-491 Adv. UNIX: info/1966 Usage (on fivedots) v $./slc | more accton 0 S Thu Feb 15 06:25:03 2001 acct 0 Thu Feb 15 06:25:03 2001 acct 0 Thu Feb 15 06:25:02 2001 date 0 Thu Feb 15 06:25:03 2001 tr 0 Thu Feb 15 06:25:03 2001 apache 0 F Thu Feb 15 06:25:03 2001 :
67
240-491 Adv. UNIX: info/1967 10. System Information #include int uname(struct utsname *name); v Return info. on the current host and OS; returns non-negative value if ok, -1 on error. UNIX interface: uname $ uname --all
68
240-491 Adv. UNIX: info/1968 struct utsname v v struct utsname { char sysname[SYS_NMLN]; /* OS name */ char nodename[SYS_NMLN]; /* node name */ char release[SYS_NMLN]; /* OS release */ char version[SYS_NMLN]; /* OS version */ char machine[SYS_NMLN]; /* hdwr name */ char domainname[SYS_NMLN]; } $ man 2 uname
Similar presentations
