ITSE4206_UNIX System Programming

47 [UNIX System Programming -ITSE4206]

CHAPTER 3

Inter-process communication

Objectives

At the end of this module, the students will be able to:

3.1Explain Inter process communication

3.2Use pipes in IPC

3.3 Work with named pipes

3.4 Use message queues for inter process logging

3.5 Use semephores for inter process

3.6 Write simple unix system programs using c

3.1 Introduction

Inter process communication in short IPC, is a mechanism for processes to communicate and to

synchronize their actions. IPC enables one application to control another application, and for

several applications to share the same data without interfering with one another. IPC is required

in all multiprocessing systems, but it is not generally supported by single-process operating

systems.

The various forms of IPC that are supported on a UNIX system are as follows :

1) Half duplex Pipes.

2) FIFO’s

3) Full duplex Pipes.

4) Named full duplex Pipes.

5) Message queues.

6) Shared memory.

Objectives


7) Semaphores.

8) Sockets.

9) STREAMS.

The first seven forms of IPC are usually restricted to IPC between processes on the same host.

The final two i.e. Sockets and STREAMS are the only two that are generally supported for IPC

between processes on different hosts.

3.2 PIPES

A pipe is a method of connecting the standard output of one process to the standard input of

another. Allow transfer of data between processes in a FIFO manner. Allows one way flow of

data (usually, about 4k bytes). Now, UNIX allows bi-directional flow of data

3.2.1 Shell pipes

UNIX shell pipes join the standard output of one command to the standard input of another

command.

Example:

ls | wc

Output : count the number of lines, words, characters from the list of the files. The left hand side

command give the input to the right hand side for processing.

$ls -l | grep "Aug" The simplest use of grep is to look for a pattern consisting of a single word

Using pipes, display all lines of list1 and list2 containing the letter 'p', and sort the result.

$ cat list1 list2 | grep p | sort

3.2.2. pipe system call

A pipe is created by calling the pipe function.


#include <unistd.h>

int pipe(int filedes[2]);

Returns: 0 if OK, -1 on error.

Two file descriptors are returned through the filedes argument: filedes[0] is open for reading, and

filedes[1] is open for writing. The output of filedes[1] is the input for filedes[0]. Now, both fd[0]

and fd[1] can be used for both reading and writing

Figure 3.1. Two ways to view a half-duplex pipe Figure 3.2. Half-duplex pipe after a

fork

· Use system calls read() and write() to access the pipe.

intn_read = read(intfd, char *buf, int n);

intn_written = write(intfd, char *buf, int n);

· For both, the first argument is a file descriptor. The second argument is a character array in your

program where the data is to go to or to come from. The third argument is the number is the

number of bytes to be transferred.

· Read :

§ if the pipe is empty, the process is blocked ; otherwise, read up to the number of specified

bytes.

· Write :

§ If the pipe is full, the process is blocked until enough spaces are available to write the

entire data. If no reading fd attached, return a signal ” IGPIPE”


§ If the pipe is not full and the size of write is less than 4k, then the write is atomic. If the

size is > 4k, you should separate into several writes.

Program 3.1 : Pipe in the process

#include<stdio.h>

main( )

{

int p[2],res;

char x[10];

res=pipe(p);

if(res = = 0)

{

write(p[1], “Hello”, 6);

read(p[0],x,6);

printf(“%s\n”,x);

}

else

printf(“Pipe is not created\n”);

}

Output:

Hello


Program 3.2 : Pipe between parent and child process (fork)

#include <stdio.h>

main()

{

int fd[2];

charch[11];

pipe(fd); /* creates a pipe */

if (fork() == 0)

{

read(fd[0],ch,11);

printf("Child got %s\n",ch);

read(fd[0],ch,11);

printf("Child got %s\n",ch);

exit(0);

}

else

{

write(fd[1],"Ahmed",11);

sleep(10);

write(fd[1],"Mohammed",11);

wait(0);

close(fd[0]);


close(fd[1]);

}

}

Output:

Child got Ahmed

Child got Mohammed

3.3 FIFOs

One of the major disadvantage of pipes is that the they cannot be accessed using their names by

any other process other than child and the parent as they do not get listed in the directory tree.

FIFOs are sometimes called a named pipe, which stands for First in First out, meaning the data

that is written into the pipe first will be read out first always.

The fifos get listed in the directory tree and any process can access it using its name by providing

the appropriate path.

There are two uses for FIFOs.

· FIFOs are used by shell commands to pass data from one shell pipeline to another

without creating intermediate temporary files.

· FIFOs are used as rendezvous points in client-server applications to pass data between

the clients and the servers.

fifos are created using


· The Command mkfifo at shell prompt

Syntax: mkfifoname_fifo

· The function mkfifo() which takes as arguments

#include <sys/stat.h>

intmkfifo(const char *pathname, mode_t mode);

const char *pathname – is the file name

mode_t mode – is the absolute value of the permissions given to the file . Read permission is

given the value 4, write permission the value 2 and execute permission 1. (ex 777 for users,

group and others have all the permissions)

Returns: 0 if OK, -1 on error

Properties: ( Some of them are also applicable to PIPES)

1) After a FIFO is created, it can be opened for read or write.

2) Normally, opening a FIFO for read or write, it blocks until another process opens it for write

or read.

3) A read gets as much data as it requests or as much data as the FIFO has, whichever is less.

4) A write to a FIFO is atomic, as long as the write does not exceed the capacity of the FIFO.

The

capacity is at least 4k.

3.3.1. Simple named pipe example at shell prompt:


$ mkfifoabdul

$ps>abdul

Note :ps values/ouput are written in abdul but you cannot see the prompt unless the values are

read from the pipe. So open a another prompt and issue the following command.

$cat abdul

Displays the content of abdul i.e., the output of ps command

3.3.2. Using mkfifo() system call

Once the file is created, it needs to be opened using the system call open() and the data can be

read and written from the file using read() and write() system calls.

The following is prototype for open() system call

int open(const char *pathname, int flags);

open() returns a file descriptor, a small, non-negative integer for use in subsequent system calls

(read(2), write(2), lseek(2), fcntl(2), etc.). It returns -1 on failure.The path argument points to a

pathname naming the file.

The flags specified are formed by or'ing the following values

O_RDONLY open for reading only

O_WRONLY open for writing only

O_RDWR open for reading and writing

O_NONBLOCK do not block on open


O_APPEND append on each write

O_CREAT create file if it does not exist

O_TRUNC truncate size to 0

O_EXCL error if create and file exists

O_SHLOCK atomically obtain a shared lock

O_EXLOCK atomically obtain an exclusive lock

Program 3.3 : Named Pipe (FIFO) between parent and child process (fork)

#include<stdio.h>

#include<fcntl.h>

main()

{

char text[100]=”Sultanate of Oman”,str[100];

intpi,fd;

mkfifo(“test”,777);

if(fork( ) = = 0)

{

fd=open(“test”,O_RDONLY);

pi=read(fd,str,100);

printf(“%s\n”,str);

close(fd);

}


else

{

fd=open(“test”,O_WRONLY);

write(fd,text,strlen(text)+1);

close(fd);

}

}

Output:

Sultanate of Oman

3.4 Message Queues

Message queues are an handy way to get IPC when working with unrelated processes that run

completely without synchronism. A message queue is a shared "box" where processes can drop

and withdraw messages independently. Message queues allow one or more processes to write

messages that will be read by one or more reading processes. Message queues can be viewed as

pipes with message-based (instead of stream based)

The kernel maintains a structure for every message queue in the system. The data structures for

message queues are defined in sys/msg.h. The major data structure for message queues is

msqid_ds, which has the following members.

structipc_permmsg_perm; /* operation permission structure */

msgqnum_tmsg_qnum; /* number of messages currently in queue */

msglen_tmsg_qbytes; /* maximum bytes allowed in queue */

pid_tmsg_lspid; /* process ID of msgsnd */


pid_tmsg_lrpid; /* process ID of msgrcv */

time_tmsg_stime; /* time of last msgsnd */

time_tmsg_rtime; /* time of last msgrcv */

time_tmsg_ctime; /* time of last msgctl */

The msgqnum_t data type holds the number of messages in the message queue; the msglen_t

type holds the number of bytes allowed in a message queue. Both types must be at least as large

as an unsigned short.

Each message on a queue has the following attributes :

#include <sys/msg.h>

structmsgbuf

{

longmtype; /* message type */

charmtext[1]; /* message text : can be variable length*/

};

3.4.1. Message Queue Calls

· intmsgget(key_t key, intmsgflg);

§ creates a new or gets an existing message queue

§ "msgflg" consists of flags:

ü used for permissions, similar to file permissions

ü IPC_CREAT flag is used to create a new message queue, ignored if it

already exists

· intmsgsnd(intmsqid, structmsgbuf *msgp, size_tmsgsz, intmsgflg);


§ adds a message to the message queue

§ "msqid" is the message queue id returned by msgget( )

§ "msgp" is a structure:

ü first member must be a "long int", which is the message type (must be >0)

ü then the actual message to be sent is defined

§ "msgsz" is the size of the message, not including the "long int" message type

§ "msgflg" consists of flags specifying the action if the message queue is full or

system limits are reached

· ssize_tmsgrcv(intmsqid, structmsgbuf *msgp, size_tmsgsz, long msgtyp, intmsgflg);

§ retrieves message from message queue


§ "msgp" is a structure:

ü first member must be a "long int", which is the message type

ü then the buffer for the received message is defined

§ "msgsz" is the size of the message buffer, not including the "long int" message

type

§ "msgtyp" allows a simple form of message prioritization:

ü 0 - first available message is retrieved

ü >0 - first available message with the specified message type is retrieved

ü <0 - first available message with a message type less then or equal to the

specified message type is retrieved

§ "msgflg" consists of flags specifying the action if no message of the appropriate

type is available

· intmsgctl(intmsqid, intcmd, structmsqid_ds *buf);

§ message queue control

§ used to get or change permissions of a message queue, or to delete it


§ "cmd" is the command to execute

ü "IPC_STAT" sets the data in "msqid_ds" to reflect current values

ü "IPC_SET" sets the current values to those in "msqid_ds"

ü "IPC_RMID" deletes the message queue


Program 3.4 : Message Queue between two processes

Writer Program :(Sender)msg.c

#include <stdio.h>

#include <sys/types.h>

#include <sys/ipc.h>


struct Message

{

long mesg_type;

charmesg_data[1000];

} ;

main()

{

int msgid;

int len;

struct Message mesg;

msgid = msgget(1000, 0600|IPC_CREAT);

mesg.mesg_type = 100;


strcpy(mesg.mesg_data, "message number 1111\0");

len = strlen(mesg.mesg_data);

msgsnd(msgid, &mesg, len, 0);




msgsnd(msgid,&mesg, len, 0);




msgsnd(msgid,&mesg, len, 0);

}

Reader Program :(Reciever)msgr.c

#include <stdio.h>





struct Message

{

long mesg_type;

char mesg_data[1000];

} ;

main()

{

int msgid;

intlen;

struct Message mesg;

msgid = msgget(1000, 0600|IPC_CREAT);

msgrcv(msgid, &mesg, 100, 0, 0);

printf("Get a message type : %d = %s\n",mesg.mesg_type, mesg.mesg_data);





msgctl(msgid,IPC_RMID,0);


}

Output :

3.5 Semaphore.

Semaphores are one of the synchronization technique for IPC. "Suppose there is a stretch of

railroad in which there is a single track over which only one train at a time is allowed. A

semaphore guards the track. A train has to wait before entering the single track until the

semaphore is in a state that allows travel. When the train enters the track, the semaphore changes

the state to prevent other trains from entering the track. A train that is leaving this track must

change the state of the semaphore to allow another train to enter the track. “In computer jargon,

"a semaphore is an integer value. A process waits for permission to proceed by waiting for the

integer to become 0. If the process proceeds after the signal, it may increment the integer by 1.

When the process is completed, it changes the semaphore’s value by subtracting 1 from the

integer.

Semaphores which allow an arbitrary resource count are called counting semaphores, while

semaphores which are restricted to the values 0 and 1 (or locked/unlocked, unavailable/available)

are called binary semaphores. Counting semaphores are equipped with two operations,

historically denoted as V (also known as signal()) and P (or wait()). Operation V increments the

semaphore S, and operation P decrements it. P ( for wait operation) derived from Dutch word

(proberen) which means to test.V ( for signal passing operation ) derived from the word

‘Verhogen’ which means to increament


· Semaphores are used to synchronize operations on processes or to synchronize access to

data resources that may be accessed by several processes in parallel.. A semaphore set

contains a control structure and an array of individual semaphores. A semaphore set can

hold up to 25 elements. In Unix, operations involving semaphores are achieved by these

three system calls:

o semget(): Is used to initialize the semaphore set

o semctl(): Is used to change the ownership permission

o semop(): Is used to perform operations on semaphores

The Advantage of Semaphores

Semaphores can be used to solve the problem of a critical section. A process is said to be in a

critical section when it is executed independently and no other process interferes with its

execution. This condition is mutually exclusive.

Semaphore Initialization

Semaphores are initialized by using the semget() system function. The syntax of this function is:

int semget(key_t key, int nsems, int semflg);

This function returns an integer value. When the functions returns successfully, it returns the

value of the semaphore ID, semid.


The first argument, key, is mandatory and specifies an access value associated with the

semaphore ID. The second argument, nsems, specifies the numbers of elements stored in a

semaphore array. The call to this function fails if the value of nsems is greater than the number

of elements in an existing array. If the exact count of the array is not known, specifying 0 in this

argument ensures a successful call to this function. The third argument, semflg, indicates the

initial access permissions and creation control flags.

Handling Semaphores

Semaphores are controlled by the semctl() system function. This function changes the

permissions and other features of a semaphore set. The syntax of this function is:

int semctl(int semid, int semnum, int cmd, union semun arg);

This function takes three arguments and returns an integer value. The first argument is the

semaphore ID. The second argument is a value that selects a semaphore from an array of

semaphores. The third argument may take any of these values of the control flags:

•GETVAL: Returns the value of a single semaphore

•SETVAL: Sets the value of a single semaphore.

Operations on Semaphores

A Unix semaphore is an array of semaphores opened simultaneously and atomically by an array

of operations specified in the semop() system function. The syntax of this function, which is used

to obtain or release a semaphore, is:


int semop(int semid, struct sembuf *sops, size_t nsops);

This function takes three arguments and returns an integer value. The first argument, semid, is

the semaphore ID returned by the semget() call. In the second argument, sops refers to a pointer

to an array of structures. The information about the semaphore operation contained in each

structure includes:

• The semaphore number.

• The operation to be performed on the semaphore.

• The control flags, if any.

Program 3.5.1

/* semabinit.c –This program initialize a semaphore

to be used by the programs, sema and semb */



#include <sys/sem.h>

#include <stdio.h>

/* The semaphore key is a long integer. This is an external identification of the semaphore that a

program may use to access it.*/


#define KEY (1492)

void main()

{

int id; /* This number is used as an internal identification of the semaphore.*/

/* The semnum union is an argument to the semctl() function. This function performs various

tasks for the semaphore depending on which arguments are passed to it.You can initially set the

semaphore value to zero.*/

union semun

{

int val;

struct semid_ds *buf;

ushort * array;

} argument;

argument.val = 0;

/* This creates the semaphore with external key, KEY. if it is not there then just give the

permission 0666 to it. */

id = semget(KEY, 1, 0666 | IPC_CREAT);

/*Checking the return value.*/

if(id < 0)

{

printf("Unable to obtain semaphore.\n");


exit(0);

}

/* Stores the semaphore. The second argument to semget() is given as 1.*/

/* Sets the value of the semaphore which contains the number zero, in semaphore array id to

the value zero. */

if( semctl(id, 0, SETVAL, argument) < 0)

{

printf( "Unable to set semaphore value.\n");

}

else

{

printf("Semaphore %d initialized.\n", KEY);

}

}

Programm 3. 5.2 /* Semaphore example: Program (sema.c) */

/*Two programs, sema and semb are available to you now. Semb can be started at any time. This

will be forced to wait until the program sema is executed. Sema and semb needs not to be

executed by the same user */

#include <stdio.h>




#define KEY (1492)


/* This is the external name of the semaphore known to any program that wishes to access it. */

void main()

{

int id; /*This stores the internal identifier of the semaphore. */

struct sembuf operations[1];

/* An "array"of one operation to perform on the semaphore. */

int retval; /* Return value from semop() */

/* Receives the index for the semaphore with external name KEY. */

id = semget(KEY, 1, 0666);

if(id < 0)

/* Semaphore does not exist. */

{

printf( "Program sema unable to find semaphore and hence exiting.\n");

exit(0);

}

/* Begins a semaphore V-operation. */

printf("Program sema starts a V-operation.\n");

/* Sets the sembuf structure. */

/* Finds the semaphore, which one?: */

operations[0].sem_num = 0;

/* Which operation? Add 1 to semaphore value : */


operations[0].sem_op = 1;

/* Sets the flag and waits: */

operations[0].sem_flg = 0;

/* Do the operation now.*/

retval = semop(id, operations, 1);

if(retval == 0)

{

printf("V-operation by program sema is succeeded.\n");

}

else

{

printf("sema: V-operation did not succeed.\n");

printf("You find the reason!");

}

}

/*When the program, sema gets executed twice then the program, semb can also execute twice.

*/

Programm 3.5.3 /* Semaphore example: Program 2(semb.c) */

/* The two programs, sema and semb are available to you now. Semb can be initiated at any

time. It will have to wait until sema is executed. These two programs, sema and semb may not

necessarily be executed by the same user.*/

/*You can test as: Execute semb & The & is at the end of semb is important and it allows you to

execute in the same system, otherwise you would have to move to a different terminal to execute

sema. Then execute sema. */


#include <stdio.h>




#define KEY (1492)

/* This is the external name of the semaphore that any program can use to access it. */

void main()

{

int id; /* This identifies the semaphore internally. */

struct sembuf operations[1];

/* An "array"of one operation to perform on the semaphore. */

int retval; /* This stores the return value from semop() */

/* This receives the index for the semaphore with external name KEY. */

id = semget(KEY, 1, 0666);

if(id < 0)

/* If semaphore is not available. */

{

printf("Program semb cannot find semaphore and hence exiting.\n");

exit(0);

}

/* This performs a semaphore P-operation. */


printf("Program semb just to begin a P-operation. \n");

printf("Process id is %d\n", getpid());

/* This sets up the sembuf structure. */

/* This tells which semaphore in the semaphore array:*/

operations[0].sem_num = 0;

/* Determination of the semaphore operation. Subtract 1 from semaphore value : */

operations[0].sem_op = -1;

/* Sets the flag and waits */

operations[0].sem_flg = 0;

/* Start the operation */

retval = semop(id, operations, 1);

if(retval == 0)

{

printf("P-operation succeeded by program semb.\n");

printf("Process id is %d\n", getpid());

}

else

{

printf("semb: P-operation failed.\n");

}

}

/* If sema is executed twice then semb can execute twice. */


UMMARY

When processes wish to communicate, they must first establish communication. The stream

mechanisms introduced in the Eighth Edition Unix system [1], which have now become part of

AT&T's Unix System V [2], provide a flexible way for processes to conduct an already-begun

conversation with devices and with each other: an existing stream connection is named by a file

descriptor, and the usual read, write, and I/O control requests apply. Processing modules may be

inserted dynamically into a stream connection, so network protocols, terminal processing, and

device drivers separate cleanly. However, these mechanisms, by themselves, do not provide a

general way to create channels between processes.

Simple extensions provide new ways of establishing communication. In our system, the

traditional Unix IPC mechanism, the pipe, is a cross-connected stream. A generalisation of file-

system mounting associates a stream with a named file. When the file is opened, operations on

the file are operations on the stream. Open files may be passed from one process to another over

a pipe. These low-level mechanisms allow construction of flexible and general routines for

connecting local and remote processes.

QUESTIONS

1) Explain about the half duplex pipes used in IPC

2) Write the program to implement FIFOs

3) Explain about the system calls being used in message queues

Laboratory Exercises:

S

Assignment


1.write a system program using message queue which includes both sender and receiver

part .(Using fork() system call)

References:

http://www.tutorialspoint.com/unix/unix-pipes-filters.htm

http://www.cs.fredonia.edu/zubairi/s2k2/csit431/more_pipes.html


CHAPTER 4

I/O MANIPULATION & FILE SECURITY

Objectives


4.1 Examine File Access Permissions

4.2 Change the permissions using Absolute mode and symbolic mode

4.3 Understand the password aging , filewall configuration and encryption.

INTRODUCTION

In all operation systems, there is a standard input device and a standard output device. It is the

keyboard and the display screen respectively. Also the standard error device is the display

screen. Unless otherwise instructed Unix commands/programs get their input from the keyboard

and send their output to the terminal screen. Special files that instruct all the programs to accept

standard input from the keyboard and direct the standard output to the display, are provided by

Unix. Sometimes it is useful to redirect the input of output to a file or a printer. UNIX is a multi-

user system. Every file and directory in your account can be protected from or made accessible

to other users by changing its access permissions. Every user has responsibility for controlling

access to their files.

CCESS PERMISSIONS

4.1 A

Objectives


Permissions for a file or directory may be any or all of:

r - Read

w - Write

x - Execute = running a program

Each of this permission (rwx) can be controlled at three levels:

u - user = yourself

g - group = can be people in the same project

o - other = everyone on the system

File access permissions are displayed using the ls -l command. The output from the ls -l

command shows all permissions for all levels as three groups of three according to the scheme:

owner read (r)

owner write (w)

owner execute (x)

group read (r)

group write (w)

group execute (x)

public read (r)

public write (w)

public execute (x)

which are displayed as: -rwxrwxrwx

In your directory, type % ls -l (l for long listing!)


You will see that you now get lots of details about the contents of your directory, similar to the

example below.

Each file (and directory) has associated access rights, which may be found by typing ls -l.

-rwxrw-r-- 1 ee51ab beng95 2450 Sept29 11:52 file1

In the left-hand column is a 10 symbol string consisting of the symbols d, r, w, x, -, and,

occasionally, s or S. If d is present, it will be at the left hand end of the string, and indicates a

directory: otherwise - will be the starting symbol of the string.

The 9 remaining symbols indicate the permissions, or access rights, and are taken as three groups

of 3.

· The left group of 3 gives the file permissions for the user that owns the file (or directory) (ee51ab in the above example);

· The middle group gives the permissions for the group of people to whom the file (or directory) belongs

· The rightmost group gives the permissions for all others.

Examples

-rw------- 2 smith staff 3287 Apr 8 12:10 file1 - User has read and write permission. Group and

others have no permissions. -rw-r--r-- 2 smith staff 13297 Apr 8 12:11 file2 - User has read and write permission. Group and

others can only read the file. -rwxr-xr-x 2 smith staff 4133 Apr 8 12:10 myprog - User has read, write and execute permission.

Group and others can read and execute the file.


drwxr-x--- 2 smith staff 1024 Jun 17 10:00 SCCS - This is a directory. The user has read, write and

execute permission. Group has read and execute

permission on the directory. Nobody else can

access it.

Note: a directory must have both r and x permissions if the files it contains are to be

accessed.

4.2 CHANGING FILE PERMISSIONS

ABSOULTE MODE

File access permissions can be changed by a numerical (octal) chmod specification. Read

permission is given the value 4, write permission the value 2 and execute permission 1.

r w x

4 2 1

These values are added together for any one user category:

0 = no permissions

1 = execute only

2 = write only

3 = write and execute (1+2)

4 = read only

5 = read and execute (4+1)

6 = read and write (4+2)

7 = read and write and execute (4+2+1)


So access permissions can be expressed as three digits. For example:

user group others

chmod 640 file1 rw- r-- ---

chmod 754 file1 rwx r-x r--

chmod 664 file1 rw- rw- r—

Never set write permission for all other users on a file or directory which is in your home

directory. If you do other users will be able to change its content. This can represent a serious

security risk.

SYMBOLIC MODE

The chmod command is used to change access permissions for files which you own. The syntax

is:

chmod [who] [+/-/=] [permissions] filename

where:

who action permissions

u = user + à add r à read

g = group - à remove w à write

o = other = à add the specified permission, x à execute

but take away all others, if present


Examples:

· chmod o+r sample.f - Adds read permission for others to the file sample.f.

· chmod o-r sample.f - Removes read permission for others to the file sample.f.

· chmod og+rx prog* - Adds read and execute permissions for group and others to all files which contain

"prog" as the first four characters of their name.

· chmod +w * - Adds write permission only for user to all files in current directory.

· chmod +r * - Adds read permission to all (users, group, others) to all files in current directory.

· chmod u+x,o=w file1 - Adds execute permission for user and overwrite/override with write permission to

others

· chmod 2 file1 - provides write permission to others and nothing to user and group ( like 002)

· chmod 47 file1 - provides read permission to group, all permissions to others and nothing to user

( like 047)


4.3 PASSWORD SECURITY

Passwords are the primary method that Red Hat Enterprise Linux uses to verify a user's identity.

This is why password security is so important for protection of the user, the workstation, and the

network.

For security purposes, the installation program configures the system to use Secure Hash

Algorithm 512 (SHA512) and shadow passwords. It is highly recommended that you do not alter

these settings.

If shadow passwords are deselected during installation, all passwords are stored as a one-way

hash in the world-readable /etc/passwd file, which makes the system vulnerable to offline

password cracking attacks. If an intruder can gain access to the machine as a regular user, he can

copy the /etc/passwd file to his own machine and run any number of password cracking

programs against it. If there is an insecure password in the file, it is only a matter of time before

the password cracker discovers it.

Shadow passwords eliminate this type of attack by storing the password hashes in the file

/etc/shadow, which is readable only by the root user.

The following guidelines will help you to create a strong password:

· Make the Password at Least Eight Characters Long — The longer the password, the better. If using MD5 passwords, it should be 15 characters or longer. With DES passwords, use the maximum length (eight characters).

· Mix Upper and Lower Case Letters — Red Hat Enterprise Linux is case sensitive, so mix cases to enhance the strength of the password.

· Mix Letters and Numbers — Adding numbers to passwords, especially when added to the middle (not just at the beginning or the end), can enhance password strength.

· Include Non-Alphanumeric Characters — Special characters such as &, $, and > can greatly improve the strength of a password (this is not possible if using DES passwords).

· Pick a Password You Can Remember — The best password in the world does little good if you cannot remember it; use acronyms or other mnemonic devices to aid in memorizing passwords.

Password Aging

Password aging is another technique used by system administrators to defend against bad

passwords within an organization. Password aging means that after a specified period (usually 90

days), the user is prompted to create a new password. The theory behind this is that if a user is

forced to change his password periodically, a cracked password is only useful to an intruder for a

limited amount of time. The downside to password aging, however, is that users are more likely

to write their passwords down.


There are two primary programs used to specify password aging under Red Hat Enterprise

Linux: the chage command or the graphical User Manager (system-config-users) application.

Shadow passwords must be enabled to use the chage command. The -M option of the chage

command specifies the maximum number of days the password is valid. For example, to set a

user's password to expire in 90 days, use the following command:

chage -M 90 <username>

In the above command, replace <username> with the name of the user. To disable password

expiration, it is traditional to use a value of 99999 after the -M option (this equates to a little over

273 years).

For more information on the options available with the chage command, refer to the table below.

Table 2.1. chage command line options

Option Description

-d days Specifies the number of days since January 1, 1970 the password was changed.

-E date Specifies the date on which the account is locked, in the format YYYY-MM-DD.

Instead of the date, the number of days since January 1, 1970 can also be used.

-I days Specifies the number of inactive days after the password expiration before locking the

account. If the value is 0, the account is not locked after the password expires.

-l Lists current account aging settings.

-

m days

Specify the minimum number of days after which the user must change passwords. If

the value is 0, the password does not expire.

-

M days

Specify the maximum number of days for which the password is valid. When the

number of days specified by this option plus the number of days specified with the -d

option is less than the current day, the user must change passwords before using the

account.

-

W days Specifies the number of days before the password expiration date to warn the user.

You can also use the chage command in interactive mode to modify multiple password aging and

account details. Use the following command to enter interactive mode:

chage <username>

The following is a sample interactive session using this command:


~]# chage juan

Changing the aging information for juan

Enter the new value, or press ENTER for the default

Minimum Password Age [0]: 10

Maximum Password Age [99999]: 90

Last Password Change (YYYY-MM-DD) [2006-08-18]:

Password Expiration Warning [7]:

Password Inactive [-1]:

Account Expiration Date (YYYY-MM-DD) [1969-12-31]:

Upon the initial log in, the user is now prompted for a new password.

You can also use the graphical User Manager application to create password aging policies, as

follows. Note: you need Administrator privileges to perform this procedure.

1. Click the System menu on the Panel, point to Administration and then click Users and

Groups to display the User Manager. Alternatively, type the command system-config-users at a shell prompt.

2. Click the Users tab, and select the required user in the list of users. 3. Click Properties on the toolbar to display the User Properties dialog box (or choose

Properties on the File menu). 4. Click the Password Info tab, and select the check box for Enable password expiration. 5. Enter the required value in the Days before change required field, and click OK.

SERVICES AND PORTS

Configuring Linux Services

You can control which services you want to be automatically started at boot time. As mentioned

previously it is important to avoid having any services running that you don't actually need.

Every server is a potential access point into your Linux server so it is good practice to turn off

anything you don't think you will use. Bear in mind that you can always turn on a service at a

later date if you find you need it.

There are number of ways to control what services get started using both command line and

graphical tools without having to delve into the depths of your Linux system.

The command line tool chkconfig (usually located in /sbin) can be used to list and configure

which services get started at boot time. To list all service settings run the following command:

/sbin/chkconfig --list


This will display a long list of services showing whether or not they are started up at various

runlevels. You may want to narrow the search down using Linux grep command. For example to

list the entry for the HTTP daemon you would do the following:

/sbin/chkconfig --list | grep httpd

which should result in something like:

httpd 0:off 1:off 2:off 3:on 4:off 5:off 6:off

Alternatively you may just be interested to know what gets started for runlevel 3:

/sbin/chkconfig --list | grep '3:on'

chkconfig can also be used to change the settings. If we wanted the HTTP service to start up

when we at runlevel 5 we would issue the following command:

/sbin/chkconfig --level 5 httpd on

Service command - list running services

service --status-all service --status-all | grep ntpd service --status-all | less

Print the status of any service

To print the status of apache (httpd) service: service httpd status

List all known services (configured via SysV)

chkconfig --list

List service and their open ports

netstat -tulpn

Turn on / off service

ntsysv chkconfig service off chkconfig service on chkconfig httpd off chkconfig ntpd on


ntsysv is a simple interface for configuring runlevel services which are also configurable through chkconfig. By default, it configures the current runlevel. Just type ntsysv and select service you want to run:

A number of graphical tools are also available for administering services. On RedHat 9 you can

run the following command:

redhat-config-services

Verifying Which Ports Are Listening

Unnecessary open ports should be avoided because it increases the attack surface of your system.

If after the system has been in service you find unexpected open ports in listening state, that

might be signs of intrusion and it should be investigated.

Issue the following command, as root, from the console to determine which ports are listening

for connections from the network:

~]# netstat -tanp | grep LISTEN

tcp 0 0 0.0.0.0:45876 0.0.0.0:* LISTEN 1193/rpc.statd

tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1241/dnsmasq

tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1783/cupsd

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 7696/sendmail

tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1167/rpcbind

tcp 0 0 127.0.0.1:30003 0.0.0.0:* LISTEN 1118/tcsd

tcp 0 0 :::631 :::* LISTEN 1/init

tcp 0 0 :::35018 :::* LISTEN 1193/rpc.statd

tcp 0 0 :::111 :::* LISTEN 1167/rpcbind

Review the output of the command with the services needed on the system, turn off what is not

specifically required or authorized, repeat the check. Proceed then to make external checks using

nmap from another system connected via the network to the first system. This can be used verify

the rules in iptables. Make a scan for every IP address shown in the netstat output (except for

localhost 127.0.0.0 or ::1 range) from an external system. Use the -6 option for scanning an IPv6

address. See man nmap(1) for more information.

The following is an example of the command to be issued from the console of another system to

determine which ports are listening for TCP connections from the network:

~]# nmap -sT -O 192.168.122.1


Refer to the man pages for netstat, nmap, and services for more information.

FIREWALL CONFIGURATION

What exactly is a Firewall?

A firewall is a program running on a Gateway, Bridge or PC/Laptop/Smartphone that is capable of filtering incoming, outgoing, and forwarded network packets. A firewall is essentially a tool that lets you restrict you or your network’s access to the Internet, and

someone else’s access from the Internet to your network.

What we have here is actually something quite simple:

· A few computers and other network-connected devices – the green boxes · An e-mail server – the red box · A Microsoft Active Directory server – the blue box · A gateway, which is also a firewall, for our network running Linux – the black box · Between all of these is a simple network switch


we will configure iptables on that gateway, so that it will allow all the devices in the network to

connect to the Internet. It will allow us to connect to it, via SSH, and will allow external mail

servers to reach the mail server inside our network – a computer that does not even have a public

IP address; only a private one.

How a Firewall Works

A typical firewall can perform a number of tasks depending on the complexity of the firewall

itself. The basic functions of a firewall are as follows:

Stealth Mode - Discarding Pings

There is a common mechanism in networked environments for finding out if a particular system

is up and running and connected to the network. Typically a utility called ping is given the IP

address of the remote system. The ping utility sends a data packet to the remote system

represented by the IP address and waits for a reply. If it gets a reply then the user knows that the

system at that address is available on the network.

Port Forwarding and Blocking

Port blocking is the most fundamental level of firewall security and will be used by most home

or small business users to protect their systems.

As we mentioned previously computer systems communicate through ports. A firewall can be

used to block any ports that you do not want to be open to your systems inside the firewall. For

example FTP operates through port 21. If you do not wish anyone on the outside to have ftp

access to your systems you will need to configure your firewall to block port 21.

Conversely, Port Forwarding is also a very useful tool to have. Suppose you have three Linux

systems on your internal network and want to be able to telnet into one of those systems when

you are outside your firewall (perhaps at the local café using the free Wi-Fi connection while you

drink your coffee or while in a hotel on a business trip). In this situation you will configure your

firewall to forward port 21 connections to the system you want to access from outside. When you

connect to your IP address using telnet the firewall will see the packets arriving on port 21 and

know that it must forward them to the IP address of the machine you have designated. If you

have more than one system on your network it is essential that you set up port forwarding to

handle this. After all, without port forwarding how would the router know which internal system

you wanted to connect to?


Packet Filtering

Packet filtering is a much more advanced mechanism for providing security and is not available

in typical small business or home use router devices.

Data is transmitted over networks and the internet in what are called packets. Each packet

contains information about where the data came from and where it is going to (i.e the IP address

of the sender and the your IP address). In fact a packet contains a great deal of information about

the nature of the data being transmitted and many advanced firewall solutions allow you to filter

the data packets coming in through your internet connection to allow or disallow packets

depending on what are called filtering rules. For example you might allow a telnet session

(which allows you to log into your Linux system from outside) but disallow ftp packets (which

allow files to be transferred to and from of your Linux system). You may also choose to block

packets arriving from an IP address that you know to be suspicious.

Port numbers which are recognized by Internet and other network protocols, enabling the computer to interact with others. Each Linux server has a port number (see /etc/services file). For example:

1. TCP port 80 - HTTP Server 2. TCP port 443 - HTTPS Server 3. TCP port 25 - Mail Server 4. TCP port 22 - OpenSSH (remote) secure shell server 5. TCP port 110 - POP3 (Post Office Protocol v3) server 6. TCP port 143 - Internet Message Access Protocol (IMAP) — management of email

messages 7. TCP / UDP port 53 - Domain Name System (DNS)

Block Incoming Port

The syntax is as follows to block incoming port using IPtables:

/sbin/iptables -A INPUT -p tcp --destination-port {PORT-NUMBER-HERE} -j DROP ### interface section use eth1 ### /sbin/iptables -A INPUT -i eth1 -p tcp --destination-port {PORT-NUMBER-HERE} -j DROP ### only drop port for given IP or Subnet ## /sbin/iptables -A INPUT -i eth0 -p tcp --destination-port {PORT-NUMBER-HERE} -s {IP-ADDRESS-HERE} -j DROP


/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port {PORT-NUMBER-HERE} -s {IP/SUBNET-HERE} -j DROP To block port 80 (HTTP server), enter (or add to your iptables shell script):

# /sbin/iptables -A INPUT -p tcp --destination-port 80 -j DROP

# /sbin/service iptables save

Block Incomming Port 80 except for IP Address 1.2.3.4

# /sbin/iptables -A INPUT -p tcp -i eth1 -s ! 1.2.3.4 --dport 80 -j DROP

Block Outgoing Port

The syntax is as follows:

/sbin/iptables -A OUTPUT -p tcp --dport {PORT-NUMBER-HERE} -j DROP ### interface section use eth1 ### /sbin/iptables -A OUTPUT -i eth1 -p tcp --dport {PORT-NUMBER-HERE} -j DROP ### only drop port for given IP or Subnet ## /sbin/iptables -A OUTPUT -i eth0 -p tcp --destination-port {PORT-NUMBER-HERE} -s {IP-ADDRESS-HERE} -j DROP /sbin/iptables -A OUTPUT -i eth0 -p tcp --destination-port {PORT-NUMBER-HERE} -s {IP/SUBNET-HERE} -j DROP To block outgoing port # 25, enter:

# /sbin/iptables -A OUTPUT -p tcp --dport 25 -j DROP


You can block port # 1234 for IP address 192.168.1.2 only:

# /sbin/iptables -A OUTPUT -p tcp -d 192.168.1.2 --dport 1234 -j DROP


You can setup kernel variable to drop all ping packets. Type the following command at shell prompt:

# echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

This instructs the kernel to simply ignore all ping requests (ICMP type 0 messages). To enable ping request type the command:

echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all

You can add following line to /etc/sysctl.conf file:

# vi /etc/sysctl.conf Append following line:

net.ipv4.icmp_echo_ignore_all = 1

Save and close the file.


ENCRYPTING FILE

To encrypt a single file, use command gpg as follows: $ gpg -c filename

To encrypt myfinancial.info.txt file, type the command: $ gpg -c myfinancial.info.txt Sample output:

Enter passphrase:<YOUR-PASSWORD> Repeat passphrase:<YOUR-PASSWORD>

This will create a myfinancial.info.txt.gpg file. Where,

· -c : Encrypt with symmetric cipher using a passphrase. The default symmetric cipher used is CAST5, but may be chosen with the --cipher-algo option. This option may be combined with --sign (for a signed and symmetrically encrypted message), --encrypt (for a message that may be decrypted via a secret key or a passphrase), or --sign and --encrypt together (for a signed message that may be decrypted via a secret key or a passphrase).

Please note that if you ever forgot your password (passphrase), you cannot recover the data as it use very strong encryption.

Decrypt a file

To decrypt file use the gpg command as follow: $ gpg myfinancial.info.txt.gpg Sample outputs:

gpg myfinancial.info.txt.gpg gpg: CAST5 encrypted data Enter passphrase:<YOUR-PASSWORD>

Decrypt file and write output to file vivek.info.txt you can run command: $ gpg myfinancial.info.gpg –o vivek.info.txt Also note that if file extension is .asc, it is a ASCII encrypted file and if file extension is .gpg, it is a binary encrypted file.


SUMMARY

This chapter presented the details of standard input, output and error files. Redirection operators

and filters with different options and examples are explained in detail. Also it covered file access

permissions and the absolute and symbolic mode of changing file permissions.

Guide Questions

1. What will be the effect of the following Unix commands?

a. chmod 777 ab.c

b. chmod ug+r fff.out

2. Differentiate between absolute mode & symbolic mode.

3. What is the ideal permission to set on a directory?

4. If we have a read permission to somebody’s directory can we do a “ls” on it?

References

1. https://www.dartmouth.edu/~rc/help/faq/permissions.html

2. http://www.unix.com/shell-programming-scripting


CHAPTER 5

Working with Databases

Objectives


5.1. Describe the features of MySQL

5.2. Identify the installation procedure

5.3. Create the databases

5.4. Use DDL and DML statements on databases

5.5. Evaluate the permissions on databases

5.1 Introduction

MySQL is a full-featured relational database management system (RDBMS) sponsored by the

Swedish company MySQL AB, which is owned by Oracle Corporation. MySQL is written in C

and C++ and is compatible with all major operating systems. MySQL source code is freely

available because it was originally developed as freeware.

MySQL originally developed and first released in 1995. MySQL is named after my, the daughter

Michael Wideners, of one of the product’s originators. It was originally produced under the GNU

General Public License, in which source code is made freely available. MySQL was originally

owned by Sun Microsystems; when the company was purchased by Oracle Corp. in 2010,

MySQL was part of the package.

Objectives


MySQL is very popular for Web-hosting applications because of its plethora of Web-optimized

features like HTML data types, and because it's available for free. It is part of the Linux, Apache,

MySQL, PHP (LAMP) architecture, a combination of platforms that is frequently used to deliver

and support advanced Web applications. MySQL runs the back-end databases of some famous

websites, including Wikipedia, Google and Facebook- a testament to its stability and robustness

despite its decentralized, free-for-all philosophy.

5.2 Features of MySQL

MySQL has many features following list shows the most important properties of MySQL.

· Client/Server Architecture: MySQL is a client/server system. Many clients (application

programs) communicate with the server; that is, they query data, save changes, etc. The

clients can run on the same computer as the server or on another computer

(communication via a local network or the Internet).

· SQL compatibility: MySQL supports as its database language as its name suggests SQL

(Structured Query Language). SQL is a standardized language for querying and updating

data and for the administration of a database.

· Platform independence: MySQL runs under a variety of operating systems; the most

important are Apple Macintosh OS X, Linux, Microsoft Windows, and the countless

UNIX variants, such as AIX, BSDI, FreeBSD, HP-UX, OpenBSD, Net BSD, SGI Iris,

and Sun Solaris.

· Multiuser Support: MySQL is a full multiuser system, which means that multiple

clients can access and use one (or more) MySQL database(s) simultaneously; this is of

particular significance during development of web-based applications, which are required

to support simultaneous connections by multiple remote clients.

· Open-Source Code: The MySQL source code is freely available under the terms of the

GNU General Public License—a key benefit, since it allows users to download and

modify the application to meet their specific needs.


5.3 Basic MySQL Tasks in UNIX

After installing MySQL on UNIX, we must initialize the grant tables, start the server, and make

sure that the server works satisfactorily. We should also assign passwords to the accounts in the

grant tables.

The following given bellow procedure describes how to initialize the grant tables and start the

server. It also suggests some commands that we can use to manage user, database, tables and

record.

5.3.1 Start the database:

Start the database: /etc/rc.d/init.d/mysqld start

5.3.2 Assign a password:

mysqladmin -u root password 'new-password'

5.3.2.1 Login into MySQL

$ mysql -u root -p

After successful execution of this command user will get the mysql prompt.

5.3.3 Create a database:

We use Mysql create database command to create a database

mysql> create database mynewdatabasename;

example: create database HCT

5.3.4 List the databases in the server:

mysql> show databases;

This will list name of all databases present.


5.3.5 Use a database:

mysql> use databasename;

example: use HCT;

5.3.6 Delete a database (drop):

If you don’t need database further then you can remove it from disk by using drop database

command.

mysql> drop database unwanteddatabasename;

example: drop databse HCT;

5.3.7 Create a Table:

MySQL uses many different data types, broken into three categories: numeric, date and time, and

string types.

Numeric Data Types:

MySQL uses all the standard ANSI SQL numeric data types, so if you're coming to MySQL

from a different database system, these definitions will look familiar to you. The following list

shows the common numeric data types and their descriptions.

· INT - A normal-sized integer that can be signed or unsigned. If signed, the allowable

range is from -2147483648 to 2147483647. If unsigned, the allowable range is from 0 to

4294967295. You can specify a width of up to 11 digits.

· FLOAT(M,D) - A floating-point number that cannot be unsigned. You can define the

display length (M) and the number of decimals (D). This is not required and will default

to 10,2, where 2 is the number of decimals and 10 is the total number of digits (including

decimals). Decimal precision can go to 24 places for a FLOAT.

· DOUBLE(M,D) - A double precision floating-point number that cannot be unsigned.

You can define the display length (M) and the number of decimals (D). This is not

required and will default to 16,4, where 4 is the number of decimals. Decimal precision

can go to 53 places for a DOUBLE. REAL is a synonym for DOUBLE.


Date and Time Types:

The MySQL date and time data types are:

· DATE - A date in YYYY-MM-DD format, between 1000-01-01 and 9999-12-31. For

example, December 30th, 1973 would be stored as 1973-12-30.

· TIME - Stores the time in HH:MM:SS format.

· YEAR(M) - Stores a year in 2-digit or 4-digit format. If the length is specified as 2 (for

example YEAR(2)), YEAR can be 1970 to 2069 (70 to 69). If the length is specified as 4,

YEAR can be 1901 to 2155. The default length is 4.

String Types:

Although numeric and date types are fun, most data you'll store will be in string format. This list

describes the common string datatypes in MySQL.

· CHAR(M) - A fixed-length string between 1 and 255 characters in length (for example

CHAR(5)), right-padded with spaces to the specified length when stored. Defining a

length is not required, but the default is 1.

· VARCHAR(M) - A variable-length string between 1 and 255 characters in length; for

example VARCHAR(25). You must define a length when creating a VARCHAR field.

We can create a table by using create table command.

mysql> create table TableName (Field1 datatype1,Field2 datatype2,…..,…);

example: create table student (ID char(20),Name char(20),Dept char(20), GSM int);

5.3.8 View table structure:

We can view structure of an existing table by using describe command.


mysql> describe TableName;

example: describe student;

5.3.9 Listing Tables:

We use show tables command to list names of all tables present in current database.

mysql> show tables;

5.3.10 Altering name & structure of Table:

MySQL ALTER command is very useful when we want to change a name of our table, any table

field or if we want to add or delete an existing column in a table.

i. Renaming a Table:

Command: mysql> alter table oldname rename to newname;

Example: mysql> alter table student rename to unixstudent;

ii. Adding a field to a table:

Command: mysql> alter table tablename add fieldname datatype;

Example: mysql> alter table unixstudent add marks float(5,2);

iii. Removing a field from a Table:

Command: mysql> alter table unixstudent drop fieldname;

Example: mysql> alter table unixstudent dropt dept;

5.3.11 Inserting a record:

We use insert command alongwith field values to insert a record into a table.

mysql> insert into TableName values(value1, value2,…,…);

example: insert into unixstudent values ('12J6231’,Ahmed','IT','16S1012',95674321);

5.3.12 Updating Table data:

There may be a requirement where existing data in a MySQL table need to be modified. We can

do so by using SQL UPDATE command. This will modify any field value of any MySQL table.

Command: mysql> update table_name set field1=new-value1, field2=new-value2

[where Clause]


Example:

mysql> update unixstudent set dept=’IS’ where name = ‘Ahmed’;

mysql> update unixstudent set name= “Ahmed Said”, dept=”NW” where ID=’12J6231’;

5.3.13 Listing table records:

mysql> select * from TableName;

example: select * from unixstudent;

5.3.14 Drop Table:

mysql> drop table TableName;

example: drop table unixstudent;

5.3.15 Create a user:

mysql> create user newusername;

example create user ahmed;

5.3.16 List the users:

mysql> select user from mysql.user;

5.3.17 Providing privileges to one user on one database:

mysql> grant all privileges on database.* to username@"servername" identified by 'password';

mysql> flush privileges;

example: grant all privileges on database.* to ahmed@”localhost” identified by ‘password’. The

flush privileges is used to write the privilege changes to the mysql.sql database

5.3.18 Delete a user:

mysql> drop user test;

5.3.19 Quit from the SQL shell:

mysql> quit; After successful execution of this command user will get the mysql prompt.

5.3.20 Backup a Database:

mysqldump -u [username] -p [password] [databasename] > [backupfile.sql]


5.3.21 Shutting down the database:

/etc/rc.d/init.d/mysqld stop

UMMARY

MySQL is a fast, easy-to-use RDBMS used being used for many small and big businesses.

MySQL is developed, marketed, and supported by MySQL AB, which is a Swedish company.

MySQL is becoming so popular because of many good reasons.

· MySQL is released under an open-source license. So you have nothing to pay to use it.

· MySQL is a very powerful program in its own right. It handles a large subset of the

functionality of the most expensive and powerful database packages.

· MySQL uses a standard form of the well-known SQL data language.

· MySQL works on many operating systems and with many languages including PHP,

PERL, C, C++, JAVA etc.

· MySQL works very quickly and works well even with large data sets.

· MySQL is very friendly to PHP, the most appreciated language for web development.

· MySQL supports large databases, up to 50 million rows or more in a table. The default

file size limit for a table is 4GB, but you can increase this (if your operating system can

handle it) to a theoretical limit of 8 million terabytes (TB).

· MySQL is customizable. The open source GPL license allows programmers to modify

the MySQL software to fit their own specific environments.

UIDE QUESTIONS

1. Create a database named HCT.

2. Create a table named STUDENT under HCT database. Table should have following structure.

Field Name Data Type Size

ID char 10

NAME char 41

S

G


SUBJECT char 21

3. Remove field named SUBJECT from STUDENT table.

4. Enter three records in STUDENT table.

5. Add a field to the STUDENT table, named GSM and data type INT.

6. Add data for GSM field of all three records of STUDENT table.

7. List all records of STUDENT table.

8. See structure of STUDENT table.

9. Create a user named SE and grant all privileges on HCT database for this user.

10. Delete table STUDENT and then exit from MySQL prompt.

References

1 http://www.tutorialspoint.com/unix_commands/mysql.htm

2. http://www.yolinux.com/TUTORIALS/LinuxTutorialMySQL.html


Chapter-6

Socket Programming with UNIX

Objectives


6.1. Describe the UNIX sockets

6.2. Discuss basics of socket programming

6.3. Use system calls for socket programming

6.4. Examine Socket data structure

6.5. Create Socket programs

6.1 Introduction

Sockets are inter-process-communication mechanism that allows bidirectional data exchange

between processes running either on the same machine or different machines. It provides point-

to-point, two-way communication between two processes. Sockets are very versatile and are a

basic component of interposes and intersystem communication. A socket is one end of the

communication channel between two applications running on machines. In short a socket is a

tool that allows us to transfer data in a bidirectional way.

A socket has two sides. Each side is identified by a combination of two elements: the IP address

and port. The first identifies a computer, and the second is connected to a process.

Objectives


Figure-6.1

There are many different types of sockets that differ in the way data is transferred.

1. UNIX sockets: An inter-process-communication mechanism that allows bidirectional data

exchange between processes running on the same machine.

2. IP sockets: A mechanism that allows communicating processes over the network.

3. TCP/IP Socket: the method of directing data to the appropriate application in a computer also

called a "network socket" or stream socket.

6.2 UNIX Socket

Remember FIFOs? Remember how they can only send data in one direction, just like a Pipe?

Socket is a two-way communications pipe, which can be used to communicate in a wide variety

of domains. One of the most common domains sockets communicate over is the Internet. UNIX

sockets are just like two-way FIFOs. However, all data communication will be taking place

through the sockets interface, instead of through the file interface.

In UNIX, whenever there is a need for inter process communication within the same machine,

we use mechanism like signals or pipes(named or unnamed). Similarly, when we desire a

communication between two applications possibly running on different machines, we need

sockets.

Although Unix sockets are a special file in the file system (just like FIFOs), we won't be use

open() and read()—we'll be using socket(), bind(), recv(), etc. Sockets, once created and

connected can be used like file descriptors, thus it is easy to read and write to them.


Figure-6.2

6.3 Basic of Socket Programming

While programming with sockets, we usually create server and client programs. The server sits

listening for incoming connections from clients and handles them. The combination of the IP

address of the station and a port number make up a socket. To "create a socket" or "open a

socket" means to establish a connection to the Internet or other TCP/IP wide area or local area

network.

Figure-6.3

6.4 Steps involved in Socket programming

Steps for client site:

1. Create a socket

2. Connect the socket to the address of the server

3. Send/Receive data

4. Close the socket


Steps for server site:

1. Create a socket

2. Bind the socket to the port number known to all clients

3. Listen for the connection request

4. Accept connection request

5. Send/Receive data

6.5 System calls for socket programming

Here below table is listing sequence of function calls to establish a connection between a client

and a server using socket.

Server Client

Create socket – socket(….) Create socket – socket(….)

Assign a name to it – bind (…) …

Establish connection queue – listen(…) …

Get a connection from queue – accept(…) Initiate connection – connect(…)

read(…) write(…)

write(…) read(…)

Table-6.1

Figure-6.4


System calls for client side:

1. Create a socket with the socket() system call

2. Connect the socket to the address of the server using the connect() system call

3. Send and receive data. There are a number of ways to do this, but the simplest is to use

the read() and write() system calls.

4. Close the socket with the close() system call

System calls for server side:

1. Create a socket with the socket() system call

2. Bind the socket to an address using the bind() system call. For a server socket on the

Internet, an address consists of a port number on the host machine.

3. Listen for connections with the listen() system call

4. Accept a connection with the accept() system call. This call typically blocks until a client

connects with the server.

5. Send and receive data

6.6 Basic data structures used in Socket programming

Socket Descriptor: A simple file descriptor in UNIX.

Socket Address: This construct holds the information for socket address

struct sockaddrs {

unsigned short sa_family; // address family, AF_xxx or PF_xxx

char sa_data[14]; // 14 bytes of protocol address

};

AF stands for Address Family and PF stands for Protocol Family. In most modern

implementations only the AF is being used. The various kinds of AF are as follows:


Name Purpose

AF_UNIX, AF_LOCAL Local communication

AF_INET IPv4 Internet protocols

AF_INET6 IPv6 Internet protocols

AF_IPX IPX - Novell protocols

AF_NETLINK Kernel user interface device

AF_X25 ITU-T X.25 / ISO-8208 protocol

AF_AX25 Amateur radio AX.25 protocol

AF_ATMPVC Access to raw ATM PVCs

AF_APPLETALK Appletalk

AF_PACKET Low level packet interface

Table-6.2

In all the sample programs given below, we will be using AF_INET.

struct sockaddr_in: This construct holds the information about the address family, port number,

Internet address,and the size of the struct sockaddr.

struct sockaddr_in {

short int sin_family; // Address family

unsigned short int sin_port; // Port number

struct in_addr sin_addr; // Internet address

unsigned char sin_zero[8]; // Same size as struct sockaddr

};


6.7 Socket Program:

These two programs socket_server.c and, socket_client.c show how you can establish a socket

connection using the above functions.

socket_server.c


#include <sys/socket.h>

#include <sys/un.h>

#include <stdio.h>

#define NSTRS 3 /* no. of strings */

#define ADDRESS "mysocket" /* addr to connect */

/* Strings we send to the client. */

char *strs[NSTRS] = {

"This is the first string from the server.\n",

"This is the second string from the server.\n",

"This is the third string from the server.\n"

};

main()

{


char c;

FILE *fp;

int fromlen;

register int i, s, ns, len;

struct sockaddr_un saun, fsaun;

/* Get a socket to work with. This socket will be in UNIX domain, and will be a stream socket.

*/

if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {

perror("server: socket");

exit(1);

}

/* Create the address we will be binding to. */

saun.sun_family = AF_UNIX;

strcpy(saun.sun_path, ADDRESS);

/* Try to bind the address to the socket. We unlink the name first so that the bind won't fail.

The third argument indicates the "length" of the structure, not just the length of the socket name.

*/

unlink(ADDRESS);

len = sizeof(saun.sun_family) + strlen(saun.sun_path);

if (bind(s, &saun, len) < 0) {


perror("server: bind");

exit(1);

}

/* Listen on the socket. */

if (listen(s, 5) < 0) {

perror("server: listen");

exit(1);

}

/* Accept connections. When we accept one, ns will be connected to the client. fsaun will

contain the address of the client. */

if ((ns = accept(s, &fsaun, &fromlen)) < 0) {

perror("server: accept");

exit(1);

}

/* We'll use stdio for reading the socket. */

fp = fdopen(ns, "r");

/* First we send some strings to the client. */

for (i = 0; i < NSTRS; i++)

send(ns, strs[i], strlen(strs[i]), 0);

/* Then we read some strings from the client and print them out. */


for (i = 0; i < NSTRS; i++) {

while ((c = fgetc(fp)) != EOF) {

putchar(c);

if (c == '\n')

break;

}

}

/* We can simply use close() to terminate the connection, since we're done with both sides. */

close(s);

exit(0);

}

socket_client.c


#include <sys/socket.h>

#include <sys/un.h>

#include <stdio.h>

#define NSTRS 3 /* no. of strings */

#define ADDRESS "mysocket" /* addr to connect */


/* Strings we send to the server. */

char *strs[NSTRS] = {

"This is the first string from the client.\n",

"This is the second string from the client.\n",

"This is the third string from the client.\n"

};

main()

{

char c;

FILE *fp;

register int i, s, len;

struct sockaddr_un saun;

/* Get a socket to work with. This socket will be in the UNIX domain, and will be a stream

socket. */

if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {

perror("client: socket");

exit(1);

}

/* Create the address we will be connecting to. */

saun.sun_family = AF_UNIX;


strcpy(saun.sun_path, ADDRESS);

/* Try to connect to the address. For this to succeed, the server must already have bound this

address, and must have issued a listen() request. The third argument indicates the "length" of the

structure, not just the length of the socket name. */

len = sizeof(saun.sun_family) + strlen(saun.sun_path);

if (connect(s, &saun, len) < 0) {

perror("client: connect");

exit(1);

}

/* We'll use stdio for reading the socket. */

fp = fdopen(s, "r");

/* First we read some strings from the server and print them out. */

for (i = 0; i < NSTRS; i++) {

while ((c = fgetc(fp)) != EOF) {

putchar(c);

if (c == '\n')

break;

}

}

/* Now we send some strings to the server. */


for (i = 0; i < NSTRS; i++)

send(s, strs[i], strlen(strs[i]), 0);

/* We can simply use close() to terminate the connection, since we're done with both sides.

*/

close(s);

exit(0);

}

Configure the above socket_server.c and socket_client.c programs for you system and compile

and run them. You will need to set up socket ADDRESS definition.

UMMARY

A socket is a tool that allows us to transfer data in a bidirectional way. In UNIX it allows process

running on same system to exchange data bidirectional. In network environment sockets permits

process running on different machine to bidirectional exchange of data.

· A socket application running on server site can listen and handle many client connected

to it.

· Sockets are very versatile and are a basic component of interposes and intersystem

communication.

GUIDE QUESTIONS

1. Define a general socket and explain its working.

2. Define an UNIX socket and explain its working.

S


3. List steps involved in socket programming.

4. List basic system calls used to in socket programming.

5. Explain working of system calls used for client site.

6. Explain working of system calls used in server site.

7. Write a simple socket program to exchange your name, age and address between client and

server.

References

1. http://www.cse.iitk.ac.in/users/dheeraj/cs425/lec17.html/

2. http://www.cs.cf.ac.uk/Dave/C/node28.html

3. http://www.pcmag.com/encyclopedia/term/53469/unix-socket

4. https://en.wikipedia.org/wiki/Unix_domain_socket

5. http://sushantsharmaa.blogspot.com/2012/08/socket-programming.html

Documents

ITSE4206_UNIX System Programming