47 [UNIX System Programming -ITSE4206]
CHAPTER 3
Inter-process communication
Objectives
At the end of this module, the students will be able to:
3.1Explain Inter process communication
3.2Use pipes in IPC
3.3 Work with named pipes
3.4 Use message queues for inter process logging
3.5 Use semephores for inter process
3.6 Write simple unix system programs using c
3.1 Introduction
Inter process communication in short IPC, is a mechanism for processes to communicate and to
synchronize their actions. IPC enables one application to control another application, and for
several applications to share the same data without interfering with one another. IPC is required
in all multiprocessing systems, but it is not generally supported by single-process operating
systems.
The various forms of IPC that are supported on a UNIX system are as follows :
1) Half duplex Pipes.
2) FIFO’s
3) Full duplex Pipes.
4) Named full duplex Pipes.
5) Message queues.
6) Shared memory.
Objectives
48 [UNIX System Programming -ITSE4206]
7) Semaphores.
8) Sockets.
9) STREAMS.
The first seven forms of IPC are usually restricted to IPC between processes on the same host.
The final two i.e. Sockets and STREAMS are the only two that are generally supported for IPC
between processes on different hosts.
3.2 PIPES
A pipe is a method of connecting the standard output of one process to the standard input of
another. Allow transfer of data between processes in a FIFO manner. Allows one way flow of
data (usually, about 4k bytes). Now, UNIX allows bi-directional flow of data
3.2.1 Shell pipes
UNIX shell pipes join the standard output of one command to the standard input of another
command.
Example:
ls | wc
Output : count the number of lines, words, characters from the list of the files. The left hand side
command give the input to the right hand side for processing.
$ls -l | grep "Aug" The simplest use of grep is to look for a pattern consisting of a single word
Using pipes, display all lines of list1 and list2 containing the letter 'p', and sort the result.
$ cat list1 list2 | grep p | sort
3.2.2. pipe system call
A pipe is created by calling the pipe function.
49 [UNIX System Programming -ITSE4206]
#include <unistd.h>
int pipe(int filedes[2]);
Returns: 0 if OK, -1 on error.
Two file descriptors are returned through the filedes argument: filedes[0] is open for reading, and
filedes[1] is open for writing. The output of filedes[1] is the input for filedes[0]. Now, both fd[0]
and fd[1] can be used for both reading and writing
Figure 3.1. Two ways to view a half-duplex pipe Figure 3.2. Half-duplex pipe after a
fork
· Use system calls read() and write() to access the pipe.
intn_read = read(intfd, char *buf, int n);
intn_written = write(intfd, char *buf, int n);
· For both, the first argument is a file descriptor. The second argument is a character array in your
program where the data is to go to or to come from. The third argument is the number is the
number of bytes to be transferred.
· Read :
§ if the pipe is empty, the process is blocked ; otherwise, read up to the number of specified
bytes.
· Write :
§ If the pipe is full, the process is blocked until enough spaces are available to write the
entire data. If no reading fd attached, return a signal ” IGPIPE”
50 [UNIX System Programming -ITSE4206]
§ If the pipe is not full and the size of write is less than 4k, then the write is atomic. If the
size is > 4k, you should separate into several writes.
Program 3.1 : Pipe in the process
#include<stdio.h>
main( )
{
int p[2],res;
char x[10];
res=pipe(p);
if(res = = 0)
{
write(p[1], “Hello”, 6);
read(p[0],x,6);
printf(“%s\n”,x);
}
else
printf(“Pipe is not created\n”);
}
Output:
Hello
51 [UNIX System Programming -ITSE4206]
Program 3.2 : Pipe between parent and child process (fork)
#include <stdio.h>
main()
{
int fd[2];
charch[11];
pipe(fd); /* creates a pipe */
if (fork() == 0)
{
read(fd[0],ch,11);
printf("Child got %s\n",ch);
read(fd[0],ch,11);
printf("Child got %s\n",ch);
exit(0);
}
else
{
write(fd[1],"Ahmed",11);
sleep(10);
write(fd[1],"Mohammed",11);
wait(0);
close(fd[0]);
52 [UNIX System Programming -ITSE4206]
close(fd[1]);
}
}
Output:
Child got Ahmed
Child got Mohammed
3.3 FIFOs
One of the major disadvantage of pipes is that the they cannot be accessed using their names by
any other process other than child and the parent as they do not get listed in the directory tree.
FIFOs are sometimes called a named pipe, which stands for First in First out, meaning the data
that is written into the pipe first will be read out first always.
The fifos get listed in the directory tree and any process can access it using its name by providing
the appropriate path.
There are two uses for FIFOs.
· FIFOs are used by shell commands to pass data from one shell pipeline to another
without creating intermediate temporary files.
· FIFOs are used as rendezvous points in client-server applications to pass data between
the clients and the servers.
fifos are created using
53 [UNIX System Programming -ITSE4206]
· The Command mkfifo at shell prompt
Syntax: mkfifoname_fifo
· The function mkfifo() which takes as arguments
#include <sys/stat.h>
intmkfifo(const char *pathname, mode_t mode);
const char *pathname – is the file name
mode_t mode – is the absolute value of the permissions given to the file . Read permission is
given the value 4, write permission the value 2 and execute permission 1. (ex 777 for users,
group and others have all the permissions)
Returns: 0 if OK, -1 on error
Properties: ( Some of them are also applicable to PIPES)
1) After a FIFO is created, it can be opened for read or write.
2) Normally, opening a FIFO for read or write, it blocks until another process opens it for write
or read.
3) A read gets as much data as it requests or as much data as the FIFO has, whichever is less.
4) A write to a FIFO is atomic, as long as the write does not exceed the capacity of the FIFO.
The
capacity is at least 4k.
3.3.1. Simple named pipe example at shell prompt:
54 [UNIX System Programming -ITSE4206]
$ mkfifoabdul
$ps>abdul
Note :ps values/ouput are written in abdul but you cannot see the prompt unless the values are
read from the pipe. So open a another prompt and issue the following command.
$cat abdul
Displays the content of abdul i.e., the output of ps command
3.3.2. Using mkfifo() system call
Once the file is created, it needs to be opened using the system call open() and the data can be
read and written from the file using read() and write() system calls.
The following is prototype for open() system call
int open(const char *pathname, int flags);
open() returns a file descriptor, a small, non-negative integer for use in subsequent system calls
(read(2), write(2), lseek(2), fcntl(2), etc.). It returns -1 on failure.The path argument points to a
pathname naming the file.
The flags specified are formed by or'ing the following values
O_RDONLY open for reading only
O_WRONLY open for writing only
O_RDWR open for reading and writing
O_NONBLOCK do not block on open
55 [UNIX System Programming -ITSE4206]
O_APPEND append on each write
O_CREAT create file if it does not exist
O_TRUNC truncate size to 0
O_EXCL error if create and file exists
O_SHLOCK atomically obtain a shared lock
O_EXLOCK atomically obtain an exclusive lock
Program 3.3 : Named Pipe (FIFO) between parent and child process (fork)
#include<stdio.h>
#include<fcntl.h>
main()
{
char text[100]=”Sultanate of Oman”,str[100];
intpi,fd;
mkfifo(“test”,777);
if(fork( ) = = 0)
{
fd=open(“test”,O_RDONLY);
pi=read(fd,str,100);
printf(“%s\n”,str);
close(fd);
}
56 [UNIX System Programming -ITSE4206]
else
{
fd=open(“test”,O_WRONLY);
write(fd,text,strlen(text)+1);
close(fd);
}
}
Output:
Sultanate of Oman
3.4 Message Queues
Message queues are an handy way to get IPC when working with unrelated processes that run
completely without synchronism. A message queue is a shared "box" where processes can drop
and withdraw messages independently. Message queues allow one or more processes to write
messages that will be read by one or more reading processes. Message queues can be viewed as
pipes with message-based (instead of stream based)
The kernel maintains a structure for every message queue in the system. The data structures for
message queues are defined in sys/msg.h. The major data structure for message queues is
msqid_ds, which has the following members.
structipc_permmsg_perm; /* operation permission structure */
msgqnum_tmsg_qnum; /* number of messages currently in queue */
msglen_tmsg_qbytes; /* maximum bytes allowed in queue */
pid_tmsg_lspid; /* process ID of msgsnd */
57 [UNIX System Programming -ITSE4206]
pid_tmsg_lrpid; /* process ID of msgrcv */
time_tmsg_stime; /* time of last msgsnd */
time_tmsg_rtime; /* time of last msgrcv */
time_tmsg_ctime; /* time of last msgctl */
The msgqnum_t data type holds the number of messages in the message queue; the msglen_t
type holds the number of bytes allowed in a message queue. Both types must be at least as large
as an unsigned short.
Each message on a queue has the following attributes :
#include <sys/msg.h>
structmsgbuf
{
longmtype; /* message type */
charmtext[1]; /* message text : can be variable length*/
};
3.4.1. Message Queue Calls
· intmsgget(key_t key, intmsgflg);
§ creates a new or gets an existing message queue
§ "msgflg" consists of flags:
ü used for permissions, similar to file permissions
ü IPC_CREAT flag is used to create a new message queue, ignored if it
already exists
· intmsgsnd(intmsqid, structmsgbuf *msgp, size_tmsgsz, intmsgflg);
58 [UNIX System Programming -ITSE4206]
§ adds a message to the message queue
§ "msqid" is the message queue id returned by msgget( )
§ "msgp" is a structure:
ü first member must be a "long int", which is the message type (must be >0)
ü then the actual message to be sent is defined
§ "msgsz" is the size of the message, not including the "long int" message type
§ "msgflg" consists of flags specifying the action if the message queue is full or
system limits are reached
· ssize_tmsgrcv(intmsqid, structmsgbuf *msgp, size_tmsgsz, long msgtyp, intmsgflg);
§ retrieves message from message queue
§ "msqid" is the message queue id returned by msgget( )
§ "msgp" is a structure:
ü first member must be a "long int", which is the message type
ü then the buffer for the received message is defined
§ "msgsz" is the size of the message buffer, not including the "long int" message
type
§ "msgtyp" allows a simple form of message prioritization:
ü 0 - first available message is retrieved
ü >0 - first available message with the specified message type is retrieved
ü <0 - first available message with a message type less then or equal to the
specified message type is retrieved
§ "msgflg" consists of flags specifying the action if no message of the appropriate
type is available
· intmsgctl(intmsqid, intcmd, structmsqid_ds *buf);
§ message queue control
§ used to get or change permissions of a message queue, or to delete it
§ "msqid" is the message queue id returned by msgget( )
§ "cmd" is the command to execute
ü "IPC_STAT" sets the data in "msqid_ds" to reflect current values
ü "IPC_SET" sets the current values to those in "msqid_ds"
ü "IPC_RMID" deletes the message queue
59 [UNIX System Programming -ITSE4206]
Program 3.4 : Message Queue between two processes
Writer Program :(Sender)msg.c
#include <stdio.h>
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/msg.h>
struct Message
{
long mesg_type;
charmesg_data[1000];
} ;
main()
{
int msgid;
int len;
struct Message mesg;
msgid = msgget(1000, 0600|IPC_CREAT);
mesg.mesg_type = 100;
60 [UNIX System Programming -ITSE4206]
strcpy(mesg.mesg_data, "message number 1111\0");
len = strlen(mesg.mesg_data);
msgsnd(msgid, &mesg, len, 0);
mesg.mesg_type = 300;
strcpy(mesg.mesg_data, "message number 3333\0");
len = strlen(mesg.mesg_data);
msgsnd(msgid,&mesg, len, 0);
mesg.mesg_type = 200;
strcpy(mesg.mesg_data, "message number 2222\0");
len = strlen(mesg.mesg_data);
msgsnd(msgid,&mesg, len, 0);
}
Reader Program :(Reciever)msgr.c
#include <stdio.h>
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/msg.h>
61 [UNIX System Programming -ITSE4206]
struct Message
{
long mesg_type;
char mesg_data[1000];
} ;
main()
{
int msgid;
intlen;
struct Message mesg;
msgid = msgget(1000, 0600|IPC_CREAT);
msgrcv(msgid, &mesg, 100, 0, 0);
printf("Get a message type : %d = %s\n",mesg.mesg_type, mesg.mesg_data);
msgrcv(msgid, &mesg, 100, 0, 0);
printf("Get a message type : %d = %s\n",mesg.mesg_type, mesg.mesg_data);
msgrcv(msgid, &mesg, 100, 0, 0);
printf("Get a message type : %d = %s\n",mesg.mesg_type, mesg.mesg_data);
msgctl(msgid,IPC_RMID,0);
62 [UNIX System Programming -ITSE4206]
}
Output :
3.5 Semaphore.
Semaphores are one of the synchronization technique for IPC. "Suppose there is a stretch of
railroad in which there is a single track over which only one train at a time is allowed. A
semaphore guards the track. A train has to wait before entering the single track until the
semaphore is in a state that allows travel. When the train enters the track, the semaphore changes
the state to prevent other trains from entering the track. A train that is leaving this track must
change the state of the semaphore to allow another train to enter the track. “In computer jargon,
"a semaphore is an integer value. A process waits for permission to proceed by waiting for the
integer to become 0. If the process proceeds after the signal, it may increment the integer by 1.
When the process is completed, it changes the semaphore’s value by subtracting 1 from the
integer.
Semaphores which allow an arbitrary resource count are called counting semaphores, while
semaphores which are restricted to the values 0 and 1 (or locked/unlocked, unavailable/available)
are called binary semaphores. Counting semaphores are equipped with two operations,
historically denoted as V (also known as signal()) and P (or wait()). Operation V increments the
semaphore S, and operation P decrements it. P ( for wait operation) derived from Dutch word
(proberen) which means to test.V ( for signal passing operation ) derived from the word
‘Verhogen’ which means to increament
63 [UNIX System Programming -ITSE4206]
· Semaphores are used to synchronize operations on processes or to synchronize access to
data resources that may be accessed by several processes in parallel.. A semaphore set
contains a control structure and an array of individual semaphores. A semaphore set can
hold up to 25 elements. In Unix, operations involving semaphores are achieved by these
three system calls:
o semget(): Is used to initialize the semaphore set
o semctl(): Is used to change the ownership permission
o semop(): Is used to perform operations on semaphores
The Advantage of Semaphores
Semaphores can be used to solve the problem of a critical section. A process is said to be in a
critical section when it is executed independently and no other process interferes with its
execution. This condition is mutually exclusive.
Semaphore Initialization
Semaphores are initialized by using the semget() system function. The syntax of this function is:
int semget(key_t key, int nsems, int semflg);
This function returns an integer value. When the functions returns successfully, it returns the
value of the semaphore ID, semid.
64 [UNIX System Programming -ITSE4206]
The first argument, key, is mandatory and specifies an access value associated with the
semaphore ID. The second argument, nsems, specifies the numbers of elements stored in a
semaphore array. The call to this function fails if the value of nsems is greater than the number
of elements in an existing array. If the exact count of the array is not known, specifying 0 in this
argument ensures a successful call to this function. The third argument, semflg, indicates the
initial access permissions and creation control flags.
Handling Semaphores
Semaphores are controlled by the semctl() system function. This function changes the
permissions and other features of a semaphore set. The syntax of this function is:
int semctl(int semid, int semnum, int cmd, union semun arg);
This function takes three arguments and returns an integer value. The first argument is the
semaphore ID. The second argument is a value that selects a semaphore from an array of
semaphores. The third argument may take any of these values of the control flags:
•GETVAL: Returns the value of a single semaphore
•SETVAL: Sets the value of a single semaphore.
Operations on Semaphores
A Unix semaphore is an array of semaphores opened simultaneously and atomically by an array
of operations specified in the semop() system function. The syntax of this function, which is used
to obtain or release a semaphore, is:
65 [UNIX System Programming -ITSE4206]
int semop(int semid, struct sembuf *sops, size_t nsops);
This function takes three arguments and returns an integer value. The first argument, semid, is
the semaphore ID returned by the semget() call. In the second argument, sops refers to a pointer
to an array of structures. The information about the semaphore operation contained in each
structure includes:
• The semaphore number.
• The operation to be performed on the semaphore.
• The control flags, if any.
Program 3.5.1
/* semabinit.c –This program initialize a semaphore
to be used by the programs, sema and semb */
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/sem.h>
#include <stdio.h>
/* The semaphore key is a long integer. This is an external identification of the semaphore that a
program may use to access it.*/
66 [UNIX System Programming -ITSE4206]
#define KEY (1492)
void main()
{
int id; /* This number is used as an internal identification of the semaphore.*/
/* The semnum union is an argument to the semctl() function. This function performs various
tasks for the semaphore depending on which arguments are passed to it.You can initially set the
semaphore value to zero.*/
union semun
{
int val;
struct semid_ds *buf;
ushort * array;
} argument;
argument.val = 0;
/* This creates the semaphore with external key, KEY. if it is not there then just give the
permission 0666 to it. */
id = semget(KEY, 1, 0666 | IPC_CREAT);
/*Checking the return value.*/
if(id < 0)
{
printf("Unable to obtain semaphore.\n");
67 [UNIX System Programming -ITSE4206]
exit(0);
}
/* Stores the semaphore. The second argument to semget() is given as 1.*/
/* Sets the value of the semaphore which contains the number zero, in semaphore array id to
the value zero. */
if( semctl(id, 0, SETVAL, argument) < 0)
{
printf( "Unable to set semaphore value.\n");
}
else
{
printf("Semaphore %d initialized.\n", KEY);
}
}
Programm 3. 5.2 /* Semaphore example: Program (sema.c) */
/*Two programs, sema and semb are available to you now. Semb can be started at any time. This
will be forced to wait until the program sema is executed. Sema and semb needs not to be
executed by the same user */
#include <stdio.h>
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/sem.h>
#define KEY (1492)
68 [UNIX System Programming -ITSE4206]
/* This is the external name of the semaphore known to any program that wishes to access it. */
void main()
{
int id; /*This stores the internal identifier of the semaphore. */
struct sembuf operations[1];
/* An "array"of one operation to perform on the semaphore. */
int retval; /* Return value from semop() */
/* Receives the index for the semaphore with external name KEY. */
id = semget(KEY, 1, 0666);
if(id < 0)
/* Semaphore does not exist. */
{
printf( "Program sema unable to find semaphore and hence exiting.\n");
exit(0);
}
/* Begins a semaphore V-operation. */
printf("Program sema starts a V-operation.\n");
/* Sets the sembuf structure. */
/* Finds the semaphore, which one?: */
operations[0].sem_num = 0;
/* Which operation? Add 1 to semaphore value : */
69 [UNIX System Programming -ITSE4206]
operations[0].sem_op = 1;
/* Sets the flag and waits: */
operations[0].sem_flg = 0;
/* Do the operation now.*/
retval = semop(id, operations, 1);
if(retval == 0)
{
printf("V-operation by program sema is succeeded.\n");
}
else
{
printf("sema: V-operation did not succeed.\n");
printf("You find the reason!");
}
}
/*When the program, sema gets executed twice then the program, semb can also execute twice.
*/
Programm 3.5.3 /* Semaphore example: Program 2(semb.c) */
/* The two programs, sema and semb are available to you now. Semb can be initiated at any
time. It will have to wait until sema is executed. These two programs, sema and semb may not
necessarily be executed by the same user.*/
/*You can test as: Execute semb & The & is at the end of semb is important and it allows you to
execute in the same system, otherwise you would have to move to a different terminal to execute
sema. Then execute sema. */
70 [UNIX System Programming -ITSE4206]
#include <stdio.h>
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/sem.h>
#define KEY (1492)
/* This is the external name of the semaphore that any program can use to access it. */
void main()
{
int id; /* This identifies the semaphore internally. */
struct sembuf operations[1];
/* An "array"of one operation to perform on the semaphore. */
int retval; /* This stores the return value from semop() */
/* This receives the index for the semaphore with external name KEY. */
id = semget(KEY, 1, 0666);
if(id < 0)
/* If semaphore is not available. */
{
printf("Program semb cannot find semaphore and hence exiting.\n");
exit(0);
}
/* This performs a semaphore P-operation. */
71 [UNIX System Programming -ITSE4206]
printf("Program semb just to begin a P-operation. \n");
printf("Process id is %d\n", getpid());
/* This sets up the sembuf structure. */
/* This tells which semaphore in the semaphore array:*/
operations[0].sem_num = 0;
/* Determination of the semaphore operation. Subtract 1 from semaphore value : */
operations[0].sem_op = -1;
/* Sets the flag and waits */
operations[0].sem_flg = 0;
/* Start the operation */
retval = semop(id, operations, 1);
if(retval == 0)
{
printf("P-operation succeeded by program semb.\n");
printf("Process id is %d\n", getpid());
}
else
{
printf("semb: P-operation failed.\n");
}
}
/* If sema is executed twice then semb can execute twice. */
72 [UNIX System Programming -ITSE4206]
UMMARY
When processes wish to communicate, they must first establish communication. The stream
mechanisms introduced in the Eighth Edition Unix system [1], which have now become part of
AT&T's Unix System V [2], provide a flexible way for processes to conduct an already-begun
conversation with devices and with each other: an existing stream connection is named by a file
descriptor, and the usual read, write, and I/O control requests apply. Processing modules may be
inserted dynamically into a stream connection, so network protocols, terminal processing, and
device drivers separate cleanly. However, these mechanisms, by themselves, do not provide a
general way to create channels between processes.
Simple extensions provide new ways of establishing communication. In our system, the
traditional Unix IPC mechanism, the pipe, is a cross-connected stream. A generalisation of file-
system mounting associates a stream with a named file. When the file is opened, operations on
the file are operations on the stream. Open files may be passed from one process to another over
a pipe. These low-level mechanisms allow construction of flexible and general routines for
connecting local and remote processes.
QUESTIONS
1) Explain about the half duplex pipes used in IPC
2) Write the program to implement FIFOs
3) Explain about the system calls being used in message queues
Laboratory Exercises:
S
Assignment
73 [UNIX System Programming -ITSE4206]
1.write a system program using message queue which includes both sender and receiver
part .(Using fork() system call)
References:
http://www.tutorialspoint.com/unix/unix-pipes-filters.htm
http://www.cs.fredonia.edu/zubairi/s2k2/csit431/more_pipes.html
74 [UNIX System Programming -ITSE4206]
CHAPTER 4
I/O MANIPULATION & FILE SECURITY
Objectives
At the end of this module, the students will be able to:
4.1 Examine File Access Permissions
4.2 Change the permissions using Absolute mode and symbolic mode
4.3 Understand the password aging , filewall configuration and encryption.
INTRODUCTION
In all operation systems, there is a standard input device and a standard output device. It is the
keyboard and the display screen respectively. Also the standard error device is the display
screen. Unless otherwise instructed Unix commands/programs get their input from the keyboard
and send their output to the terminal screen. Special files that instruct all the programs to accept
standard input from the keyboard and direct the standard output to the display, are provided by
Unix. Sometimes it is useful to redirect the input of output to a file or a printer. UNIX is a multi-
user system. Every file and directory in your account can be protected from or made accessible
to other users by changing its access permissions. Every user has responsibility for controlling
access to their files.
CCESS PERMISSIONS
4.1 A
Objectives
75 [UNIX System Programming -ITSE4206]
Permissions for a file or directory may be any or all of:
r - Read
w - Write
x - Execute = running a program
Each of this permission (rwx) can be controlled at three levels:
u - user = yourself
g - group = can be people in the same project
o - other = everyone on the system
File access permissions are displayed using the ls -l command. The output from the ls -l
command shows all permissions for all levels as three groups of three according to the scheme:
owner read (r)
owner write (w)
owner execute (x)
group read (r)
group write (w)
group execute (x)
public read (r)
public write (w)
public execute (x)
which are displayed as: -rwxrwxrwx
In your directory, type % ls -l (l for long listing!)
76 [UNIX System Programming -ITSE4206]
You will see that you now get lots of details about the contents of your directory, similar to the
example below.
Each file (and directory) has associated access rights, which may be found by typing ls -l.
-rwxrw-r-- 1 ee51ab beng95 2450 Sept29 11:52 file1
In the left-hand column is a 10 symbol string consisting of the symbols d, r, w, x, -, and,
occasionally, s or S. If d is present, it will be at the left hand end of the string, and indicates a
directory: otherwise - will be the starting symbol of the string.
The 9 remaining symbols indicate the permissions, or access rights, and are taken as three groups
of 3.
· The left group of 3 gives the file permissions for the user that owns the file (or directory) (ee51ab in the above example);
· The middle group gives the permissions for the group of people to whom the file (or directory) belongs
· The rightmost group gives the permissions for all others.
Examples
-rw------- 2 smith staff 3287 Apr 8 12:10 file1 - User has read and write permission. Group and
others have no permissions. -rw-r--r-- 2 smith staff 13297 Apr 8 12:11 file2 - User has read and write permission. Group and
others can only read the file. -rwxr-xr-x 2 smith staff 4133 Apr 8 12:10 myprog - User has read, write and execute permission.
Group and others can read and execute the file.
77 [UNIX System Programming -ITSE4206]
drwxr-x--- 2 smith staff 1024 Jun 17 10:00 SCCS - This is a directory. The user has read, write and
execute permission. Group has read and execute
permission on the directory. Nobody else can
access it.
Note: a directory must have both r and x permissions if the files it contains are to be
accessed.
4.2 CHANGING FILE PERMISSIONS
ABSOULTE MODE
File access permissions can be changed by a numerical (octal) chmod specification. Read
permission is given the value 4, write permission the value 2 and execute permission 1.
r w x
4 2 1
These values are added together for any one user category:
0 = no permissions
1 = execute only
2 = write only
3 = write and execute (1+2)
4 = read only
5 = read and execute (4+1)
6 = read and write (4+2)
7 = read and write and execute (4+2+1)
78 [UNIX System Programming -ITSE4206]
So access permissions can be expressed as three digits. For example:
user group others
chmod 640 file1 rw- r-- ---
chmod 754 file1 rwx r-x r--
chmod 664 file1 rw- rw- r—
Never set write permission for all other users on a file or directory which is in your home
directory. If you do other users will be able to change its content. This can represent a serious
security risk.
SYMBOLIC MODE
The chmod command is used to change access permissions for files which you own. The syntax
is:
chmod [who] [+/-/=] [permissions] filename
where:
who action permissions
u = user + à add r à read
g = group - à remove w à write
o = other = à add the specified permission, x à execute
but take away all others, if present
79 [UNIX System Programming -ITSE4206]
Examples:
· chmod o+r sample.f - Adds read permission for others to the file sample.f.
· chmod o-r sample.f - Removes read permission for others to the file sample.f.
· chmod og+rx prog* - Adds read and execute permissions for group and others to all files which contain
"prog" as the first four characters of their name.
· chmod +w * - Adds write permission only for user to all files in current directory.
· chmod +r * - Adds read permission to all (users, group, others) to all files in current directory.
· chmod u+x,o=w file1 - Adds execute permission for user and overwrite/override with write permission to
others
· chmod 2 file1 - provides write permission to others and nothing to user and group ( like 002)
· chmod 47 file1 - provides read permission to group, all permissions to others and nothing to user
( like 047)
80 [UNIX System Programming -ITSE4206]
4.3 PASSWORD SECURITY
Passwords are the primary method that Red Hat Enterprise Linux uses to verify a user's identity.
This is why password security is so important for protection of the user, the workstation, and the
network.
For security purposes, the installation program configures the system to use Secure Hash
Algorithm 512 (SHA512) and shadow passwords. It is highly recommended that you do not alter
these settings.
If shadow passwords are deselected during installation, all passwords are stored as a one-way
hash in the world-readable /etc/passwd file, which makes the system vulnerable to offline
password cracking attacks. If an intruder can gain access to the machine as a regular user, he can
copy the /etc/passwd file to his own machine and run any number of password cracking
programs against it. If there is an insecure password in the file, it is only a matter of time before
the password cracker discovers it.
Shadow passwords eliminate this type of attack by storing the password hashes in the file
/etc/shadow, which is readable only by the root user.
The following guidelines will help you to create a strong password:
· Make the Password at Least Eight Characters Long — The longer the password, the better. If using MD5 passwords, it should be 15 characters or longer. With DES passwords, use the maximum length (eight characters).
· Mix Upper and Lower Case Letters — Red Hat Enterprise Linux is case sensitive, so mix cases to enhance the strength of the password.
· Mix Letters and Numbers — Adding numbers to passwords, especially when added to the middle (not just at the beginning or the end), can enhance password strength.
· Include Non-Alphanumeric Characters — Special characters such as &, $, and > can greatly improve the strength of a password (this is not possible if using DES passwords).
· Pick a Password You Can Remember — The best password in the world does little good if you cannot remember it; use acronyms or other mnemonic devices to aid in memorizing passwords.
Password Aging
Password aging is another technique used by system administrators to defend against bad
passwords within an organization. Password aging means that after a specified period (usually 90
days), the user is prompted to create a new password. The theory behind this is that if a user is
forced to change his password periodically, a cracked password is only useful to an intruder for a
limited amount of time. The downside to password aging, however, is that users are more likely
to write their passwords down.
81 [UNIX System Programming -ITSE4206]
There are two primary programs used to specify password aging under Red Hat Enterprise
Linux: the chage command or the graphical User Manager (system-config-users) application.
Shadow passwords must be enabled to use the chage command. The -M option of the chage
command specifies the maximum number of days the password is valid. For example, to set a
user's password to expire in 90 days, use the following command:
chage -M 90 <username>
In the above command, replace <username> with the name of the user. To disable password
expiration, it is traditional to use a value of 99999 after the -M option (this equates to a little over
273 years).
For more information on the options available with the chage command, refer to the table below.
Table 2.1. chage command line options
Option Description
-d days Specifies the number of days since January 1, 1970 the password was changed.
-E date Specifies the date on which the account is locked, in the format YYYY-MM-DD.
Instead of the date, the number of days since January 1, 1970 can also be used.
-I days Specifies the number of inactive days after the password expiration before locking the
account. If the value is 0, the account is not locked after the password expires.
-l Lists current account aging settings.
-
m days
Specify the minimum number of days after which the user must change passwords. If
the value is 0, the password does not expire.
-
M days
Specify the maximum number of days for which the password is valid. When the
number of days specified by this option plus the number of days specified with the -d
option is less than the current day, the user must change passwords before using the
account.
-
W days Specifies the number of days before the password expiration date to warn the user.
You can also use the chage command in interactive mode to modify multiple password aging and
account details. Use the following command to enter interactive mode:
chage <username>
The following is a sample interactive session using this command:
82 [UNIX System Programming -ITSE4206]
~]# chage juan
Changing the aging information for juan
Enter the new value, or press ENTER for the default
Minimum Password Age [0]: 10
Maximum Password Age [99999]: 90
Last Password Change (YYYY-MM-DD) [2006-08-18]:
Password Expiration Warning [7]:
Password Inactive [-1]:
Account Expiration Date (YYYY-MM-DD) [1969-12-31]:
Upon the initial log in, the user is now prompted for a new password.
You can also use the graphical User Manager application to create password aging policies, as
follows. Note: you need Administrator privileges to perform this procedure.
1. Click the System menu on the Panel, point to Administration and then click Users and
Groups to display the User Manager. Alternatively, type the command system-config-users at a shell prompt.
2. Click the Users tab, and select the required user in the list of users. 3. Click Properties on the toolbar to display the User Properties dialog box (or choose
Properties on the File menu). 4. Click the Password Info tab, and select the check box for Enable password expiration. 5. Enter the required value in the Days before change required field, and click OK.
SERVICES AND PORTS
Configuring Linux Services
You can control which services you want to be automatically started at boot time. As mentioned
previously it is important to avoid having any services running that you don't actually need.
Every server is a potential access point into your Linux server so it is good practice to turn off
anything you don't think you will use. Bear in mind that you can always turn on a service at a
later date if you find you need it.
There are number of ways to control what services get started using both command line and
graphical tools without having to delve into the depths of your Linux system.
The command line tool chkconfig (usually located in /sbin) can be used to list and configure
which services get started at boot time. To list all service settings run the following command:
/sbin/chkconfig --list
83 [UNIX System Programming -ITSE4206]
This will display a long list of services showing whether or not they are started up at various
runlevels. You may want to narrow the search down using Linux grep command. For example to
list the entry for the HTTP daemon you would do the following:
/sbin/chkconfig --list | grep httpd
which should result in something like:
httpd 0:off 1:off 2:off 3:on 4:off 5:off 6:off
Alternatively you may just be interested to know what gets started for runlevel 3:
/sbin/chkconfig --list | grep '3:on'
chkconfig can also be used to change the settings. If we wanted the HTTP service to start up
when we at runlevel 5 we would issue the following command:
/sbin/chkconfig --level 5 httpd on
Service command - list running services
service --status-all service --status-all | grep ntpd service --status-all | less
Print the status of any service
To print the status of apache (httpd) service: service httpd status
List all known services (configured via SysV)
chkconfig --list
List service and their open ports
netstat -tulpn
Turn on / off service
ntsysv chkconfig service off chkconfig service on chkconfig httpd off chkconfig ntpd on
84 [UNIX System Programming -ITSE4206]
ntsysv is a simple interface for configuring runlevel services which are also configurable through chkconfig. By default, it configures the current runlevel. Just type ntsysv and select service you want to run:
A number of graphical tools are also available for administering services. On RedHat 9 you can
run the following command:
redhat-config-services
Verifying Which Ports Are Listening
Unnecessary open ports should be avoided because it increases the attack surface of your system.
If after the system has been in service you find unexpected open ports in listening state, that
might be signs of intrusion and it should be investigated.
Issue the following command, as root, from the console to determine which ports are listening
for connections from the network:
~]# netstat -tanp | grep LISTEN
tcp 0 0 0.0.0.0:45876 0.0.0.0:* LISTEN 1193/rpc.statd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1241/dnsmasq
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1783/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 7696/sendmail
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1167/rpcbind
tcp 0 0 127.0.0.1:30003 0.0.0.0:* LISTEN 1118/tcsd
tcp 0 0 :::631 :::* LISTEN 1/init
tcp 0 0 :::35018 :::* LISTEN 1193/rpc.statd
tcp 0 0 :::111 :::* LISTEN 1167/rpcbind
Review the output of the command with the services needed on the system, turn off what is not
specifically required or authorized, repeat the check. Proceed then to make external checks using
nmap from another system connected via the network to the first system. This can be used verify
the rules in iptables. Make a scan for every IP address shown in the netstat output (except for
localhost 127.0.0.0 or ::1 range) from an external system. Use the -6 option for scanning an IPv6
address. See man nmap(1) for more information.
The following is an example of the command to be issued from the console of another system to
determine which ports are listening for TCP connections from the network:
~]# nmap -sT -O 192.168.122.1
85 [UNIX System Programming -ITSE4206]
Refer to the man pages for netstat, nmap, and services for more information.
FIREWALL CONFIGURATION
What exactly is a Firewall?
A firewall is a program running on a Gateway, Bridge or PC/Laptop/Smartphone that is capable of filtering incoming, outgoing, and forwarded network packets. A firewall is essentially a tool that lets you restrict you or your network’s access to the Internet, and
someone else’s access from the Internet to your network.
What we have here is actually something quite simple:
· A few computers and other network-connected devices – the green boxes · An e-mail server – the red box · A Microsoft Active Directory server – the blue box · A gateway, which is also a firewall, for our network running Linux – the black box · Between all of these is a simple network switch
86 [UNIX System Programming -ITSE4206]
we will configure iptables on that gateway, so that it will allow all the devices in the network to
connect to the Internet. It will allow us to connect to it, via SSH, and will allow external mail
servers to reach the mail server inside our network – a computer that does not even have a public
IP address; only a private one.
How a Firewall Works
A typical firewall can perform a number of tasks depending on the complexity of the firewall
itself. The basic functions of a firewall are as follows:
Stealth Mode - Discarding Pings
There is a common mechanism in networked environments for finding out if a particular system
is up and running and connected to the network. Typically a utility called ping is given the IP
address of the remote system. The ping utility sends a data packet to the remote system
represented by the IP address and waits for a reply. If it gets a reply then the user knows that the
system at that address is available on the network.
Port Forwarding and Blocking
Port blocking is the most fundamental level of firewall security and will be used by most home
or small business users to protect their systems.
As we mentioned previously computer systems communicate through ports. A firewall can be
used to block any ports that you do not want to be open to your systems inside the firewall. For
example FTP operates through port 21. If you do not wish anyone on the outside to have ftp
access to your systems you will need to configure your firewall to block port 21.
Conversely, Port Forwarding is also a very useful tool to have. Suppose you have three Linux
systems on your internal network and want to be able to telnet into one of those systems when
you are outside your firewall (perhaps at the local café using the free Wi-Fi connection while you
drink your coffee or while in a hotel on a business trip). In this situation you will configure your
firewall to forward port 21 connections to the system you want to access from outside. When you
connect to your IP address using telnet the firewall will see the packets arriving on port 21 and
know that it must forward them to the IP address of the machine you have designated. If you
have more than one system on your network it is essential that you set up port forwarding to
handle this. After all, without port forwarding how would the router know which internal system
you wanted to connect to?
87 [UNIX System Programming -ITSE4206]
Packet Filtering
Packet filtering is a much more advanced mechanism for providing security and is not available
in typical small business or home use router devices.
Data is transmitted over networks and the internet in what are called packets. Each packet
contains information about where the data came from and where it is going to (i.e the IP address
of the sender and the your IP address). In fact a packet contains a great deal of information about
the nature of the data being transmitted and many advanced firewall solutions allow you to filter
the data packets coming in through your internet connection to allow or disallow packets
depending on what are called filtering rules. For example you might allow a telnet session
(which allows you to log into your Linux system from outside) but disallow ftp packets (which
allow files to be transferred to and from of your Linux system). You may also choose to block
packets arriving from an IP address that you know to be suspicious.
Port numbers which are recognized by Internet and other network protocols, enabling the computer to interact with others. Each Linux server has a port number (see /etc/services file). For example:
1. TCP port 80 - HTTP Server 2. TCP port 443 - HTTPS Server 3. TCP port 25 - Mail Server 4. TCP port 22 - OpenSSH (remote) secure shell server 5. TCP port 110 - POP3 (Post Office Protocol v3) server 6. TCP port 143 - Internet Message Access Protocol (IMAP) — management of email
messages 7. TCP / UDP port 53 - Domain Name System (DNS)
Block Incoming Port
The syntax is as follows to block incoming port using IPtables:
/sbin/iptables -A INPUT -p tcp --destination-port {PORT-NUMBER-HERE} -j DROP ### interface section use eth1 ### /sbin/iptables -A INPUT -i eth1 -p tcp --destination-port {PORT-NUMBER-HERE} -j DROP ### only drop port for given IP or Subnet ## /sbin/iptables -A INPUT -i eth0 -p tcp --destination-port {PORT-NUMBER-HERE} -s {IP-ADDRESS-HERE} -j DROP
88 [UNIX System Programming -ITSE4206]
/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port {PORT-NUMBER-HERE} -s {IP/SUBNET-HERE} -j DROP To block port 80 (HTTP server), enter (or add to your iptables shell script):
# /sbin/iptables -A INPUT -p tcp --destination-port 80 -j DROP
# /sbin/service iptables save
Block Incomming Port 80 except for IP Address 1.2.3.4
# /sbin/iptables -A INPUT -p tcp -i eth1 -s ! 1.2.3.4 --dport 80 -j DROP
Block Outgoing Port
The syntax is as follows:
/sbin/iptables -A OUTPUT -p tcp --dport {PORT-NUMBER-HERE} -j DROP ### interface section use eth1 ### /sbin/iptables -A OUTPUT -i eth1 -p tcp --dport {PORT-NUMBER-HERE} -j DROP ### only drop port for given IP or Subnet ## /sbin/iptables -A OUTPUT -i eth0 -p tcp --destination-port {PORT-NUMBER-HERE} -s {IP-ADDRESS-HERE} -j DROP /sbin/iptables -A OUTPUT -i eth0 -p tcp --destination-port {PORT-NUMBER-HERE} -s {IP/SUBNET-HERE} -j DROP To block outgoing port # 25, enter:
# /sbin/iptables -A OUTPUT -p tcp --dport 25 -j DROP
# /sbin/service iptables save
You can block port # 1234 for IP address 192.168.1.2 only:
# /sbin/iptables -A OUTPUT -p tcp -d 192.168.1.2 --dport 1234 -j DROP
# /sbin/service iptables save
You can setup kernel variable to drop all ping packets. Type the following command at shell prompt:
# echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
This instructs the kernel to simply ignore all ping requests (ICMP type 0 messages). To enable ping request type the command:
echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all
You can add following line to /etc/sysctl.conf file:
# vi /etc/sysctl.conf Append following line:
net.ipv4.icmp_echo_ignore_all = 1
Save and close the file.
89 [UNIX System Programming -ITSE4206]
ENCRYPTING FILE
To encrypt a single file, use command gpg as follows: $ gpg -c filename
To encrypt myfinancial.info.txt file, type the command: $ gpg -c myfinancial.info.txt Sample output:
Enter passphrase:<YOUR-PASSWORD> Repeat passphrase:<YOUR-PASSWORD>
This will create a myfinancial.info.txt.gpg file. Where,
· -c : Encrypt with symmetric cipher using a passphrase. The default symmetric cipher used is CAST5, but may be chosen with the --cipher-algo option. This option may be combined with --sign (for a signed and symmetrically encrypted message), --encrypt (for a message that may be decrypted via a secret key or a passphrase), or --sign and --encrypt together (for a signed message that may be decrypted via a secret key or a passphrase).
Please note that if you ever forgot your password (passphrase), you cannot recover the data as it use very strong encryption.
Decrypt a file
To decrypt file use the gpg command as follow: $ gpg myfinancial.info.txt.gpg Sample outputs:
gpg myfinancial.info.txt.gpg gpg: CAST5 encrypted data Enter passphrase:<YOUR-PASSWORD>
Decrypt file and write output to file vivek.info.txt you can run command: $ gpg myfinancial.info.gpg –o vivek.info.txt Also note that if file extension is .asc, it is a ASCII encrypted file and if file extension is .gpg, it is a binary encrypted file.
90 [UNIX System Programming -ITSE4206]
SUMMARY
This chapter presented the details of standard input, output and error files. Redirection operators
and filters with different options and examples are explained in detail. Also it covered file access
permissions and the absolute and symbolic mode of changing file permissions.
Guide Questions
1. What will be the effect of the following Unix commands?
a. chmod 777 ab.c
b. chmod ug+r fff.out
2. Differentiate between absolute mode & symbolic mode.
3. What is the ideal permission to set on a directory?
4. If we have a read permission to somebody’s directory can we do a “ls” on it?
References
1. https://www.dartmouth.edu/~rc/help/faq/permissions.html
2. http://www.unix.com/shell-programming-scripting
91 [UNIX System Programming -ITSE4206]
CHAPTER 5
Working with Databases
Objectives
At the end of this module, the students will be able to:
5.1. Describe the features of MySQL
5.2. Identify the installation procedure
5.3. Create the databases
5.4. Use DDL and DML statements on databases
5.5. Evaluate the permissions on databases
5.1 Introduction
MySQL is a full-featured relational database management system (RDBMS) sponsored by the
Swedish company MySQL AB, which is owned by Oracle Corporation. MySQL is written in C
and C++ and is compatible with all major operating systems. MySQL source code is freely
available because it was originally developed as freeware.
MySQL originally developed and first released in 1995. MySQL is named after my, the daughter
Michael Wideners, of one of the product’s originators. It was originally produced under the GNU
General Public License, in which source code is made freely available. MySQL was originally
owned by Sun Microsystems; when the company was purchased by Oracle Corp. in 2010,
MySQL was part of the package.
Objectives
92 [UNIX System Programming -ITSE4206]
MySQL is very popular for Web-hosting applications because of its plethora of Web-optimized
features like HTML data types, and because it's available for free. It is part of the Linux, Apache,
MySQL, PHP (LAMP) architecture, a combination of platforms that is frequently used to deliver
and support advanced Web applications. MySQL runs the back-end databases of some famous
websites, including Wikipedia, Google and Facebook- a testament to its stability and robustness
despite its decentralized, free-for-all philosophy.
5.2 Features of MySQL
MySQL has many features following list shows the most important properties of MySQL.
· Client/Server Architecture: MySQL is a client/server system. Many clients (application
programs) communicate with the server; that is, they query data, save changes, etc. The
clients can run on the same computer as the server or on another computer
(communication via a local network or the Internet).
· SQL compatibility: MySQL supports as its database language as its name suggests SQL
(Structured Query Language). SQL is a standardized language for querying and updating
data and for the administration of a database.
· Platform independence: MySQL runs under a variety of operating systems; the most
important are Apple Macintosh OS X, Linux, Microsoft Windows, and the countless
UNIX variants, such as AIX, BSDI, FreeBSD, HP-UX, OpenBSD, Net BSD, SGI Iris,
and Sun Solaris.
· Multiuser Support: MySQL is a full multiuser system, which means that multiple
clients can access and use one (or more) MySQL database(s) simultaneously; this is of
particular significance during development of web-based applications, which are required
to support simultaneous connections by multiple remote clients.
· Open-Source Code: The MySQL source code is freely available under the terms of the
GNU General Public License—a key benefit, since it allows users to download and
modify the application to meet their specific needs.
93 [UNIX System Programming -ITSE4206]
5.3 Basic MySQL Tasks in UNIX
After installing MySQL on UNIX, we must initialize the grant tables, start the server, and make
sure that the server works satisfactorily. We should also assign passwords to the accounts in the
grant tables.
The following given bellow procedure describes how to initialize the grant tables and start the
server. It also suggests some commands that we can use to manage user, database, tables and
record.
5.3.1 Start the database:
Start the database: /etc/rc.d/init.d/mysqld start
5.3.2 Assign a password:
mysqladmin -u root password 'new-password'
5.3.2.1 Login into MySQL
$ mysql -u root -p
After successful execution of this command user will get the mysql prompt.
5.3.3 Create a database:
We use Mysql create database command to create a database
mysql> create database mynewdatabasename;
example: create database HCT
5.3.4 List the databases in the server:
mysql> show databases;
This will list name of all databases present.
94 [UNIX System Programming -ITSE4206]
5.3.5 Use a database:
mysql> use databasename;
example: use HCT;
5.3.6 Delete a database (drop):
If you don’t need database further then you can remove it from disk by using drop database
command.
mysql> drop database unwanteddatabasename;
example: drop databse HCT;
5.3.7 Create a Table:
MySQL uses many different data types, broken into three categories: numeric, date and time, and
string types.
Numeric Data Types:
MySQL uses all the standard ANSI SQL numeric data types, so if you're coming to MySQL
from a different database system, these definitions will look familiar to you. The following list
shows the common numeric data types and their descriptions.
· INT - A normal-sized integer that can be signed or unsigned. If signed, the allowable
range is from -2147483648 to 2147483647. If unsigned, the allowable range is from 0 to
4294967295. You can specify a width of up to 11 digits.
· FLOAT(M,D) - A floating-point number that cannot be unsigned. You can define the
display length (M) and the number of decimals (D). This is not required and will default
to 10,2, where 2 is the number of decimals and 10 is the total number of digits (including
decimals). Decimal precision can go to 24 places for a FLOAT.
· DOUBLE(M,D) - A double precision floating-point number that cannot be unsigned.
You can define the display length (M) and the number of decimals (D). This is not
required and will default to 16,4, where 4 is the number of decimals. Decimal precision
can go to 53 places for a DOUBLE. REAL is a synonym for DOUBLE.
95 [UNIX System Programming -ITSE4206]
Date and Time Types:
The MySQL date and time data types are:
· DATE - A date in YYYY-MM-DD format, between 1000-01-01 and 9999-12-31. For
example, December 30th, 1973 would be stored as 1973-12-30.
· TIME - Stores the time in HH:MM:SS format.
· YEAR(M) - Stores a year in 2-digit or 4-digit format. If the length is specified as 2 (for
example YEAR(2)), YEAR can be 1970 to 2069 (70 to 69). If the length is specified as 4,
YEAR can be 1901 to 2155. The default length is 4.
String Types:
Although numeric and date types are fun, most data you'll store will be in string format. This list
describes the common string datatypes in MySQL.
· CHAR(M) - A fixed-length string between 1 and 255 characters in length (for example
CHAR(5)), right-padded with spaces to the specified length when stored. Defining a
length is not required, but the default is 1.
· VARCHAR(M) - A variable-length string between 1 and 255 characters in length; for
example VARCHAR(25). You must define a length when creating a VARCHAR field.
We can create a table by using create table command.
mysql> create table TableName (Field1 datatype1,Field2 datatype2,…..,…);
example: create table student (ID char(20),Name char(20),Dept char(20), GSM int);
5.3.8 View table structure:
We can view structure of an existing table by using describe command.
96 [UNIX System Programming -ITSE4206]
mysql> describe TableName;
example: describe student;
5.3.9 Listing Tables:
We use show tables command to list names of all tables present in current database.
mysql> show tables;
5.3.10 Altering name & structure of Table:
MySQL ALTER command is very useful when we want to change a name of our table, any table
field or if we want to add or delete an existing column in a table.
i. Renaming a Table:
Command: mysql> alter table oldname rename to newname;
Example: mysql> alter table student rename to unixstudent;
ii. Adding a field to a table:
Command: mysql> alter table tablename add fieldname datatype;
Example: mysql> alter table unixstudent add marks float(5,2);
iii. Removing a field from a Table:
Command: mysql> alter table unixstudent drop fieldname;
Example: mysql> alter table unixstudent dropt dept;
5.3.11 Inserting a record:
We use insert command alongwith field values to insert a record into a table.
mysql> insert into TableName values(value1, value2,…,…);
example: insert into unixstudent values ('12J6231’,Ahmed','IT','16S1012',95674321);
5.3.12 Updating Table data:
There may be a requirement where existing data in a MySQL table need to be modified. We can
do so by using SQL UPDATE command. This will modify any field value of any MySQL table.
Command: mysql> update table_name set field1=new-value1, field2=new-value2
[where Clause]
97 [UNIX System Programming -ITSE4206]
Example:
mysql> update unixstudent set dept=’IS’ where name = ‘Ahmed’;
mysql> update unixstudent set name= “Ahmed Said”, dept=”NW” where ID=’12J6231’;
5.3.13 Listing table records:
mysql> select * from TableName;
example: select * from unixstudent;
5.3.14 Drop Table:
mysql> drop table TableName;
example: drop table unixstudent;
5.3.15 Create a user:
mysql> create user newusername;
example create user ahmed;
5.3.16 List the users:
mysql> select user from mysql.user;
5.3.17 Providing privileges to one user on one database:
mysql> grant all privileges on database.* to username@"servername" identified by 'password';
mysql> flush privileges;
example: grant all privileges on database.* to ahmed@”localhost” identified by ‘password’. The
flush privileges is used to write the privilege changes to the mysql.sql database
5.3.18 Delete a user:
mysql> drop user test;
5.3.19 Quit from the SQL shell:
mysql> quit; After successful execution of this command user will get the mysql prompt.
5.3.20 Backup a Database:
mysqldump -u [username] -p [password] [databasename] > [backupfile.sql]
98 [UNIX System Programming -ITSE4206]
5.3.21 Shutting down the database:
/etc/rc.d/init.d/mysqld stop
UMMARY
MySQL is a fast, easy-to-use RDBMS used being used for many small and big businesses.
MySQL is developed, marketed, and supported by MySQL AB, which is a Swedish company.
MySQL is becoming so popular because of many good reasons.
· MySQL is released under an open-source license. So you have nothing to pay to use it.
· MySQL is a very powerful program in its own right. It handles a large subset of the
functionality of the most expensive and powerful database packages.
· MySQL uses a standard form of the well-known SQL data language.
· MySQL works on many operating systems and with many languages including PHP,
PERL, C, C++, JAVA etc.
· MySQL works very quickly and works well even with large data sets.
· MySQL is very friendly to PHP, the most appreciated language for web development.
· MySQL supports large databases, up to 50 million rows or more in a table. The default
file size limit for a table is 4GB, but you can increase this (if your operating system can
handle it) to a theoretical limit of 8 million terabytes (TB).
· MySQL is customizable. The open source GPL license allows programmers to modify
the MySQL software to fit their own specific environments.
UIDE QUESTIONS
1. Create a database named HCT.
2. Create a table named STUDENT under HCT database. Table should have following structure.
Field Name Data Type Size
ID char 10
NAME char 41
S
G
99 [UNIX System Programming -ITSE4206]
SUBJECT char 21
3. Remove field named SUBJECT from STUDENT table.
4. Enter three records in STUDENT table.
5. Add a field to the STUDENT table, named GSM and data type INT.
6. Add data for GSM field of all three records of STUDENT table.
7. List all records of STUDENT table.
8. See structure of STUDENT table.
9. Create a user named SE and grant all privileges on HCT database for this user.
10. Delete table STUDENT and then exit from MySQL prompt.
References
1 http://www.tutorialspoint.com/unix_commands/mysql.htm
2. http://www.yolinux.com/TUTORIALS/LinuxTutorialMySQL.html
100 [UNIX System Programming -ITSE4206]
Chapter-6
Socket Programming with UNIX
Objectives
At the end of this module, the students will be able to:
6.1. Describe the UNIX sockets
6.2. Discuss basics of socket programming
6.3. Use system calls for socket programming
6.4. Examine Socket data structure
6.5. Create Socket programs
6.1 Introduction
Sockets are inter-process-communication mechanism that allows bidirectional data exchange
between processes running either on the same machine or different machines. It provides point-
to-point, two-way communication between two processes. Sockets are very versatile and are a
basic component of interposes and intersystem communication. A socket is one end of the
communication channel between two applications running on machines. In short a socket is a
tool that allows us to transfer data in a bidirectional way.
A socket has two sides. Each side is identified by a combination of two elements: the IP address
and port. The first identifies a computer, and the second is connected to a process.
Objectives
101 [UNIX System Programming -ITSE4206]
Figure-6.1
There are many different types of sockets that differ in the way data is transferred.
1. UNIX sockets: An inter-process-communication mechanism that allows bidirectional data
exchange between processes running on the same machine.
2. IP sockets: A mechanism that allows communicating processes over the network.
3. TCP/IP Socket: the method of directing data to the appropriate application in a computer also
called a "network socket" or stream socket.
6.2 UNIX Socket
Remember FIFOs? Remember how they can only send data in one direction, just like a Pipe?
Socket is a two-way communications pipe, which can be used to communicate in a wide variety
of domains. One of the most common domains sockets communicate over is the Internet. UNIX
sockets are just like two-way FIFOs. However, all data communication will be taking place
through the sockets interface, instead of through the file interface.
In UNIX, whenever there is a need for inter process communication within the same machine,
we use mechanism like signals or pipes(named or unnamed). Similarly, when we desire a
communication between two applications possibly running on different machines, we need
sockets.
Although Unix sockets are a special file in the file system (just like FIFOs), we won't be use
open() and read()—we'll be using socket(), bind(), recv(), etc. Sockets, once created and
connected can be used like file descriptors, thus it is easy to read and write to them.
102 [UNIX System Programming -ITSE4206]
Figure-6.2
6.3 Basic of Socket Programming
While programming with sockets, we usually create server and client programs. The server sits
listening for incoming connections from clients and handles them. The combination of the IP
address of the station and a port number make up a socket. To "create a socket" or "open a
socket" means to establish a connection to the Internet or other TCP/IP wide area or local area
network.
Figure-6.3
6.4 Steps involved in Socket programming
Steps for client site:
1. Create a socket
2. Connect the socket to the address of the server
3. Send/Receive data
4. Close the socket
103 [UNIX System Programming -ITSE4206]
Steps for server site:
1. Create a socket
2. Bind the socket to the port number known to all clients
3. Listen for the connection request
4. Accept connection request
5. Send/Receive data
6.5 System calls for socket programming
Here below table is listing sequence of function calls to establish a connection between a client
and a server using socket.
Server Client
Create socket – socket(….) Create socket – socket(….)
Assign a name to it – bind (…) …
Establish connection queue – listen(…) …
Get a connection from queue – accept(…) Initiate connection – connect(…)
read(…) write(…)
write(…) read(…)
Table-6.1
Figure-6.4
104 [UNIX System Programming -ITSE4206]
System calls for client side:
1. Create a socket with the socket() system call
2. Connect the socket to the address of the server using the connect() system call
3. Send and receive data. There are a number of ways to do this, but the simplest is to use
the read() and write() system calls.
4. Close the socket with the close() system call
System calls for server side:
1. Create a socket with the socket() system call
2. Bind the socket to an address using the bind() system call. For a server socket on the
Internet, an address consists of a port number on the host machine.
3. Listen for connections with the listen() system call
4. Accept a connection with the accept() system call. This call typically blocks until a client
connects with the server.
5. Send and receive data
6.6 Basic data structures used in Socket programming
Socket Descriptor: A simple file descriptor in UNIX.
Socket Address: This construct holds the information for socket address
struct sockaddrs {
unsigned short sa_family; // address family, AF_xxx or PF_xxx
char sa_data[14]; // 14 bytes of protocol address
};
AF stands for Address Family and PF stands for Protocol Family. In most modern
implementations only the AF is being used. The various kinds of AF are as follows:
105 [UNIX System Programming -ITSE4206]
Name Purpose
AF_UNIX, AF_LOCAL Local communication
AF_INET IPv4 Internet protocols
AF_INET6 IPv6 Internet protocols
AF_IPX IPX - Novell protocols
AF_NETLINK Kernel user interface device
AF_X25 ITU-T X.25 / ISO-8208 protocol
AF_AX25 Amateur radio AX.25 protocol
AF_ATMPVC Access to raw ATM PVCs
AF_APPLETALK Appletalk
AF_PACKET Low level packet interface
Table-6.2
In all the sample programs given below, we will be using AF_INET.
struct sockaddr_in: This construct holds the information about the address family, port number,
Internet address,and the size of the struct sockaddr.
struct sockaddr_in {
short int sin_family; // Address family
unsigned short int sin_port; // Port number
struct in_addr sin_addr; // Internet address
unsigned char sin_zero[8]; // Same size as struct sockaddr
};
106 [UNIX System Programming -ITSE4206]
6.7 Socket Program:
These two programs socket_server.c and, socket_client.c show how you can establish a socket
connection using the above functions.
socket_server.c
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <stdio.h>
#define NSTRS 3 /* no. of strings */
#define ADDRESS "mysocket" /* addr to connect */
/* Strings we send to the client. */
char *strs[NSTRS] = {
"This is the first string from the server.\n",
"This is the second string from the server.\n",
"This is the third string from the server.\n"
};
main()
{
107 [UNIX System Programming -ITSE4206]
char c;
FILE *fp;
int fromlen;
register int i, s, ns, len;
struct sockaddr_un saun, fsaun;
/* Get a socket to work with. This socket will be in UNIX domain, and will be a stream socket.
*/
if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
perror("server: socket");
exit(1);
}
/* Create the address we will be binding to. */
saun.sun_family = AF_UNIX;
strcpy(saun.sun_path, ADDRESS);
/* Try to bind the address to the socket. We unlink the name first so that the bind won't fail.
The third argument indicates the "length" of the structure, not just the length of the socket name.
*/
unlink(ADDRESS);
len = sizeof(saun.sun_family) + strlen(saun.sun_path);
if (bind(s, &saun, len) < 0) {
108 [UNIX System Programming -ITSE4206]
perror("server: bind");
exit(1);
}
/* Listen on the socket. */
if (listen(s, 5) < 0) {
perror("server: listen");
exit(1);
}
/* Accept connections. When we accept one, ns will be connected to the client. fsaun will
contain the address of the client. */
if ((ns = accept(s, &fsaun, &fromlen)) < 0) {
perror("server: accept");
exit(1);
}
/* We'll use stdio for reading the socket. */
fp = fdopen(ns, "r");
/* First we send some strings to the client. */
for (i = 0; i < NSTRS; i++)
send(ns, strs[i], strlen(strs[i]), 0);
/* Then we read some strings from the client and print them out. */
109 [UNIX System Programming -ITSE4206]
for (i = 0; i < NSTRS; i++) {
while ((c = fgetc(fp)) != EOF) {
putchar(c);
if (c == '\n')
break;
}
}
/* We can simply use close() to terminate the connection, since we're done with both sides. */
close(s);
exit(0);
}
socket_client.c
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <stdio.h>
#define NSTRS 3 /* no. of strings */
#define ADDRESS "mysocket" /* addr to connect */
110 [UNIX System Programming -ITSE4206]
/* Strings we send to the server. */
char *strs[NSTRS] = {
"This is the first string from the client.\n",
"This is the second string from the client.\n",
"This is the third string from the client.\n"
};
main()
{
char c;
FILE *fp;
register int i, s, len;
struct sockaddr_un saun;
/* Get a socket to work with. This socket will be in the UNIX domain, and will be a stream
socket. */
if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
perror("client: socket");
exit(1);
}
/* Create the address we will be connecting to. */
saun.sun_family = AF_UNIX;
111 [UNIX System Programming -ITSE4206]
strcpy(saun.sun_path, ADDRESS);
/* Try to connect to the address. For this to succeed, the server must already have bound this
address, and must have issued a listen() request. The third argument indicates the "length" of the
structure, not just the length of the socket name. */
len = sizeof(saun.sun_family) + strlen(saun.sun_path);
if (connect(s, &saun, len) < 0) {
perror("client: connect");
exit(1);
}
/* We'll use stdio for reading the socket. */
fp = fdopen(s, "r");
/* First we read some strings from the server and print them out. */
for (i = 0; i < NSTRS; i++) {
while ((c = fgetc(fp)) != EOF) {
putchar(c);
if (c == '\n')
break;
}
}
/* Now we send some strings to the server. */
112 [UNIX System Programming -ITSE4206]
for (i = 0; i < NSTRS; i++)
send(s, strs[i], strlen(strs[i]), 0);
/* We can simply use close() to terminate the connection, since we're done with both sides.
*/
close(s);
exit(0);
}
Configure the above socket_server.c and socket_client.c programs for you system and compile
and run them. You will need to set up socket ADDRESS definition.
UMMARY
A socket is a tool that allows us to transfer data in a bidirectional way. In UNIX it allows process
running on same system to exchange data bidirectional. In network environment sockets permits
process running on different machine to bidirectional exchange of data.
· A socket application running on server site can listen and handle many client connected
to it.
· Sockets are very versatile and are a basic component of interposes and intersystem
communication.
GUIDE QUESTIONS
1. Define a general socket and explain its working.
2. Define an UNIX socket and explain its working.
S
113 [UNIX System Programming -ITSE4206]
3. List steps involved in socket programming.
4. List basic system calls used to in socket programming.
5. Explain working of system calls used for client site.
6. Explain working of system calls used in server site.
7. Write a simple socket program to exchange your name, age and address between client and
server.
References
1. http://www.cse.iitk.ac.in/users/dheeraj/cs425/lec17.html/
2. http://www.cs.cf.ac.uk/Dave/C/node28.html
3. http://www.pcmag.com/encyclopedia/term/53469/unix-socket
4. https://en.wikipedia.org/wiki/Unix_domain_socket
5. http://sushantsharmaa.blogspot.com/2012/08/socket-programming.html