/Operating Systems – Windows Shell & Permissions

Learning Outcomes

After completing these activities you should be able to:

The operating system is a go-between, between the physical machine and the users/programs.

A brief look at the structure of a shell command

A shell command consists of a name, zero or more arguments, and zero or more options. For example:

move  /-Y  C:\Users\billy\Downloads\vacation.jpg  photos\archive\vacation.jpg
----  ---  -------------------------------------  ----------------------------
  \     \                \                                   \
   \     \--- option      \--- argument                       \--- argument
    \
     \--- name
	
Note: Normally space separates options and arguments, but " "s allow you to make an arbitrary string (including spaces) a single argument. So, for example, the command
mkdir foo bar
creates two directories, foo and bar, while the command
mkdir "foo bar"
creates a single directory named foo bar. Note that this is different from
mkdir "foo          bar"
which creates a single directory named foo          bar.

File Systems Operations with the Shell

Current Directory & Parent Directory In the shell the current working directory and the parent directory (directory immediately higher in the hierarchy) have shortcuts associated with them. In a shell . refers to the current working directory, .. refers to the current working directory.

What directory would you suspect the parent directory of the root directory (directory at the top of the file system hierarchy) is, in other words what directory is the parent directory of the root directory? ... The root directory is its own parent directory.

Try this:
  1. Open a shell (press Windows/System Key + r, type cmd.exe, click OK)
  2. In the resulting shell enter: cd C:\
  3. Enter: cd
    You should see C:\ outputted
  4. Enter: cd ..
  5. Enter: cd
    You should see C:\ outputted
The GUI's file viewer has a current working directory that it's in at any given point in time. The shell works the same way, and its current working directory is displayed to the left of the command prompt. You hop from one drive letter hierarchy to the next by typing the drive letter and colon then pressing enter. You list the contents of the current folder with dir. To move down in the hierarchy from your current drive letter, you type cd followed by the name of the folder you want to move down into (cd stands for "change directory"). The argument to cd doesn't need to be a name, it could be a path (starting from the current directory) several directories deep, it could be ., which makes cd change to the current working directory (essentially not changing the current directory), it could be .. which makes cd go up a level in the hierarchy rather than down. In fact, ..\.. , ..\..\.. , etc. are allowed for going up multiple levels in a single step. Also we have: The arguments to these commands can be relative paths, i.e. paths that are relative to the current working directory, or absolute paths, i.e. paths that begin with a drive letter and thus are interpreted the same way regardless of the current directory.

Processes

List of Processes You can get a list of all the processes currently running on your system:
  1. Press Control + Alt + Delete
  2. Choose Task Manager
  3. Select Yes to any user account control questions
  4. Click on the Details tab (2nd from right)
Recall that a Program is really just a file, a file that contains the instructions the CPU is supposed to execute. A running instance of a Program is called a process. A process contains a copy of the executable bytes (copied from the hard drive, in a .exe file), as well as some bookkeeping information that allows the OS to monitor the process' execution status, resources, and privileges. In fact, more than one instance of the same Program could be executing simultaneously — each instance would be its own separate process.

User accounts, logins, permissions

When the Task Manager shows processes in the Processes tab it does not show the username, you have to go to the Details tab to see that.
Every process has a username attached to it (that user is called the process' owner) — typically the name of the user that caused the Program to be run. Every file and directory also has a username attached to it (that user is called the file's owner).
In the shell, the command dir /Q lists directories and files along with their owners' usernames.
Normally, the OS denies a process any request it might make to manipulate a file or directory unless the username attached to the process matches the username attached to that file or directory. Why just normally? Because each file has a set of permissions — essentially rules defining which users can perform what kinds of actions — that are adjustable by the file's owner, and the owner can use those rules to change this behaviour.
To view a file's permissions in Windows:
  1. Right click on the file in question and select Properties.
  2. Click on the Security tab.
  3. View the permissions on that file. Modify carefully!
The security of information on the system (and thus of the system itself) relies on this user/permissions scheme for controlling the access of processes to files. Thus, it is crucial that a process whose owner is listed as m209999 was really launched at the behest of the person whose username is m209999. That means that the login procedure is very important.

The Operating System manages user accounts, logins and process/file permissions. This job is crucially important for security. If user m209999 is allowed to launch a process and access data whose owner is listed as m208888 ... well, we've got trouble. That would give user m209999 access to m208888's files.

The files a user has rights to access is constrained. Generally, however, there will be one account with unlimited privileges (so, for example, they can read every file on the system, regardless of the usual user permission schemes). A user with these unlimited privileges is called an Administrator (Windows) or root (UNIX) user, a.k.a. a super-user account. Sometimes, regular users may be able to run a Program with elevated privileges (we say elevated privileges to indicate that the process/user can do things they ordinarily could not) using a special password or via special permissions on the Program. In Windows 10, a User Account Control dialog box opens up when a program asks to run with elevated privileges. In UNIX, a shell command is prefaced with sudo (super-user do) to run that command with elevated privileges. The ultimate prize in attacking a computer is to be able to run Programs with super-user privileges, because then you essentially "own" that machine. In particular, if you can launch a command shell with elevated privileges, game over ... you win.

IT Officer


The Local Area Network (LAN) available for crew members use on naval vessels allows for collaboration and sharing of files through the use of file sharing. Users (the crew) login to any one of the available computers onboard to use it.

A typical use of the LAN is creating and reviewing personnel fitness reports and evaluations, which are subject to privacy protection. Although the operating system provides access control to files, the file owners must specify which users should and should not have access.

The only user that is immune to file permissions is an Administrator (super-user). Because of this immunity, the number of people with Administrator privileges should be kept to a minimum. An Administrator account should only be used, as necessary, to perform system administration tasks, such as system log reviews or user account management.

Depending on the command, any Officer could be placed in charge of the ship's network administrators and, therefore, be given Administrator privileges. With that power comes serious responsibility. Responsibility to use the elevated privilege, as required, to perform system administrative tasks only.

You are probably familiar with the case of Edward Snowden, who worked at NSA as a contractor. Snowden obtained and then disclosed millions of files detailing classified NSA programs, in an example of an insider threat attack. Snowden had Administrator privileges on the IT systems where he worked, so he was able to circumvent normal file access controls.