This lesson introduces you to Unix, an OS you probably are not familiar with. Part and parcel with that, we'll learn how to use a Unix machine remotely - i.e. use it even though we don't have physical access to it - using a tool called ssh. The Unix command shell is similar to the Windows command shell, but not identical: many command names are different, Unix uses forward slashes (/) instead of back slashes (\) to separate elements of path names, and in Unix there's only one file hierarchy, rather than many file hierarchies, each rooted at a different drive letter (e.g. "C:"). Finally, in this lesson we revisit and amplify on the OS's role in managing user accounts and controlling access to the filesystem.

Rona, ssh, and "using" a computer remotely

The CS department has a Unix machine (computer running a Unix operating system rather than, say, Windows) named rona that we all have accounts on. We can all use rona ... but what does "use" mean when you can't physically "have" the computer like you "have" your laptops? It means we can open a shell, execute commands, and create-view-edit files. The program ssh gives us a shell whose commands execute on rona, but display to and get keyboard input from our laptops. So, with ssh we can "use" rona from the comfort of our own laptop.

If your user name is m16xxxx here's how you would use the ssh command in a Windows command shell on your laptop in order to open up a command shell whose commands actually execute on rona:

ssh m16xxxx@rona.cs.usna.edu
So, the command is ssh, and the argument is m16xxxx@rona.cs.usna.edu, which is the username, "@" the name of the computer you want to login to. Of course you'll have to give your password before you're allowed on! A new shell window will pop up, and commands entered into this shell window execute on rona, not on your laptop.

Unix and the Unix command shell

Now that you are a Unix user see what your future holds!
Linux User at Best Buy
http://xkcd.com/272/

Unix in the military



In your limited experience as a Plebe here at USNA, your OS experience is probably all Windows. However, Unix is in widespread use in the military. Click on the image on the right and read about the Navy choosing Linux/Unix for controlling drones.

Linux/Unix is already used to run the most advanced Fire Control and Sonar systems in the submarine fleet.

Your CAC has an Operating System.

"Open Platform Version 2.1.1" is the operating system installed on your CAC. It has a filesystem, runs programs written in "JavaCard" (a subset of the Java programming language), and can run multiple processes at the same time.

Rona's OS is called Linux, which is a free, open-source Unix operating system. By contrast, Mac OS X, is a closed source Unix operating system that you have to pay for. At any rate, we won't distinguish much between the different flavors of Unix, and we'll just call them "Unix". So, why do you need to be familiar with Unix? Because there are a lot of computers running Unix out there, and because a lot of security-related tools are for Unix or based on Unix.

Unix commands and the Unix shell should look pretty familiar, since you have experience with the Windows shell. The concepts of commands and arguments are basically the same, and you still have tab-completion and the up-arrow to retrieve previous commands. Ctrl-C kills an executing command, just like with the Windows command shell. However there are a few important differences that you need to understand to do much of anything.

  1. Elements of a filesystem path are separated by forward slashes (/) instead of back slashes (\).
  2. Case (as in upper-case vs. lower-case) matters in command names and path names. So Foo, FOO and foo are all different names in Unix.
  3. Instead of many filesystems, each rooted at a different drive letter, there is only one filesystem, and it is rooted at forward slash (/).
  4. Lots of the command names are different — usually shorter. For example the windows command
    copy name.txt myname.txt
    would be written in Unix as
    cp name.txt myname.txt
    which means the same thing, just uses the name cp instead of copy. Under course resources (the "r" button at the top of every page) there is a link to a short Windows/Unix Dictionary that you can refer to.
In class, you logged into your rona account via ssh and did the same kind of file system operations from a shell on rona that you did the previous class from a shell on your laptop.

The basic concepts of process, user names, file ownership and OS control over what processes can access which files are all there in Unix, just as in Windows. On rona, where there are hundreds of users, controlling who accesses what is really important!

Return to Windows: Revisiting the OS's role in user accounts and controlling access

OS control over access to files is a really important topic — especially to a student of cyber security! Recall: Every process has an owner (given by username), and every file/directory has an owner (given by username) and, in the normal course of events, process X is only allowed access to file/directory Y if the owner of X is the same as the owner of Y. There are two exceptions:
  1. the owner of a file/directory can choose to explicitly allow access to the file by other users, and
  2. there are privileged users (like user Administrator in Windows or user root on Unix), and a process owned by a privileged user can access files/directories they don't own. Administrator and root are super-users. A process owned by Administrator/root can access any file/directory.
In class (if time permitted) we actually created a new account on our machine. (Account creation requires special privileges, so you have to create accounts using an "Administrator shell", i.e. a shell process owned by Administrator.) Here are the commands for account creation and deletion.
net user foo bar /add  ← create account for user foo with password bar
          \   \
           \   `---- password
            |--- username
            /
           /
net user foo /delete   ← delete account for user foo
In Windows, you start an Administrator shell in order to give commands as the superuser. In Unix, you stick sudo in front of the command. The system will ask you for a password, and if you give the right one, it will execute the command with owner root. So, if the command
cat /home/wcbrown/examsolutions.txt
fails with an "access denied" message, try
sudo cat /home/wcbrown/examsolutions.txt
and, if you know the right password, it will succeed.