Assignment 5, due Feb 25

Part of the homework for 22C:169, Spring 2011
by Douglas W. Jones
THE UNIVERSITY OF IOWA Department of Computer Science

Always, on every assignment, please write your name legibly as it appears on your University ID and on the class list! All assignments will be due at the start of class on the day indicated (usually a Friday), and unless there is what insurance companies call "an act of God" - something outside your control; the only exceptions to this rule will be by advance arrangement.

  1. Background: Consider the following idea. You are working on a Unix-like system shared by many others, but without any e-mail system, so you are not constrained by compatability with the past. You have decided that each e-mail message will be a file, and that a directory in the file system will be used to represent each mailbox. Specifically, for the user u, with home directory /users/u, the incoming mailbox would be named /users/u/inbox. As a second and somewhat independent decision, you decide that mail delivery will be done by a process operating on behalf of the sender. Initially, ignore the possibility of generalizing this e-mail system to a network environment.

    a) What minimum access rights must be granted to the general public on /users/u to allow mail delivery from other users. (0.5 points)

    b) What access rights should be granted to the general public on /users/u/inbox. There is only one right answer that permits mail delivery without permitting other users to access information that is none of their business. (0.5 points)

    c) What access rights should the sender of each piece of e-mail set on the file holding that e-mail? (0.5 points)

    d) Suppose some user has created an e-mail message m with the access rights set appropriately in the current directory. What single shell command, written out in full, would suffice to send that e-mail to user u. (0.5 points)

    e) What's wrong with the above scheme? Assume that users set the access rights correctly (as required by parts a, b and c above) what damage can a malicious user cause to correspondence between other users? (Note that we are not concerned with a user who damages that user's own incoming or outgoing mail). (0.5 points)

  2. Background: An alternative design for an e-mail system relies on a trusted e-mail program, running in its own process, with a distinct user ID. We'll call it sendmail. Now, each user u, with home directory /users/u, has an incoming mailbox named /users/u/inbox and an outgoing mailbox named /users/u/outbox.

    The sendmail process repeatedly scans all outboxes looking for messages that can be delivered, and then it links those messages to the appropriate inbox before deleting the link from the outbox. To do this, the sendmail program must be able to read all messages, since the destination address must be part of the content of the message.

    Note, now, that there are three parties involved in a mail transfer between users a and b. As a result, any useful solution to this problem will involve group access rights. Note also that any useful solution will allow for the possibility of other activity on the system. As a result, while the sendmail program can have special access to inboxes and outboxes, it cannot have special access to users home directories.

    a) What minimum access rights must be granted on /users/u to allow sendmail the access it needs. (0.5 points)

    b) What access rights should be granted /users/u/inbox and /users/u/outbox (note that these may or may not be the same). (0.5 points)

    c) What access rights should the sender of each piece of e-mail set on the file holding that e-mail? (0.5 points)

    d) We don't need to keep the sendmail process running continuously. Instead, each time a user wants to send mail, the user could launch a sendmail application that sends just one piece of e-mail. In the context of the directories and access rights outlined above, what access rights do all users need to the sendmail application?

  3. Background: Both of the above schemes rely on appropriate selection of file names.

    The problem: Discuss the relative difficulty of coming up with a naming convention that could be used under the two schemes outlined above. (0.5 points)