![]() ![]()
Access
Road 0.7.3
|
|
Creating ACS | Explorer | IS Structure | Beamer Editing a list | Sketcher | Umask
This getting-started one-hour tutorial is for learning the basic commands of Access Road. It takes the example of a simulated GNU/Linux® Ubuntu® software to show the handling of the umask feature. This first tutorial should be ridden by each Access Road user. The approach is to discover together the Access Road generic features and a given simulation. This tutorial explains the following actions:
The best way is to read this tutorial twice: first as a simple reading, and then to operate on Access Road. This is rarely a waste of time. The duration is estimated at one hour. You may choose to stop the tutorial before its end. How to launch Access Road is described in the 'README.txt' file for the executable. How to exit Access Road and save the current configuration is explained at the end of this tutorial. Creating
an Access Control System
Run the Access Road program. Close the central information box. To follow this tutorial, close each open ACS, if any, through the command File → Close (select first the ACS node under the node 'Open Access Control Systems' in the explorer). You should have the main Access Road window, without any internal window. Some window border colors and title policies may change when you run it on varied operating systems, but most of the user interface is the same. The main menu is very simple. The active fields to operate with are generally included into the internal windows like the explorer window. To create the out-of-the-box simulation of a GNU/Linux® Ubuntu®, select in the main menu the command File → New → 'New Access Control system'. This dialog opens: ![]()
Enter the name 'IO' for the ACS IS, the name 'tubun' for the new ACS, select the second choice 'Linux Ubuntu 8.04', and click 'OK'. This question appears (see the following image). Click 'Yes' then 'OK' to create the IS physical node which will be the parent of the Linux® system in its information system 'IO'. This dialog 'NEW COMPONENT' appears. Enter the name 'one', click 'physical' to create a physical node, then on 'OK'. ![]() ![]()
The question 'Do you want to create another component' appears. Click 'No' then 'OK'. Note: if you answer 'Yes', it is possible to create one or several physical or logical IS nodes under 'one' and above the ACS 'tubun' node. That's all to create the ACS 'tubun'! Access Road makes the job. You should see the opening of two internal windows: the explorer at the top left, and the beamer at the top right. ![]() ![]()
The explorer is shown there after a click to see the children of the ACS node 'tubun'. Generally speaking, any simulated software in Access Road is modeled as an 'Access Control System' (ACS). An ACS has to be opened to operate on it. A closed ACS is never implied in the search of the access paths, even if it is indeed a support for true execution and data paths. Opening and closing an ACS is a very simple way to see its role from the point of view of its environment. All the searches about the access paths are done into so-called Access Road views. They will be studied in the next tutorials. The third and last first-level node in the explorer is for the generic rights. They are always visible (they are not opened and closed). These rights are a description of a generic network of rights, as a catalog of standard rights any ACS may use. An ACS may have a set of specific rights, named ACS rights. Each ACS right is associated to one generic right, to ensure the comparisons and the translations between the rights. |
![]()
Two-hours tutorial for designing access controls Three-hours tutorial for verifying access controls ![]()
|
The explorer
The explorer displays the structure of all the open objects in Access Road. It is always visible, while all the other internal windows may be opened and closed. The user opens and closes the ACS and the views through the menu, after a selection in the explorer. To save, close or open the ACS 'tubun', the user uses in the main menu one of these 3 commands: File → Save, File → Close or File → Open → Open Access Control System. For an ACS, the explorer may display varied kinds of components. The nature of the ACS components, and then the names of the third-level nodes under the node 'tubun', depends on the nature of the ACS, in other words, of the nature of the simulated software. The explorer comments most of the third-level nodes under an ACS as an access target or a right user. A right user is simply an entity which has the potential ability to access to an access target, if the ACS allows it. The main type of right user is EligibleParty, which has several subtypes in Access Road. The most common type of access target is Resource, which has also several subtypes. An executable program into an operating system is an example of right user being also an access target. Such an entity is modeled as an Actor into Access Road. Every software component which has both a behavior of right user and a behavior of access target will be modeled by Access Road as an Actor. Of course, there are varied kind of Actors in Access Road, like for instance the Executable which is a proper concept of the 'Ubuntu' ACS. It is important to know this generic vocabulary, because it is used in Access Road to describe all the software simulations, whatever their properties. Introducing the generic vocabulary is an objective of the tutorials. The explorer displays the main components of an an ACS or a view. For the ACS 'Ubuntu', there are the followings:
For the moment, there is no AclEntry. The specific rights of a GNU/Linux® are displayed. Some ACS rights are used for accessing the file system, like the well-known 'r' to read a file. Each time it is possible, the ACS right reuses the standard name in GNU/Linux®. However, it may be necessary to create specific ACS rights to offer a complete model of the software. Some rights, like 'authorize', are reserved to the authorization groups. This ACS right is not always known by a GNU/Linux® administrator, since authorizations are not implemented by all the Linux distribution. To keep an eye on the ACS components, it is possible to open a dedicated window for one open ACS. Select the ACS in the explorer, then use the command Window → View diagram or ACS tree. The tree of the ACS components is displayed in a new internal window, at the bottom right coin. Each window has an unique and clear title, that is for this window 'ACS + name of the ACS'. The displayed ACS tree is exactly like into the explorer. However, selecting a tree node does not operate. The subACS To explore the 'tubun' default components, click the node 'Resources (access target)' to open it, then open the first child node '<files_tree>'. The first level of file directories appears. An 'Ubuntu' ACS has two independent subACS named 'authorization' and 'capability'. A subACS is a subset of components and rights having a specific logic. This is added to the main set of components in the ACS, like the file system and the general UserIDs in a GNU/Linux® Ubuntu®. These subACS are not explained in this getting-started tutorial. The point here is a subACS may have a specific subtree of resources, like 'authorization' there, and/or a specific set of GroupIDs. Click the node 'GroupID (right user)' to open it. The explorer shows the first two children 'authorization_subacs' and 'capability_subacs', which are two separated sets of groups. As you see, the subACS 'capability' has a set of GroupIDs, but no set of Resources. |
![]()
Two-hours tutorial for designing access controls Three-hours tutorial for verifying access controls ![]()
|
The IS Structure
An ACS belongs to an Information System. The 'IS structure' is the internal window to display the tree of all the information systems, with theirs children nodes. Select in the main menu the command Window → IS Structure (or Ctrl+i). The 'IS Structure' window appears. It has two parts: at the top, four properties are displayed, and a tree of nodes is set in a second part. The last node in the tree is for the information system 'IO' we have just created for the ACS 'tubun'. Click the node 'IO', then on its children 'one' and 'tubun' to open them. The result is this following window, where the ACS 'tubun' and its two subACS are visible. It is possible to create an IS node like 'one' only at the creation of an ACS. The creation procedure allows to set a sequence of parent IS nodes under which the ACS is created. ![]() At the opening, the 'IS structure' window shows the properties of the first child under the root: 'IPv6'. The property 'Type' tells it is an information system, like each direct child of the root. The property 'Open' tells it is closed. Click 'IS Structure', the root node of the tree. A list named 'ACS add-ons' is displayed at the top of the window. The list contains two items: 'Editor: Accbee - AcsAddon: MySQL ' and 'Editor: Accbee - AcsAddon: Ubuntu'. They are the ACS add-ons Access Road has detected during its opening procedure, among the executable files under its working directory. The creation of a 'Ubuntu' ACS is proposed in the dialog for creating ACS, because Access Road has registered the relevant ACS add-on. Of course, one may uses this 'Ubuntu' model to simulate another GNU/Linux® distribution, but it is strongly recommended to check the differences, for instance about the subACS 'capability'. 'IPv6' and 'IPv4' are reserved IS names to model the two IP address spaces as information systems. A node in the IPv4 IS must have an IPv4 format, that is, the first 4 name components, after 'IPv4', must be a number between 0 and 256. For the IPv4 address '192.168.50.4', '192' has to be a direct child of the node 'IPv4', '168' is a direct child of '192', and so on. As for the ACS nodes, the user cannot create directly an IP node into the 'IS Structure' window, nor change a property value. The 2 IP information systems are used to set the network addresses of the ACS ExchangePoints and ContextSwitches. Updating an ExchangePoint or a ContextSwitch may produce the change of an IP node. These features are presented in a next tutorial. Click 'tubun', the node under 'one'. The properties of the node 'tubun' are displayed in 3 tabs named 'Basic', 'General' and 'Links'. Most of the properties are for future use. The property 'Tied child' is set at 'false'. This means this ACS is not automatically opened when its parent is opened. This property is set at 'true' to simulate the running of an application its operating system launches at its proper starting. The two Resource subACS of 'tubun' are visible under its node. On the other hand, the GroupID subACS of an ACS is never displayed by the IS structure. Clicking all the path nodes, from the tree node 'IO' to the tree node 'authorization', changes the tab 'Basic' at the top of the window. This action shows that every node is open, while the types change from the value 'information system' to 'subACS'. Creating or opening an ACS in Access Road opens all its parent nodes in its information system. If it is not into 'IPv4' and 'IPv6', an information system node is closed when it has no open ACS as direct or indirect child. When an IS structure node is closed, the color of its icon changes. For an ACS having a proper icon, like 'Ubuntu', closing the ACS changes the icon to the default one, and opening the ACS restores its proper icon. Without proper icon, the IS tree always displays the ACS node with the default icon. Access Road is designed to handle thousands of closed ACS, and up to one hundred of open ACS. The IS structure gives an overview on the static relations between all the ACS, even if they are closed. The IS structure window closing, like any internal window, is get by clicking the cross, at the top of the window. Click the cross now. Most of the windows may also be iconified or enlarged by the user. The location and the size of a window may be changed with the mouse. At the Access Road saving, all the open window locations and sizes are saved, to be restored at the next Access Road launch. When a window is reopened during an Access Road session, its last saved location and position are restored. |
|
The beamer
The beamer should be always visible, but it may be iconified by the user. It displays the structure and the properties of a selected open object in the explorer: an ACS, any ACS object, view or generic right. The beamer shows the current values in the Access Road base. The beamer is the unique window to edit the properties of an object. It is the unique window to read a property if it is not about the IS Structure. The property changes in the beamer are propagated to the other open windows, and sometimes to other displayed properties in the beamer. The only exception about the objects editing is for the global handling of ACS and views, that is to create, close, open them in the database, save and import them to/from files, and remove them from the IS structure. These actions are reserved to the Access Road main menu, where all the command names are clear. However, adding or removing a component to an ACS or a view is also the responsibility of the beamer. Like the explorer, the beamer displays only the relevant properties of each object, and the beamer allows to navigate among the open objects. To explore the 'tubun' default components,click in the explorer on the node 'tubun', if it is not already done (it is selected if you have followed strictly this tutorial). When the explorer is selecting the node 'tubun', the beamer is displaying all the properties of this ACS in a set of 13 tabs. GNU/Linux® Ubuntu® is simulated in an ACS add-on. There is some specific code to complete the generic features of Access Road. The ACS add-on defines the main structure and the behavior to the ACS 'tubun'. ACS is indeed the most complex concept Access Road models. The number of visible ACS properties is about 60, but several ones are rather complex maps (key, value). The good news is the Access Road user has generally not to understand all of them. They explain the Linux Ubuntu behavior when one wants to look at the details, for instance to derive a new ACS from an old one. But they are not necessary to design a given Ubuntu instance. After all, Access Road simulates 'Ubuntu' for you... All the Access Road names are made of components with the pattern ':: ' as separator. This is also true for simulating a Linux Ubuntu, for which the internal separator in a file name is '/'. In the visible tab 'General' of the beamer, let's see some first properties of the ACS 'tubun':
When a field is in white into the beamer, it may be edited directly by the user. When the field is in yellow, the editing is forbidden by Access Road. The last two properties show clearly the limits of the ACS add-on Ubuntu. The property 'Incomplete behavior' is true, because the POSIX ACL are not simulated, among other things. Even if the property is set 'false' for another ACS, this choice is done by design, and it does not take account of the Access Road bugs. The property 'Incomplete objects list' is also true, because the complete Ubuntu file system, including all its components, is not created into 'tubun'. This ACS add-on creates the first level of file directories, and it is up to the user to complete them. In the explorer click the directory 'home', under the node '<files_tree>', to explore the 'tubun' default components. In the tab 'General', the name of this directory shows it is simply derived from its location in its ACS. For the object 'home', 'General' contains 5 first standard properties: name of the object, its IS, its ACS, its comment and its type. Some property are displayed with one or several buttons, like 'ACS' with a 'See' button. Click the 'See' button of the 'ACS' property. The explorer selects the 'tubun' node, and the beamer switches to display the properties of 'tubun'. Through the 'See' buttons, the beamer allows to navigate among the objects of the base. It displays here the same tab 'General' because it exists both for 'home' and 'tubun'. If 'home' is in the beamer with for instance the tab 'As Directory', and if another directory is selected for the beamer, the same tab 'As Directory' will be shown into the beamer for the new selected object. This feature facilitates the comparison between objects. The beamer follows the hierarchical suite of concepts which define the object. In the explorer, click the directory 'home'. This directory returns into the beamer, with 4 first tabs coming from its nature of Resource. There is a final tab coming from its nature of Directory is named 'As Directory'. If you select an Actor, because an Actor is also s Resource, the beamer would display it with the same 4 first tabs, followed by the Actor-specific tabs, and so on. This object-oriented presentation into the beamer facilitates the comparison between objects and between ACS (See the glossary to go further). After a few practice, the beamer becomes the easiest way to remember the nature of a selected object in any ACS. It shortens the learning curve for a new kind of ACS into Access Road. The beamer may use a complex policy to NOT display some properties of an object. The first case is when an ACS does not manage a structural property, like the privileges. Because the ACS 'Ubuntu' does not manage them, there is no 'Privileges' tab for an object from this kind of ACS. To see the second case, click in the explorer the node ' tubun:: <files_tree>:: home:: jerry:: d_jerry:: e_jerry:: '. Following the object-oriented presentation, the two last tabs in the beamer are about its nature of Actor and Executable. The second tab 'Alias' comes from its nature of Resource, while it was not visible for the directory 'home'. The Alias properties are never useful to model an Ubuntu directory. In the same way, there is also a policy to display or not the tab 'ACL', as it is visible for 'e_jerry'. An ACS may handle a policy to say to the beamer: 'no displaying of this tab for most of my objects, excepted for...'. This adaptation presentation into the beamer simplifies the reading by the Access Road user. Click the beamer back button: this is the yellow/Grey arrow on the top left of the beamer, just under the beamer title. The beamer returns to the previous object, that is 'home'. In the 'General' tab, the fifth value 'Access Target Type' may be updated by the user, by the way of a list of proposed values. Let's try to change the 'home' type. Click the little black triangle, at right of the 'Access Target Type' property. A list appears. Click one of 3 proposed values. Access Road displays the error message: 'home has a type which forbids a type editing.'. This illustrates how the beamer is designed. It displays the properties in a standardized way, like there the types in the selection list, but this does not mean all the values are possible. There are several levels of selection and control, for the new value of a property:
All the efforts have been done to define powerful generic integrity rules, covering all the Access Road objects, and to complete them with specific integrity rules for a given kind of ACS. These integrity rules are very versatile and powerful. The aim is to ensure the consistency of the simulation for a software. These rules limit the risk of error in a simulation, due to a user command or a program command from outside the Access Road base. The rules about the object types will be seen at the end of this tutorial. |
|
Editing a list
We will see now the handling of buttons and lists in the beamer. For the user, the beamer is the only way to create some objects in the ACS and the views. It is also useful to link some objects together. Click the 'As Directory' tab into the beamer window. This image shows the state of the beamer: ![]() The tab 'As Directory' appears in the beamer only for a directory, like 'home' there. The type of 'home' is also put into the title of the beamer. The property 'Children' is associated to a list and 3 buttons. The list displays the current children with their Access Road full names. The full name of an ACS object starts with the ACS name. Each directory child is a Resource. For all the Resources, the name contains the path of the indirect parents. The list is in yellow because it cannot be directly changed. The buttons play this role. They are listed hereafter:
The 'New' button always creates the object with the right type. In the context of this property, the ACS 'tubun' manages varied children. For helping the user to avoid a wrong creation, clicking the button 'New' selects the allowed types into the relevant ACS. This is always true, whatever the displayed object and the property in the beamer, like 'home'/'Children' here. However, like the 'Access Target Type' property above, a selected type for a creation may still be rejected by the base at the second step. Click 'New'. A dialog box appears at the center of the Access Road window, to enter the main properties of a new 'home' child. The ACS configuration of 'tubun' specifies that it handles 6 types of resources: ![]() 'Resource' is the basic type. 'Directory' is a Resource having children. 'Actor' is a Resource being a right user. 'ExchangePoint' and 'ContextSwitch' will be studied further. These 5 types are generic, and they are defined in the glossary. 'Executable' is specific to the ACS add-on 'Ubuntu', as a type of Actor having complementary properties. Select the case 'Directory' then click 'OK'. The following dialog box 'Create a new Directory' appears. ![]()
Enter the name 'one', do not enter any 'Account', select 'directory' as the 'Access Target Type' (not '<immutable> directory'), then click 'OK'. It is possible to enter these properties without the mouse, from the computer keyboard using the keys 'Tab' (or '→'), '↓', '↑', and 'Enter'. The new directory 'one' is created in the base. The list of the 'home' children is updated both in the explorer and the beamer. The 'Children' list is resized in the beamer, to take account of this new item. Like the 'Access Target Type' property, the Access Road base checks the new child from the ACS integrity rules. There is a rule about the authorized types for the children of a directory having a given type. If the user try to create a kind of forbidden object under 'home', whatever the properties the user enters, the ACS will return an error message like 'Through the ACS constraint 'Directory.TypesOfChildFor', the parent accepts only children having the types xxx, yyy, zzz'. The 'parent' there would be 'home'. Furthermore, if the creation dialog does not propose any type for the new object, this means it is not possible to create this kind of object (an Executable for instance) under this parent. In all cases, Access Road informs the user about the reason of the refusal. The default value '<immutable> directory' has been proposed for the Access Target type, in the creation dialog. This is a standardized way to 'freeze' the state of an ACS object. Access Road uses the pattern '<immutable>' in the type to forbid most of the updates for this ACS object. This has no thing to do with the simulation of the object. It simply allows to protect it from the user errors in Access Road, like a wrong deleting. At any moment, the user may allow/forbid new changes. To forbid them, he simply resets the type to '<immutable>', like from 'directory' to '<immutable> directory'. The inverse action allows the new changes. The base imposes strong constraints on the type changes, whatever the proposed values in the beamer. For instance, it is always forbidden to switch from the type 'directory' to 'executable' or '<immutable> executable'. Thus, the basic type of an ACS object remains unchanged after its creation. Again, remember there is a second pattern to forbid the deletion of an ACS object, and it is based on '<byAcsCreator>'. Such an ACS object type cannot be changed by the user. He has no ability to delete the object, as for the 'home' directory. To delete the 'one' directory, the 'Delete' button may be used in the list, if 'one' is selected among the children of 'home'. The second way is: Select 'one' in the list, then click 'See'. The beamer displays the directory 'one'. Click the top right button 'Delete it' in the beamer, and confirm the deletion. The directory 'one' is then deleted in the base, the explorer and the beamer. The beamer title becomes 'Beamer on a closed element', until the next selection of a node in the explorer. Caution: deleting a Directory in a Resources tree deletes ALL its direct and indirect children. This is true for numerous software, like an operating system, but not for all. For Access Road and by default, the indirect children are deleted whatever the simulated software. Click the node 'e_jerry' in the explorer, under the node home:: jerry:: d_jerry. In the beamer, click the tab 'AG'. The tab title 'AG' means Account/Group. The beamer has the following state: ![]()
The user may have an Access Road comment on each property, when the mouse arrow is near the property name. For instance, the message 'The main group which contains this resource' is the tip of the property 'main Group' in the beamer. Most of the properties of this 'AG' tab are generic, for all of the ACS managing Accounts and/or Groups. However, the beamer receives also the description of some specific properties from the 'Ubuntu' ACS add-on, like the property 'other as NX rights'. |
![]()
Two-hours tutorial for designing access controls Three-hours tutorial for verifying access controls ![]()
|
The purpose of this tutorial is not to master the simulation of GNU/Linux Ubuntu. Let's say here that a Linux Resource may have an account and a main group. They are the two first properties the AG tab displays. We see the account 'jerry' and the group 'jerry'. Access Road adds the patterns '<U>' for UserID and '<G>' for GroupID before the last component of, respectively, any UserID name and any GroupID name. This is a generic behavior, true for all the ACS. In the case of 'Ubuntu', an account and a group may have the same last component in their names, like 'jerry' there. This AG tab handles varied buttons we have to study. The properties are associated to new buttons, as followings:
With the button 'Select' of the Account property, it is possible to select an UserID in the explorer. Click the Account 'Select' button: the following little dialog appears. It gives the type of the selection to do: 'UserID'. To NOT change the 'e_jerry' account, click the button 'Cancel' of this dialog. ![]() The behavior of Access Road may vary. With the button 'Select' of the 'Account rights' property, the explorer is not implied. A list of rights appears for the selection. Click the Account rights 'Select' button. The following window appears: ![]() Access Road displays the rights without redundancy. There are two cases. If you select the right '|mdown|', it is added to the 'e_jerry' list. If you select another right, it would not appear into the beamer list. This is because the current ACS right 'ctrl' includes the three rights 'w', 'x' and 'r', from the 'Ubuntu' ACS point of view. If you have added '|mdown|', select the right '|mdown|' in the Account right list, and click the 'Remove' button to return to the initial state where 'ctrl' is the single account right. Otherwise, close the 'Selection' window for the rights. On the other hand, the property 'main Group rights' displays the two rights 'r' and 'x' because they are semantically independent. An ACS may deliver complementary data about its properties. Click the node 'tubun' in the explorer, and click the tab 'See Why' in the beamer. This map uses as keys, in the list at left, the property names the beamer displays for this ACS. Click the key 'All the rights'. The value at right is a short text describing the logic of the 'Ubuntu' rights. Creating an ACS object The creation of a new Resource may be done from its parent, as we have seen there for 'one', but also from its ACS, from the tab 'Access Targets' and the property 'Own Resources'. Generally speaking, if the ACS manages all the possible features (this is false for the Ubuntu ACS), the beamer ACS tabs allow to perform the following operations:
An AclEntry is always created from its Resource, at the tab 'ACL'. The Bridge is created from the Actor which is the Bridge source. The Hard Alias is automatically created when its hard reference is created. The Soft Alias is created by program, never through an user command. The ACS rights are defined only at the creation of the ACS. Note: this description does not take account of the adaptive presentation by the beamer, which may remove the displaying of some properties. All the other relations between two ACS objects are made through a selection of an object into the explorer, without creation of a new object in the Access Road base. For instance, the Account/Group rights are managed mainly by the Resources, as internal properties. To summarize, the behavior of the beamer at each selection depends on the property and the ACS. Access Road indicates what type in the explorer is expected, like UserID there, or it displays the list of the new values the property may have, like the Account rights here. The user choice in the explorer is checked by the base, and the new values list comes from the ACS policy. Finally, you simply have to know that Access Road works for you to authorize the allowed values, at any property change. |
![]()
Two-hours tutorial for designing access controls Three-hours tutorial for verifying access controls ![]()
|
The sketcher
Let's take now the easiest part of this tutorial: the sketcher. In the main menu, select the command Window → Sketcher. Select in the explorer the Executable 'e_jerry'. The sketcher window appears at the bottom right of the Access Road window. You should extend the window for having the following image:
The sketcher always shows the current selection of the explorer (and the beamer) like 'e_jerry' there. At each selection, Access Road chooses the objects to put around the selected object. The user cannot modify the view in the sketcher. The drawings of the ACS objects depend on their general types. These drawing patterns are common to all the ACS in Access Road, and to all the kinds of views. The sketcher contains the following items:
Access Road handles in the views several links, like 'init contxt' there, which are not simply the rights between two objects. The glossary defines all the link types Access Road uses in any view. They will be presented in the next tutorials. In a view, the only active objects – on which a click is operating – are the nodes, not the links or the rights. Click the node of the group 'users', to select it in the explorer. 'users' becomes the central node into the sketcher. In this case, the sketcher shows the members of 'users' since it is a group, and it shows the executable 'e_jerry' as right user. 'e_jerry' is the single target. In the sketcher title, 'no updating' means the sketcher view does not change if some rights or some relations are changing in the Access Road base. The sketcher is the simplest view in Access Road, while the other views are updated on-the-fly. If the object to display has too numerous links, like an ACS or a right, or if there is no link at all, like a view, the sketcher displays a Grey rectangle. The most complex rights are not processed in the sketcher, even if they are direct. For instance, with an ' Ubuntu' file, the 'AG Other' rights and the AG inherited rights are not displayed. Click on the explorer to activate it. Use the key '↑' of the keyboard to select in the group 'tty', then 'tom' and 'sys'. See the result in the sketcher. In conclusion, the sketcher is designed to simply jump from one object to another. It shows the simplest direct links and rights. Try it on any 'tubun' object, and enjoy its simplicity! With
the explorer, the IS structure, the beamer and the
sketcher, Let's now apply our new skills for learning how Linux enforces the account rights of a new Resource, from the account properties. |
![]()
Two-hours tutorial for designing access controls Three-hours tutorial for verifying access controls ![]()
|
Understanding Linux umask
It is recommended to save the Access Road base now, for reusing easily this state in the next tutorial: In the main menu, select the command File → Save All (or, Ctrl+s) Select in the explorer the Executable 'e_jerry'. Click the 'Select' button for the property 'Account', in the tab 'AG'. A selection dialog box appears at the top of the main window. Select as new Account, in the explorer, the UserID 'games' under the node 'UserIDs (right user)'. Caution: there is also a GroupID named 'games'. The 'e_jerry' account is updated normally, but also all the other properties in the 'AG' tab. If it is still open, the sketcher does not change. The sketcher is then wrong, until the next normal selection in the explorer! To close the sketcher, simply click the top right cross of its window. The property changes are due to a requirement in the ACS 'tubun', to simulate GNU/Linux Ubuntu. Editing a Resource UserID produces the following changes:
Note: This is an example of an ACS behavior it is not possible to specify through the default ACS properties. It is too complex. This is the responsibility of a specific code in the ACS add-on. To understand this ACS behavior, the user should read the ACS add-on 'Ubuntu' documentation... or it may use Access Road to see it in action. Click the 'See' button of the Account property. The beamer shows the 'AG' tab for 'games'. The property 'UMask for denying' has the default value 'rwx --- ---'. We will see how this property defines the 3 current 'AG' rights of 'e_jerry'. Select the UserID 'jerry' in the explorer. Its umask is '--- -w- rwx'. At this step, if you are not familiar with the Linux umask concept, you should tell: how does it works? Let's see the power of a simulator helping to learn Linux access controls. This is an example of the services Access Road provides for any simulated software. ![]()
Let's set the mouse arrow on the property 'UMask for denying', to read this tip: 'The umask format is 3 independent sets '___ ___ ___', where the ranges in each set are from '---' to 'rwx' for the Account rights, the Group rights, and Other rights'. To see it in practice, it is interesting to change the umask of, say, the UserID 'jerry', then to reset the Executable 'e_jerry' account to this UserID.
The removing of 'x', in the third section of the 'jerry' umask, was about the 'other' rights. It has produced a new 'x' 'other' right for 'e_jerry'. This is why the umask name in Access Road is 'UMask for denying'. 'x' is removing from the resulting new rights of a resource, if it is in the account umask. Otherwise, like now, 'x' is put in the new rights each time the UserID is changed. Note 1: in Access Road, the base is always consistent. Any property change is propagated to all the relevant objects. The user has never to command explicitly the updating of the linked properties, like here the relation between the Resource UserID and the Resource ''Other' NX rights'. While the previous procedure resets the same account 'jerry' to read its new umask, this is not a design error in Access Road. This is due to the specification of the umask. This property is ridden by GNU/Linux Ubuntu only when the account is changed or the resource is created. Access Road simply simulates this behavior. Note 2: the beamer displays a string property into a text field. This is the single case where a property is edited without using buttons. The umask is an example of such string property. The beamer updates this property into the Access Road base only when the user enters a 'return'. In an independent process, all the property changes in the base are listened and displayed by the beamer. For a string property, an entered empty string, or a new string containing only white spaces, is converted by the beamer as a null value before updating the base. Note 3: The umask of the UserID 'jerry' does not explain the initial values of the 'e_jerry' AG rights, at the creation of the ACS, because the ACS add-on provides an additional setting. We have seen the umask value is composed of 3 sections for driving the 3 Account, Group and Other rights. To continue the test of umask, it is possible to change the 'r' and 'w' values in the umask for Account, for instance, and to repeat the previous procedure. Keep in mind that, in the ACS 'Ubuntu', 'ctrl' is the sum of the rights 'r', 'w' and 'x' on a Resource. One should tell each access control concept is not very difficult to understand. But unfortunately, these concepts are precise and very varied from one software to another one. The next tutorial will give a second example with MySQL Server®. Access Road is truly unique to learn the access control concepts in action, and to remind them quickly. Exit Access Road We hope you enjoy this first Access Road tutorial. The next one is for designing access controls. To exit Access Road: In the main menu, select the command File → Exit A dialog box requests if you choose to save all the open ACS, views and GUI configuration. Click the 'No' button. Then, the changes about the umask are not saved. The main window is closing. At the next opening, the locations of the open internal windows at the last saving will be restored, with the same open ACS. |
![]()
Two-hours tutorial for designing access controls Three-hours tutorial for verifying access controls ![]()
|
Creating ACS | Explorer | IS Structure | Beamer
Editing a list | Sketcher | Umask
®All trademarks are property of their respective holders. Copyright ACCBEE – 12 February 2013