diff --git a/README.md b/README.md index 86eaad0..2ede99b 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,9 @@ Traditional access control mechanisms in operating systems allow the same level ## Usage ``` -icfs [target directory] [path to permanent permission database] +Usage: icfs [target directory] [path to the permanent permissions database] + --no-grant-on-create - do not give any access permissions on file creation(incompatible with --perm-on-create) + --perm-on-create - automatically give permanent access permission to files a process creates (incompatible with --no-grant-on-create) ``` The filesystem will be mounted over the target directory, and ask user permission every time a file in that directory is opened. We highly recommend adding `-o default_permissions` to increase performance and add an additional security layer. If you have installed icfs along with `/etc/icfs` folder, you can create your permanent permission databases in this folder (you might want to do this, if your home folder does not have the "execute" permission for other users). @@ -47,6 +49,30 @@ env PATH="$(realpath ./build):$PATH" build/icfs [target directo The `env PATH="$(realpath ./build):$PATH"` adds the access dialogue program to PATH, allowing ICFS to call it seamlessly. +#### Running tests + +ICFS includes a testing script in the `test` directory. + +You can run it **from `test` directory** by running: + +``` +./test.bash +``` + +All testing artifacts will be available in the appropriate folders after run. To test setuid capabilities too (**from `test` directory!!!**): + +``` +./test.bash --setuid +``` + +You can also test performance by adding `--performance` (**from `test` directory!!!**): + +``` +./test.bash --performance +``` + +***Important:*** **flags cannot be combined together (e.g. you can't add `--performance` and `--setuid`)** + ## Docs - [Initial idea and motivation](./docs/bc-thesis-idea.md) @@ -55,6 +81,6 @@ The `env PATH="$(realpath ./build):$PATH"` adds the access dialogue program to P ## Credit -_Student:_ Fedir Kovalov +*Student:* Fedir Kovalov -_Supervisor:_ RNDr. Jaroslav Janáček, PhD. +*Supervisor:* RNDr. Jaroslav Janáček, PhD. diff --git a/src/main.c b/src/main.c index f57fff9..8e7c035 100644 --- a/src/main.c +++ b/src/main.c @@ -31,27 +31,27 @@ int main(int argc, char *argv[]) { if (argc < 3) { fprintf(stderr, "Usage: icfs [target directory] [path to " "the permanent permissions database] \n\t--no-perm-on-create - do not give any " + "arguments>\n\t--no-grant-on-create - do not give any " "access permissions on file creation" - "(incompatible with --temp-on-create)\n\t--perm-on-create " + "(incompatible with --perm-on-create)\n\t--perm-on-create " "- automatically give permanent access permission to files " "a process creates " - "(incompatible with --no-perm-on-create)\n"); + "(incompatible with --no-grant-on-create)\n"); return EXIT_FAILURE; } - if ((0 == strcmp(argv[argc - 1], "--no-perm-on-create") && + if ((0 == strcmp(argv[argc - 1], "--no-grant-on-create") && 0 == strcmp(argv[argc - 2], "--temp-on-create")) || - (0 == strcmp(argv[argc - 2], "--no-perm-on-create") && + (0 == strcmp(argv[argc - 2], "--no-grant-on-create") && 0 == strcmp(argv[argc - 1], "--temp-on-create"))) { fprintf(stderr, "Usage: icfs [target directory] [path to " "the permanent permissions database] \n\t--no-perm-on-create - do not give any " + "arguments>\n\t--no-grant-on-create - do not give any " "access permissions on file creation" - "(incompatible with --temp-on-create)\n\t--perm-on-create " + "(incompatible with --perm-on-create)\n\t--perm-on-create " "- automatically give permanent access permission to files " "a process creates " - "(incompatible with --no-perm-on-create)\n"); + "(incompatible with --no-grant-on-create)\n"); return EXIT_FAILURE; } @@ -59,7 +59,7 @@ int main(int argc, char *argv[]) { // permissions than it's caller reqested umask(0); - if (0 == strcmp(argv[argc - 1], "--no-perm-on-create")) { + if (0 == strcmp(argv[argc - 1], "--no-grant-on-create")) { set_auto_create_perm(0); argc--; }