Sunday, May 23, 2010

How to use an extern variable in C?

   Extern variable in C is an extension of global variable concept. First, let us see what is a global variable and the difference between a global variable and an extern variable.

What is a global variable?

       Any variable declared outside a function block is a global variable. A global variable  can be accessed by any function in the file in which it is defined. The scope of the global variable is throughout the file in which it is present. 
int globalVar;
   The variable globalVar is defined as a global variable for which memory space is allocated and the memory location is accessed by the name globalVar. Since there is no initial value specified, the variable gets initialized to zero. This variable can now be accessed from any function in the file in which this definition is present.

What is an extern  variable?

   Assume a scenario where you would like to access the global variable globalVar in another program. If you happen to declare a global variable with the same name in the second file, the compiler will not allow since no two variables can be declared with the same name.  So, how would you access the global variable globalVar defined in the first file? Simple, the answer to this is extern.
extern int globalVar;
  When you use extern keyword before the global variable declaration, the compiler understands you want to access a variable being  defined in another program or file, and hence not to allocate any memory for this one. Instead, it simply points to the global variable defined in the other file. In this fashion, you can use the extern keyword in any number of programs to access the global variable globalVar. However, the definition should only be at one place.

Let us see an example:

# cat f1.c
#include <stdio.h>

int globalVar=3;

void fun();

int main()
{
 fun();
 printf("Global var in f1 is %d\n", globalVar);
 return 1;
}
     The above file f1.c contains the main program in which a function fun is being called. The main point here is the definition of the variable globalVar. At this juncture, the globalVar is simply a global variable.

#cat f2.c
#include <stdio.h>

extern int globalVar;
void fun()
{
  printf("Global var in f2 is %d\n", globalVar);
  globalVar++;
}
     In the above file f2.c, the function fun wants to access the variable globalVar being defined in the file f1.c. In order to access the variable, the extern keyword is used for declaration of the globalVar variable and hence no memory is allocated for globalVar, instead it starts pointing to the globalVar in the f1.c .

# cc -o ser f1.c f2.c
# ./ser
Global var in f2 is 3
Global var in f1 is 4
#
  The files are compiled and an executable ser is generated. On running the executable ser, as shown above, the function in the file f2.c accessed the variable defined in the first file f1.c.

Sunday, May 16, 2010

Secure sqlplus connection?

  sqlplus command is used to connect to Oracle from Unix and we saw the different ways to connect to sqlplus from UNIX and retrieve data in one of our earlier articles. Whenever we connect to sqlplus, the username, password and instance are provided in the command line itself. This way of establishing a connection to sqlplus is not considered secure since the database user details are accessible to any UNIX user from the process table.

  To illustrate this, let us open two Unix terminals.

  1. In Terminal 1, connect to an sqlplus session as shown below:
#echo $USER
guru
# sqlplus blogger/Secret!@myinst
>
      The sqlplus command used above will establish a sqlplus connection.

  2. In the Terminal 2, let us list all the process for the user 'guru'.
#ps -ef | grep sqlplus
guru 2716 29208  0 20:43:05 pts/10  0:01 sqlplus blogger/Secret!@myinst
#
  As shown above, sqlplus connection is shown as one of the processes in which all the credentials are easily viewable. These credentials are not only visible to the user 'guru' and the 'root', but also to any user in the UNIX box. And hence this is not a secure way of connecting to sqlplus in very sensitive environments.

 Solution:

   sqlplus connection can be made from the shell in a different way in which no user information needs to be given as part of command line arguments. All the credentials are given only after getting into the sqlplus session:

1. In the 1st terminal, we will establish a sqlplus connection in the way shown below:
#sqlplus /nolog
>connect blogger/Secret!@myinst
Connected.
>show user
USER is "blogger"
>
    As shown above, the username and password details are provided using the sqlplus connect command. And hence the Unix shell is not aware of the user details.

  2. In the 2nd terminal, lets list again all the processes run by the user 'guru':
#ps -ef | grep sqlplus
guru 3261 29208 23 20:44:07 pts/10 0:01 sqlplus /nolog
#
   The user/password details are no longer visible and hence the connection is secure.

Monday, May 10, 2010

Login shell or a non-login shell?

 Shells in UNIX are classified into two categories:
  • Login Shell
  • Sub shell (Non-Login shell)
    Login shell is a shell where the user reaches on trying to login to his account. This login shell, ksh or bash or tcsh or sh, is defined for the user at the time of user account creation. However, the login shell of an user can always be changed by the root user. 

   Sub shell or a non-login is a shell which is invoked from the login shell or from a different sub shell by just typing the name of the shell. In fact, whenever a shell script is run, a sub-shell is opened internally and the script is run from the sub-shell.

1. How to go to a sub-shell?
  
  Simple, from the current shell, if you want to go to a k-shell, type 'ksh' at the prompt.
#ksh
#
   In the same way, one can switch to any shell by tying the name of the shell at the prompt. In other words, any shell opened from the login shell in the above manner is a sub-shell.

2. How to find out whether the shell is a login-shell or a non-login shell?

   Two environment variables are available to find or identify whether a shell is login or sub-shell.
  • $SHELL - This always tells the login shell.
  • $0        - This always tells the current shell.
   i) Login Shell: Assuming the user is currently in his login-shell which is tcsh:
#echo $SHELL
tcsh
#echo $0
tcsh
#
    In this case, both the variables are showing the same value. It is because the login shell and current shell are same in this case.

  ii) Non-Login shell:
#echo $SHELL
tcsh
#ksh
#echo $SHELL
tcsh
#echo $0
ksh
#
   As shown above, the user initially is in login shell tcsh and then switches to ksh. On switching to ksh, the $0 shows ksh however the SHELL variable still shows tcsh.



Monday, May 3, 2010

File permissions vs Directory permissions

   Everything is a file in UNIX, they say. A file needs some necessary file permissions to be accessed, so is a directory. File permissions is one of the most common and important activity which every UNIX user comes across. However, directory permissions is not so common an activity and hence the assumption that the file permissions are the same as directory permissions, difference being applied on the directory level, which is incorrect. Lets see the difference between them.

The basic file/directory permission attributes are : r w x
r   -  read permission
w   -  write permission
x   -  Execute permission
File Permissions:

   Very quickly, lets see the file permissions with a file as example:
# ls -l file
-rw-r--r--   1 blogger        adm             27 May  2 08:04 file
#
 For simplicity, lets focus only on the owner permissions(highlighted in red). On the file named 'file' :

r   - Indicates the user can read the file.
w - Indicates the user can edit or delete the file.
'-'  - Indicates the user cannot execute the file since 'x' is not set.


Directory Permissions:

     Directory permissions are very different from the file permissions. Lets create a directory named 'abc' and check the differences. To understand the differences better,  all the file permissions are being removed and will be applied one by one. For simplicity, we deal only with the owner permissions:
#mkdir abc
#ls -l
total 0
drwxr-xr-x   2 blogger        adm             96 May  2 08:20 abc
#chmod -rwx abc
#ls -l
total 0
d---------   2 blogger        adm             96 May  2 08:26 abc
#
  1. Listing the files inside the directory:
#ls abc
abc unreadable
total 0
#
    It is the read permission of the directory which enables the unix user to list the files inside the directory.
#chmod u+r abc
#ls abc
#
   No files have been listed since the directory does not contain any. However, the point to be noted is no error is being thrown.

   2. Lets get into the directory 'abc':
#cd abc
abc: Permission denied.
#chmod u+x abc
#cd abc
#
   It is the executable permission on a directory which enables the user to get into the directory. However, the executable permission with respect to a file is completely different.

 3.   Lets now try to create a file under 'abc' directory:
#touch file
touch: file cannot create
   The user is not able to create a file in the abc directory because the directory does not have write permission.
#cd ..
#chmod u+w abc
#cd abc
#touch file
#
  The file got created successfully.  If creation is successful, so will be the deletion of the file. These are the differences between the permissions or attributes between file permissions and directory permissions.