Books: A User's Report
This month I review a new book on UNIX system security,
edition of O'Reilly's popular UNIX in a Nutshell, and
book by W. Richard Stevens, Advanced Programming in
the UNIX Environment.
UNIX System Security
A Guide for Users and System Administrators
by David A. Curry
Addison-Wesley Professional Computing Series
In the years since UNIX was developed, UNIX security
has been both
ignored and intensely implemented. When UNIX was first
was primarily a programmer's tool and was used in team
this context, there was little need for security. With
however, it became necessary to protect some aspects
of the UNIX operating
With UNIX System Security, Curry addresses both users
administrators, noting that both share responsibility
for system security.
He begins by discussing four well-known cases of attacks
on UNIX systems.
The descriptions of these attacks make for fascinating
reading, even for those who are not particularly interested
but do enjoy a good detective novel. The author recounts
attacks were, what temporary and permanent harm they
caused, and how
they were found.
After this introduction to attacks and viruses, Curry
rest of the book to security procedures that could have
these attacks. Focusing on the user's role in maintaining
Curry provides a set of guidelines for choosing a password
and a set
of strictures on what not to pick, along with examples
Even with your account seemingly well-protected by an
password, you must still defend your files from unwanted
Curry examines several UNIX commands designed to prevent
user from copying, changing, or deleting your files
He also stresses the importance of good backup strategies
in which file system security may be monitored.
The remainder of UNIX System Security is dedicated to
security topics, including workstations, terminals,
modems, and TCP/IP
network security. Curry discusses NIS, NFS, and RFS,
one full chapter to responding to attacks and another
One of the most interesting chapters, "Security
investigates what should constitute a security policy
and why. The
author does not recommend a standard policy; instead,
the elements that comprise an effective security policy
so that each
individual can customize a policy for his/her system.
UNIX System Security is so clearly written that even
the more complex topics become easy to understand, and
there are sections
that even the most inexperienced user will comprehend.
begins with an introduction explaining the chapter's
ends with a summary of the chapter's most important
also presents a great deal of supplementary -- and,
in some cases
-- surprising information. He includes USENET newsgroups,
reading, an excellent bibliography, and a well-documented
in addition to the source code for a password cracker,
checker, and dialogue from an open network authentication
"Kerberos." The open network authentication
system has been
reprinted with the permission of MIT, where Project
Athena was designed
and implemented. Security is often overlooked when the
learns UNIX. Curry has provided an essential text in
both the beginning and the experienced UNIX user.
UNIX in a Nutshell
A Desktop Quick Reference for System V and
by Daniel Gilly and the Staff of O'Reilly and
O'Reilly and Associates, Inc.
O'Reilly and Associates, Inc. publish UNIX in a Nutshell,
of the most useful desk references available. Versions
of the book
are available for both the Berkeley UNIX system and
UNIX System V.
Through the efforts of Daniel Gilly, with the continued
O'Reilly and Associates, UNIX in a Nutshell for System
been revised. The new edition includes System V Release
4 and information
pertaining to Solaris 2.0.
As I compared the two versions, I found the same quality
in both books.
However, the updated edition contains several sections
that the previous
version had omitted. Even the introduction encompasses
The UNIX command section has been expanded, although
the alphabetical summary of the commands has been retained.
have included a very helpful diagram of the history
of Solaris 2.0,
some commands that do not exist in UNIX System V Release
3, and a
guide for users of BSD systems. Also included are twelve
attempt to classify the UNIX commands in categories
-- such as
communication -- to make it easier for the new users
to find the
commands they need.
The previous edition included the Bourne and C shells
in one section.
In the new version, the Bourne and Korn shells are in
while the C shell has a section by itself. Each of these
is longer than the original shell section.
Whereas the prior edition did include pattern matching,
it did not
contain any information on the UNIX editors. The new
issue not only
improves the pattern matching section, but also includes
chapters on the emacs, vi, and ex editors. In
addition, the current version presents sections on two
tools: sed, the stream editor, and the awk scripting
The authors have retained the sections on nroff, troff,
packages and their preprocessors, as well as the chapters
and MAKE. All of the sections imported from the earlier
been reworked and improved. New to this edition is a
section on the
RCS utility, the Revision Control System. To some extent,
on SCCS and RCS complement one another, which makes
helpful to those users who are used to one control system
making the transition to another.
The section dealing with Program Debugging has changed
In the previous edition, the two debuggers examined
(symbolic debugger) and adb (absolute debugger). The
version has eliminated adb in favor of the dbx debugger,
which is available only in Solaris 2.0. However, the
retained the information on the more popular sdb.
If you are familiar with the O'Reilly Nutshell Handbooks,
be expecting a spiral-bound book. However, O'Reilly
now uses the popular
lay-flat bindings, which work quite well. I have tried
copy of the book to several different places and it
me to another section of the book (against my will)
yet. It also fits
a lot better on my bookshelf.
This book is the perfect desktop reference. It contains
the most popular
commands, Bourne, Korn, and C shell syntaxes, text formatting
instructions for the emacs, vi, and ex editors
plus sections on sed, awk, and debugging tools. It doesn't
take much space and could easily replace three to five
currently occupy room on every UNIX programmer's desk.
have presented a clear and concisely written book which
an excellent addition to any UNIX user's library.
Advanced Programming in the UNIX Environment
by W. Richard Stevens
Addison-Wesley Professional Computing Series
If Richard Stevens had wanted to be frivolous in naming
it could easily have been entitled Everything You Always
to Know about UNIX, But Were Afraid to Ask. When I first
his book, I thought that this was no ordinary book on
programming. Fortunately, I was right!
Stevens has written a book that covers the UNIX system
and the most important functions in the ANSI C library.
In other words,
he is providing additional understanding for those who
want to know
how programs operate when running under UNIX. As Stevens
topics have traditionally been detailed in the UNIX
Manual. However, the manual neither addresses the reasoning
these topics nor provides examples. This book does both.
The book is not for beginners, however; it assumes extensive
experience as well as some knowledge of UNIX. Although
the first chapter
seems like an introduction to UNIX, some UNIX conventions
taken for granted or explained too briefly for a novice
The first C program, a simple implementation of the
command, appears on page 4.
After this brief introduction to UNIX, and before Stevens
file I/O or structure, he devotes a chapter to UNIX
plus different UNIX implementations and their relationship
another. He then returns to a discussion of unbuffered
I/O and a separate
chapter on files and directories. In contrast to the
chapter on unbuffered
I/O, he presents a section on the standard I/O library
system data files and information. As Stevens develops
process to understanding UNIX and its interface with
C, he constantly
refers to the issue of standardization, its strengths
and its weaknesses.
Stevens also covers processes, more I/O, and interprocess
His treatment addresses the environment, process control,
relationships, and signals. Stevens examines the execution
of a C
program to determine the UNIX environment of this single
His discussion of process control describes the relationships
different processes, whereas the section on process
emphasizes the connections among groups of processes.
signals are software interrupts and their individual
well as a critique of earlier implementations of signals,
were incorrect and why.
The next section of Advanced Programming in the UNIX
terminal I/O, advanced I/O, and daemon processes. This
that on IPC (interprocess communication), the means
by which different
processes exchange data or information. Many different
types of IPC
exist and, as might be expected, not all types apply
to every system.
On the basis of the information provided in the first
part of the
book, Stevens next presents four examples that the reader
a database library, a Postscript printer driver, a modem
a program that uses a pseudo-terminal.
This is an excellent book. When I first examined the
table of contents,
I saw that it had something for everyone; as I read
it, I saw that
Stevens had done an extraordinary job. Not only does
he describe and
explain each topic, but he also shows its relationships
to other subjects
and why one idea's presentation must preceed another's.
begins with an introduction and concludes with a summary
by a set of exercises. The bibliography at the end of
the book is
very helpful and the answers to selected exercises will
endeavoring to really learn about the UNIX environment.
About the Author
Elizabeth Zinkann has been involved in the UNIX and
C environments for the past
11 years. She is currently a UNIX and C consultant,
and one of her specialities
is UNIX education. In addition to her computer science
background, she also has a
degree in English. Elizabeth can be reached via CompuServe
(Internet format: firstname.lastname@example.org), or via