1) In what environments is mandatory access control useful? 2) Consider the following set of Unix permissions: / rwx,r-x,r-x root root /home rwx,r-x,r-x root root /home/smb rwx,r-x,--x smb faculty /home/smb/upload rwx,-wx,-wx smb faculty /home/smb/upload/td rw-,---,--- smb faculty /home/smb/upload/xy rw-,r--,r-- robin student /home/chris rwx,--x,--x chris other /home/chris/proj r-x,rwx,--- chris proj Below is a list of commands, preceded by the user.group of the process. Which commands will succeed? For command (c), assume that the two directories are on the same file system. For command (e), assume that the processs current working directory is /home/smb/upload. For commands that fail, explain which permission entry caused the failure. (a) chris.root date >/home/chris/proj/now (b) pat.student echo data >/home/smb/upload/p1 (c) chris.other mv /home/smb/upload/td /home/chris (d) joe.student ls -l /home/smb/upload/xy (e) sue.faculty cd ../../chris 3) There is a network file transfer daemon that maintains a queue of pending and past requests. It uses three directories, with the following ownership and permission: pending trans:daemon rwx,rx,x done trans:daemon rwx,rx,x data trans:daemon rwx,-,- The control files are in 'pending' or 'done', depending on the request status. The data files being transferred are, of course, in the 'data' directory. a) The program that actually transfers files has to be able to read the control file directory, read individual control files, read the associated data files, and move the control files to the done directory. What privileges must this program run with? b) The program that gives the queue status needs to be able to read the control file directory and individual control files. It does not need to read data files. What privileges must this program run with? c) Why is it a good idea for the queue status program to have fewer privileges than the transfer program?