Linux Lesson 3

Syntax of sticky bits (Symbolic Mode)

# chmod +t {directory names}

Syntax of sticky bits (Absolute Mode)

# chmod 1--- {directory names}

set an ACL entry for userA with rwx access:

# setfacl -m u:userA : rwx fileA

set an ACL entry userA with rwx access and group sales with rw access:

# setfacl -m u:userA : rwx, g: sales: rw fileA

USID (set user ID)

-special permissions- less privileged users are allowed to execute a file by assuming the privileges of the files owner, allows user to temporarily take on higher level privileges in a limited context.

SGID (set group ID)

-special permissions- less privileged users are allowed to execute a file by assuming the privileges of the files groups, allows user to temporarily take on higher level privileges in a limited context.

(Absolute Mode) What octal is Execute?

1

(Absolute Mode) What octal is Write?

2

(Absolute Mode) What octal is Read?

4

What is the full octal equivalent of RW perms?

4+2 = 6

What is the full octal equivalent of full RWX perms?

4+2+1 = 7

what is the default umask number?

666

What three absolute mode digits represent the following level of access: user = rwx, group = rw, others = read

764

Access Control List (ACL)

A list of permissions attached to an object. ACL's can be used in situations where the traditional file permission concept does not suffice. ACL's enable you to assign permissions to individual users or groups even if these do not correspond to the objects owner or group.

Which of the following best describe how ACLs are more flexible than standard permissions? (Select 2)

ACLs can grant multiple permissions to multiple groups. ACLs can grant multiple permissions to multiple users.

Absolute mode vs Symbolic mode

Absolute mode displays in octal numerals while symbolic mode displays information using operators.

umask command

Alter the default permissions on newly created files and directories.

The Immutable Flag

An attribute of a file or directory that prevents it from being modified, even by the root user. No one can delete, rename, or write to this file. syntax: use the lsattr command to list attributes of a file or directory, and a lowercase i (i) will indicate if the immutable flag is set.

Why did the access problem centered around the Facilities group in the first activity occur?

Because Linux is case-sensitive.

If the SGID is set on a directory, and the directory's associated group is sales, what group will be assigned to new files created in the directory?

The sales group

chgrp command

Used to change the group ownership of a file or directory

syntax of chmod

[options] {mode} {file / directory name}

chown command

allows admins to changes the user and/or group ownership of a given file

Syntax of chattr

chattr [-R] [-v {version} ] [+ - {attributes} ] {file / directory}

Which of the following best represents the correct command to change the group associated with the /opt/projects directory to Marketing?

chgrp -R Marketing /opt/projects

Syntax of chgrp

chgrp {group name} {file / directory}

Which of the following best represents the correct command to add the w and x permissions to the group and others for the /opt/projects directory?

chmod go+rw /opt/projects

Chmod Absolute mode syntax

chmod {number} {file / directory name}

Syntax to recursively change ownership

chown -R

Syntax to change the group but not the owner:

chown : {new group} {file name}

Syntax to change both the owner and the group:

chown {new owner} : {new group} {file name}

Syntax to change the owner but not the group:

chown {new owner} {filename}

setfacl (set file ACL) command

configures ACL permissions. used to change the permissions associated with the ACL of a file or directory.

A directory is identified by ___________

d character (d)

A file is identified by __________

dash character (-)

lsattr command

displays current attribute settings such as immutable flag.

Principle of Least Privilege

enforces the idea that users should be given as little access to resources as necessary for them to do their jobs, with no additional unneeded access.

Who can delete a file with the immutable flag set?

No one

chattr -R

Recursively change the attributes of directories and their contents.

lsattr -R

Recursively list the attributes of directories and their contents

setfacl -R

Recursively set ACL options for directories and their contents.

setfacl -b

Remove all ACL entries (not including standard permissions)

setfacl -x u

Remove entries from an existing ACL. setfacl -x u:{username} {filename}

chattr -i

Remove the read-only, or immutable, attribute of the file. Requires superuser privileges.

chmod -c

Report changes that are made in permissions.

setfacl -s

Set the ACL of an object, replacing any existing ACL.

Which of the following answers best describes the effect of the following command: chown user1:sales file1

Sets user1 as the owner, sales as the group for file1.

usermod command

The command used to modify the properties of a user account on the system.

What is the purpose of the execute (x) permission for directories.

The execute (x) permission on a directory allows a user to use cd to access a directory.

Syntax (Absolute Mode) of SUID

set SUID: chmod 4--- {file - names} set SGID: chmod 2--- {directory - names} last three bits are whatever standard permissions you choose.

Syntax (Symbolic Mode) of SUID

set SUID: chmod u + s {file name} set SGID: chmod g + s {directory - names}

umask command

set default permissions for users - deny = allow either with absolute or symbolic notation | (UNIX 666 is default file and 777 for directory) alters the default permissions on newly created files and directories

chattr -v {version}

set the version number of a file

Syntax of setfacl

setfacl [-bR] [-mx {acl_spec} ] {file/directory names} when working with users: u: {user name} : {permissions} when working with groups: g: {group name} : {permissions}

By default, who is the owner of a file or directory?

the user who created that file or directory (other than the super user or root, no other user can change the permissions of that object)

Symbolic Mode permissions context

u/g/o/a (a applies the perms to all three) +/-/= (plus sign grants perms) (minus sign denies perms) (= sign assigns perms exactly as provided) Syntax: chmod {access context} {operators} {permissions attributes} {file / directory names} ex: add read and write permission to 'file1' for owner and group: (chmod u+rw, g+rw file1)

Which of the following best describes the purpose of the umask value?

umask defines default permissions for newly-created directories and files.

chattr command

used to change the attributes of a file or directory this command modifies attribute settings

getfacl (get file ACL) command

used to display existing ACL settings. used to retrieve the ACL's of files and directories. This command shows metadata about the object, including its owner, its group, any SUDI/SGID/sticky bit flag set, the standard permissions associated with the object, and the individual permission entries for users and groups. Syntax: getfacl {filenames}

Absolute Mode

uses octal (base 8) numbers to specify permissions.

sticky bit

was previously used on files in the past to lock them in memory. However, they are currently applicable to directories. This ensures that a user can only delete his/her own files in a directory. is a special permission bit that protects files in a directory. It ensures that only the owner of a file or directory (root) can delete the file or directory. sticky bits ensure that users do not have delete privileges but still have the rest of the privileges that come with writing and executing files and directories. YOU CAN SEE THE STICKY BIT IN THE EXECUTE POSITION FOR OTHER USERS (last position) AS THE LOWERCASE (t) OR THE CAPITALIZED LETTER (T) IF THE EXECUTE PERMISSION IS NOT SET FOR OTHERS!

Structure of Permissions

Current User, Group, and Other.

chmod -v

Display a diagnostic entry for every file processed.

chmod -f

Hide most error messages.

chmod command

Linux command; change mode, change permissions for files

lsattr -a

List all files in directories

lsattr -d

List directories like files, instead of listing their contents

chattr +i

Mark the file as read-only, or immutable. Requires superuser privileges.

chmod -R

Modify permissions of files and directories recursively

setfacl -m

Modify the existing ACL of an object. setfacl -m u:{username}:rw {filename}

What command displays currently configured ACLs?

getfacl

lsattr -v

list the version number of the file

ls -l

lists all contents in long format

Syntax of lsattr

lsattr [options] {file/directory names}

Who can delete a file with the sticky bit set? (Select 2)

owner