RH134 V8.2 Ch4: File Access Control Lists (facls)
Use the output below to answer the question. Who is a named-user in this ACL? [user@host content]$ getfacl reports.txt # file: reports.txt # owner: mary # group: sales user::rwx user:consultant3:--- user:1005:rwx #effective:r-- group::rwx #effective:r-- group:consultants:r-- group:2210:rwx #effective:r-- mask::r-- other::---
1005 and consultant3
Use the output below to answer the question. User 1005 was given rwx permission to the reports.txt, why is her effective permission read-only [user@host content]$ getfacl reports.txt # file: reports.txt # owner: mary # group: sales user::rwx user:consultant3:--- user:1005:rwx #effective:r-- group::rwx #effective:r-- group:consultants:r-- group:2210:rwx #effective:r-- mask::r-- other::---
Because the acl mask is set to read-only (mask::r--).
What is the difference between the user-owner and a named-user when it comes to facls?
The user-owner is the account that has the power to create or modify the ACL. Named-users are accounts that gain access through the ACL. Facl masks to do not apply against the user-owner
True or False Non-privileged users and chang ACLs on files and directories they own?
True
Someone accidentally remove the ACL for the reports.txt file. Luckly, you made a backup copy of it named reports.acl.backup. How would you restore the ACL to the file?
cd into the directory containing the file and run: setfacl --restore=reports.acl.backup
Use the output below to answer the question. Identify the named-groups? [user@host content]$ getfacl reports.txt # file: reports.txt # owner: mary # group: sales user::rwx user:consultant3:--- user:1005:rwx #effective:r-- group::rwx #effective:r-- group:consultants:r-- group:2210:rwx #effective:r-- mask::r-- other::---
consultants and 2210
Which command will display the current ACLs set on a file or folder?
getfacl
Use the output below to answer the question. How could you backup the ACL on the reports.txt file? [user@host content]$ getfacl reports.txt # file: reports.txt # owner: mary # group: sales user::rwx user:consultant3:--- user:1005:rwx #effective:r-- group::rwx #effective:r-- group:consultants:r-- group:2210:rwx #effective:r-- mask::r-- other::---
getfacl reports.txt > reports.acl.backup
Use the output below to answer the question. Which user account can modify the acl on this file?? [user@host content]$ getfacl reports.txt # file: reports.txt # owner: joe # group: sales user::rwx user:bill:rwx user:betty:rwx user:khalid:rwx user:chrissy:rwx group::rwx mask::rwx other::---
joe
Based on the output below, which of the directories do not have an ACL attached to it? root@localhost data]# ls -l total 0 drwxr-xr-x. 2 root root 6 Feb 24 12:34 mydir drwxrwxrwx+ 3 student student 20 Feb 24 11:10 test drwxr-xr-x. 2 root root 6 Feb 24 12:34 test2
mydir and test2
Use the output below to answer the question. What permission to the reports.txt file does the group admins have? [user@host content]$ getfacl reports.txt # file: reports.txt # owner: joe # group: admins user::rwx user:consultant3:--- user:1005:rwx #effective:rw- group::rwx #effective:rw- group:consultant1:r-- group:2210:rwx #effective:rw- mask::rw- other::---
rw
Use the output below to answer the question. What access does mary have to the reports.txt file? [user@host content]$ getfacl reports.txt # file: reports.txt # owner: mary # group: sales user::rwx user:consultant3:--- user:1005:rwx #effective:r-- group::rwx #effective:r-- group:consultants:r-- group:2210:rwx #effective:r-- mask::r-- other::---
rwx
Use the output below to answer the question. What permission to the reports.txt file does the the user-owner have? [user@host content]$ getfacl reports.txt # file: reports.txt # owner: joe # group: admins user::rwx user:consultant3:--- user:1005:rwx #effective:rw- group::rwx #effective:rw- group:consultant1:r-- group:2210:rwx #effective:rw- mask::rw- other::---
rwx
Which command can you use to activate ACLs on a file or folder?
setfacl
What facl command will give the user mary read-only access to all files in /data/sales and it's sub-directories?
setfacl -Rm u:mary:rX /data/sales
What command would remove all ACLs from the /data/test directory?
setfacl -b /data/test
You've given the user mary read-only access to all existing files in /data/sales. How can you make sure she will receive the same access to all newly created files in /data/sales?
setfacl -m d:u:mary:rX /data/sales
What command would remove the user joe's ACL access to /data/test directory
setfacl -x u:joe: /data/test
Based on the output below, which of the directories has an ACL attached to it? root@localhost data]# ls -l total 0 drwxr-xr-x. 2 root root 6 Feb 24 12:34 mydir drwxrwxrwx+ 3 student student 20 Feb 24 11:10 test drwxr-xr-x. 2 root root 6 Feb 24 12:34 test2
test
Use the output below to answer the question. Can members of the sales group modify this file? [user@host content]$ getfacl reports.txt # file: reports.txt # owner: mary # group: sales user::rwx user:consultant3:--- user:1005:rwx #effective:rw- group::rwx #effective:rw- group:consultants:rw- group:2210:rwx #effective:rw- mask::rw- other::---
yes