RH124 Chapter 7: Controlling Access to Files
What are the 3 user categories to which permissions apply?
1. The file is owned by a user, normally the one who created the file. 2. The file is also owned by a single group, usually the primary group of the user who created the file, but this can be changed. 3. Different permissions can be set for the owning user, the owning group, and for all other users on the system that are not the user or a member of the owning group.
The system has four users assigned to the following groups: - User consultant1 is in groups consultant1 and database1 -User operator1 is in groups operator1 and database1 - User contractor1 is in groups contractor1 and contractor3 -User operator2 is in groups operator2 and contractor3 The current directory (.) contains four files with the following permissions information: drwxrwxr-x. operator1 database1 . -rw-rw-r--. consultant1 consultant1 lfile1 -rw-r--rw-. consultant1 database1 lfile2 -rw-rw-r--. operator1 database1 rfile1 -rw-r-----. operator1 database1 rfile2 Which file has a group ownership of consultant1? A. lfile1 B. lfile2 C. rfile1 D. rfile2
A
The system has four users assigned to the following groups: - User consultant1 is in groups consultant1 and database1 -User operator1 is in groups operator1 and database1 - User contractor1 is in groups contractor1 and contractor3 -User operator2 is in groups operator2 and contractor3 The current directory (.) contains four files with the following permissions information: drwxrwxr-x. operator1 database1 . -rw-rw-r--. consultant1 consultant1 lfile1 -rw-r--rw-. consultant1 database1 lfile2 -rw-rw-r--. operator1 database1 rfile1 -rw-r-----. operator1 database1 rfile2 Which file cannot be read by the operator2 user? A. lfile1 B. lfile2 C. rfile1 D. rfile2
D
What does the -d option of the ls command show?
Detailed information about a directory itself, and not its contents.
What does the -l option of the ls command show?
Detailed information about permissions and ownership.
How to change ownership in Linux?
File ownership can be changed with the chown (change owner) command.
What is the chgrp command in Linux?
Instead of using chown, some users change the group ownership by using the chgrp command. This command works just like chown, except that it is only used to change group ownership and the colon (:) before the group name is not required.
T or F: If a user only has execute access on a directory, they cannot list file names in the directory.
T
T or F: If they know the name of a file that they have permission to read, they can access the contents of that file from outside the directory by explicitly specifying the relative file name.
T
T or F: User permissions override group permissions, which override other permissions.
T
T or F: Users normally have both read and execute permissions on read-only directories so that they can list the directory and have full read-only access to its contents.
T, if a user only has read access on a directory, the names of the files in it can be listed, but no other information, including permissions or time stamps, are available, nor can they be accessed.
What is the setuid permission in Linux?
The setuid permission on an executable file means that commands run as the user owning the file, not as the user that ran the command. - Example: One example is the passwd command: [user@host ~]$ ls -l /usr/bin/passwd -rwsr-xr-x. 1 root root 35504 Jul 16 2010 /usr/bin/passwd
What is the setgid permission in Linux?
The special permission setgid on a directory means that files created in the directory inherit their group ownership from the directory, rather than inheriting it from the creating user. This is commonly used on group collaborative directories to automatically change a file from the default private group to the shared group, or if files in a directory should be always owned by a specific group. - Example: An example of this is the /run/log/journal directory: [user@host ~]$ ls -ld /run/log/journal drwxr-sr-x. 3 root systemd-journal 60 May 18 09:15 /run/log/journal
What are special permissions in Linux?
These permissions provide additional access-related features over and above what the basic permission types allow.
What are Linux file permissions?
They control access to file.
How do you set read and write permissions for user, read permission for group and other, on samplfile using the numeric method?
chmod 644 samplefile
How do you set read, write, and execute permissions for user, read, and execute permissions for group, and no permission for other on sampledir using the numeric method?
chmod 750 sampledir
How do you add execute permission for everyone on file2 using chmod symbolic method?
chmod a+x file2
How do you remove read and write permission for group and other on file1 using chmod symbolic method?
chmod go-rw file1
What is the chown command to grant ownership of test_dir and all files and subdirectories within it to student?
chown -R student test_dir - chown can be used with the -R option to recursively change the ownership of an entire directory tree.
What is the chown command to change the froup test_dir to admins?
chown :admins test_dir - The chown command can also be used to change group ownership of a file by preceding the group name with a colon (:).
What is the chown command to grant ownership of the test_file to the student user?
chown student test_file
What is the chown command to change the ownership of test_dir to visitor and the group to guests?
chown visitor:guests test_dir - The chown command can also be used to change both owner and group at the same time by using the owner:group syntax.
What is w (write) permission?
- File contents can be changed. - Any file in the directory can be created or deleted.
What is r (read) permission?
- File contents can be read. - Contents of the directory (the file names) can be listed.
What is the speical permission g+s (sgid)?
- File executes as the group that owns the file. - Files newly created in the directory have their group owner set to match the group owner of the directory.
What is the special permission u+s (suid)?
- File executes as the user that owns the file, not the user that ran the file. - No effects on the directory.
What is x (execute) permission?
- Files can be executed as commands. - The directory can become the current working directory. (You can cd into it, but also require read permission to list files found there.)
What is the special permission o+t (sticky)?
- No effects on files. - Users with write access to the directory can only remove files that they own; they can't remove or force saves to files owned by other users.
How do you change permissions in Linux?
- The command used to change permissions from the command line is chmod, which means "change mode" (permissions are also called the mode of a file). - The chmod command takes a permission instruction followed by a list of files or directories to change. - The permission instruction can be issued either symbolically (the symbolic method) or numerically (the numeric method).
What is the symbolic method of changing file permissions?
- The symbolic method of changing file permissions uses letters to represent the different groups of permissions: u for user, g for group, o for other, and a for all. - With the symbolic method, it is not necessary to set a complete new group of permissions. Instead, you can change one or more of the existing permissions. Use + or - to add or remove permissions, respectively, or use = to replace the entire set for a group of permissions. The permissions themselves are represented by a single letter: r for read, w for write, and x for execute. When using chmod to change permissions with the symbolic method, using a capital X as the permission flag will add execute permission only if the file is a directory or already has execute set for user, group, or other. - Example: chmod WhoWhatWhich file|directory 1. Who: u, g, o, a (for user, group, other all). 2. What: +, -, = (for add, remove, set exactly). 3. Which: r, w, x
How do you changes permissions with the numeric method?
- Using the numeric method, permissions are represented by a 3-digit (or 4-digit, when setting advanced permissions) octal number. A single octal digit can represent any single value from 0-7. - In the 3-digit octal (numeric) representation of permissions, each digit stands for one access level, from left to right: user, group, and other. To determine each digit: 1. Start with 0. 2. If the read permission should be present for this access level, add 4. 3. If the write permission should be present, add 2. 4. If the execute permission should be present, add 1. Examine the permissions -rwxr-x---. For the user, rwx is calculated as 4+2+1=7. For the group, r-x is calculated as 4+0+1=5, and for other users, --- is represented with 0. Putting these three together, the numeric representation of those permissions is 750.
The system has four users assigned to the following groups: - User consultant1 is in groups consultant1 and database1 -User operator1 is in groups operator1 and database1 - User contractor1 is in groups contractor1 and contractor3 -User operator2 is in groups operator2 and contractor3 The current directory (.) contains four files with the following permissions information: drwxrwxr-x. operator1 database1 . -rw-rw-r--. consultant1 consultant1 lfile1 -rw-r--rw-. consultant1 database1 lfile2 -rw-rw-r--. operator1 database1 rfile1 -rw-r-----. operator1 database1 rfile2 Which file can be modified by the contractor1 user? A. lfile1 B. lfile2 C. rfile1 D. rfile2
B
The system has four users assigned to the following groups: - User consultant1 is in groups consultant1 and database1 -User operator1 is in groups operator1 and database1 - User contractor1 is in groups contractor1 and contractor3 -User operator2 is in groups operator2 and contractor3 The current directory (.) contains four files with the following permissions information: drwxrwxr-x. operator1 database1 . -rw-rw-r--. consultant1 consultant1 lfile1 -rw-r--rw-. consultant1 database1 lfile2 -rw-rw-r--. operator1 database1 rfile1 -rw-r-----. operator1 database1 rfile2 Which files can be deleted by the operator1 user? A. rfile1 B. rfile2 C. All of the above. D. None of the above.
C
The system has four users assigned to the following groups: - User consultant1 is in groups consultant1 and database1 -User operator1 is in groups operator1 and database1 - User contractor1 is in groups contractor1 and contractor3 -User operator2 is in groups operator2 and contractor3 The current directory (.) contains four files with the following permissions information: drwxrwxr-x. operator1 database1 . -rw-rw-r--. consultant1 consultant1 lfile1 -rw-r--rw-. consultant1 database1 lfile2 -rw-rw-r--. operator1 database1 rfile1 -rw-r-----. operator1 database1 rfile2 Which regular file is owned by operator1 and readable by all users? A. lfile1 B. lfile2 C. rfile1 D. rfile2
C
The system has four users assigned to the following groups: - User consultant1 is in groups consultant1 and database1 -User operator1 is in groups operator1 and database1 - User contractor1 is in groups contractor1 and contractor3 -User operator2 is in groups operator2 and contractor3 The current directory (.) contains four files with the following permissions information: drwxrwxr-x. operator1 database1 . -rw-rw-r--. consultant1 consultant1 lfile1 -rw-r--rw-. consultant1 database1 lfile2 -rw-rw-r--. operator1 database1 rfile1 -rw-r-----. operator1 database1 rfile2 Which files can be deleted by the operator2 user? A. lfile1 B. lfile2 C. All of the above. D. None of the above.
D
T or F: A file may NOT be removed by anyone who has ownership of, or write permission to, the directory in which the file resides, regardless of the ownership or permissions on the file itself.
F