Linux Test 3
2. A group of system administrators were discussing file permissions and decided that setting a particular root-owned text file to read-only for everyone is a best practice. What do the permissions for this file look like?
Either 664 or rw-rw-r-- is correct.
6. A user complains that a script that she created and has full access to (rwxrwx---) is not executing for her. What is the problem with this script?
The execute bit was removed from the script by the ACL. It's possible that the script consumed too many resources and an administrator likely removed execute access to it.
4. As an administrator, you've created a shared directory and made the necessary permissions changes to allow a group of users access to that directory. You've also added users to the group. When a user (susan) who is a member of the group creates a file in the shared directory, what user and group permissions will the new file have?
The file's user and group ownership will both be susan.
3. Rose Stanley received an access denied message on a file. She used the ls -l command to discover what group had been granted access to the file. She believed she should be able to access the file. What suggestion would you make to address the issue?
Use the id command with Rose Stanley's account to ensure she is a member of the group specified by the file's permissions.
4. Jerry Robinson cannot use the cd command to navigate into a particular directory. He told the service desk that he used ls -l to see what group is associated with the file. He also confirmed that the group is listed as having read access to the directory. He then used the id command to confirm he is a member of that group. What suggestion would you make to address this issue?
Users also need the execute permission to change into a directory.
1. Rose Stanley opened a ticket indicating that she is denied the ability to delete a directory. She confirmed with the service desk that she has write permission to the directory. What suggestion would you make to address the issue?
Users also need the execute permission to remove a directory.
7. Bob opens a ticket stating that he receives a permission denied error when trying to cd into /opt/Finance. Bob is a member of the FinanceDept group. What is the problem with Bob's access?
While Bob is part of the FinanceDept group and can access all other FinanceDept group assets, he cannot use /opt/Finance because he doesn't have access via ACLs to that directory.
3. What command is equivalent to issuing chown :mygrp file1?
chgrp mygrp file1 —Both commands change the file's group to mygrp without changing the owner.
4. A user changed the permissions of a script (myscript.sh) in a shared directory. The user is curious why everyone can execute the script if the user owns the script and everyone else only has read access. To make the script executable, what command did the user mistakenly issue?
chmod +x myscript.sh —The permissions changed to rwxrwxr-x or 775, which gives everyone execute permission. To limit execute permission to the user and group only, the command should have been: chmod ug+x myscript.sh
5. Your team lead is tired of receiving help desk tickets to restore deleted files from a directory that contains hundreds of files and subdirectories. She decides to have you fix the problem by making all of the files read-only. How do you change all the files to read-only without having to traverse each directory?
chmod -R 644 * —This command changes all files in the current directory to 644 recursively.
3. A user cannot execute a script (collect.sh) she created and has sent you the contents of the script via email to inspect. After looking at the script, you determine the script is correctly written but permissions are the problem. What command can you issue to adjust the file's permissions as necessary?
chmod u+x collect .sh
1. Multiple users have complained about file access in a shared directory, but you've checked your daily backup reports and there are no corrupt files. Which command can you issue in the directory in question to investigate the problem further?
ls -l —This command displays the permissions of all files in the directory to help you sort out the problem. It's likely that the directory's group permissions are incorrectly set.
3. Ruth has searched for a solution to her problem: A few of her training documents keep getting changed or removed by system administrators removing files that haven't been accessed in excess of 180 days. She has found that a file can be made immutable, but she cannot make her own files immutable and needs your assistance. How can you make the files /home/ruth/training1_doc.txt and / home/ruth/training2_doc.txt immutable?
sudo chattr +i /home/ruth/training*_doc.txt
2. Gina wants to share some marketing files with two other members of her team but doesn't want them to access those files in her home directory. She also wants the directory and its files to only be available to the Marketing group. What steps can you take as an administrator to accomplish this request?
1) You need to create a new group (mkt): sudo groupadd mkt 2) Add users to the group: sudo usermod -aG mkt gina linda mark 3) Create the shared directory: sudo mkdir /opt/marketing 4) Change group ownership to mkt: sudo chgrp mkt /opt/marketing 5) Change permissions so that the Marketing group has full control of the directory and its contents and remove everyone else: sudo chmod 770 /opt/marketing
5. A group with a shared directory set up by another administrator is having several problems with permissions in that directory. You've been asked to investigate. Which commands can you use to check existing permissions to help assess the current setup?
1) ls -al 2) getfacl 3) lsattr —These commands will give you a good perspective on permissions, ACLs, and any attributes that have been set on the shared directory and files.
8. The application development team created a new web app and requested that you set up a web server-accessible directory and a service account for the application. After setting up everything for the team, they opened a ticket claiming that the application cannot write logs to the log directory. What is the issue, and how can you correct it?
As the root user, directories that you create are owned by root. You have to explicitly edit permissions to those directories. Change user and group ownership to the service account for any directory that the service needs to write to. The service account should have read and execute access to all other directories that it accesses. After creating a directory and subdirectories and copying files, it's generally a good practice to issue the following command: chown -R webapp:webapp /www/webapp —You can make permissions adjustments on individual directories and files as needed.
5. What must a user do in a shared directory to ensure that each group member has full read and write access to files they create?
Change the group ownership to the group: chgrp accounting salaries.txt — The user doesn't have to be root or use sudo to change group ownership because the file creator is the file's user and group owner, and therefore may change its permissions at will.
2. Jerry Robinson received an access denied message on a file. He told the service desk that the user permissions indicate the owner has read access. What suggestion would you make to address the issue?
Check to see if Jerry Robinson's account is the owner of the file, and if not, make him the owner if he should be.
5. You created a shared directory for the Marketing planners, Linda and Mark, named /opt/MPlans. Their group, mplan, has exclusive access to this directory. No other user can access the directory or its contents. Linda decides that Gina needs read-only access to a single file, history.txt, inside the /opt/MPlans directory. Is this kind of restrictive access possible? If so, how can you grant it to Gina?
Yes, it is possible through ACLs. First, grant Gina read and execute access to the directory: setfacl -m u:gina:rx /opt/MPlans and then, set read access to the history.txt file inside the MPlans directory: setfacl -m u:gina:r /opt/ MPlans/history.txt —You can check your work by executing getfacl on the directory and its contents.
4. A user, John, opened a ticket complaining that he has files in his home directory that he cannot remove, although they are his files and he is the user and group owner. He requests that you remove the files / home/john/billing1.txt, billing2.txt, and summary.txt. However, when you attempt to remove the files, you receive an error that you cannot remove the files as the root user. What is a possible resolution for John?
You can issue the lsattr command to see if immutable flag has been set on those files. If it has, you can resolve the problem by removing the immutable flag and then removing the files: 1) sudo chattr -i /home/john/ billing1.txt2)sudo chattr -i /home/john/ billing2.txt3)sudo chattr -i /home/john/ summary.txt4)sudo rm /home/john/billing1.txt5) sudo rm /home/john/billing2.txt6)sudo rm /home/ john/summary.txt
2. Gina, a member of the Marketing group, has decided that she wants her files protected so that only she can delete them, although other Marketing group members need to be able to work on and edit the files. What can she do to fix the problem of others deleting her files?
You can show Gina the following command to set the sticky bit on her files: chmod +t filename.txt —This command also works on directories.
1. A user (Bob Smith—username: bsmith) calls you to request that you restore a group of files he accidentally deleted from his home directory. You copy the files for him but he later complains that he can no longer edit the files. What do you need to do so that he can edit his files?
You need to change ownership of the files to him. Change user and group ownership recursively so that Bob owns all files and directories. For example: sudo chown -R bsmith:bsmith *
1. The Marketing manager contacts you stating that the shared directory you set up for the Marketing group works, but not exactly like they'd planned. When one of the group members creates a file in the directory, the file takes on the user's user and group permissions. For example, when Linda creates a new file, the permissions are -rw- rw-r-- linda linda. The manager wants the files to all retain the mkt group permission, if possible, rather than having the users change the group themselves. What action can you take to fulfill this request?
sudo chmod -R g+s /opt/marketing —By setting the SGID on the directory, every file created by anyone in the mkt group will have the mkt group ownership.
9. The Graphics department requests that everyone in the company have access to company logo art to insert into emails, letterheads, and other documents. They do not want anyone outside of their group, however, to have any other access. A few days after requesting the change, other users still cannot access the files. You check permissions on the shared directory to find that the permissions are as follows: drwxrwx--- graphics GraphicsDept 4096 Dec 1 09:42 logos —What command can you issue to fix the problem?
sudo chmod o+r logos
