Welcome to Chapter 7 of my RH124 course blog! In this chapter, I'll be sharing my hands-on experience with controlling access to files in Linux. I'll walk you through how I tackled each lab task, from listing file system permissions to interpreting their effects on user and group access. I'll also share my command-line tools for changing permissions and ownership, as well as my insights on special permissions and setting default permissions for user-created files. Join me as I share my journey and problem-solving approach in mastering file access control in Linux.

Question 1: Log in to serverb as the student user. Run the sudo -i command at the shell prompt to become the root user. Use student as the student user password.

Solution:

To solve this task, I used the ssh student@serverb command to log in to serverb as the student user. Once logged in, I then ran the sudo -i command at the shell prompt to switch to the root user, which prompted me to enter the student user password for authentication. This allowed me to gain root access and perform administrative tasks on the server. It's important to always use sudo carefully and with proper authorization to ensure system security.

Question 2: Create a /home/techdocs directory.

Solution:

To create the /home/techdocs directory, I used the mkdir /home/techdocs command. The mkdir command is used to create a directory in Linux. Alternatively, I could also use the mkdir -p /home/techdocs command, where the -p option would ensure that the entire directory path is created if it does not exist. This would allow me to create the /home/techdocs directory and any necessary parent directories in a single command, making it more efficient and convenient.

Question 3: Change the group ownership of the /home/techdocs directory to the techdocs group.

Solution:

To change the group ownership of the /home/techdocs directory to the techdocs group, I used the 'chown :techdocs /home/techdocs command. The chown command is used to change ownership in Linux, and the : before the group name specifies that I want to change the group ownership. This allowed me to set the techdocs group as the new group owner for the /home/techdocs directory, ensuring that users in the techdocs group have appropriate access and permissions.

Question 4: Verify that users in the techdocs group cannot create files in the /home/techdocs directory.

Solution:

To verify this, I switched to another user, tech1, who is a member of the techdocs group, and attempted to create a file using the touch command. However, I received an error message indicating that I did not have permission to create the file. Alternatively, I could also use the ls -ld /home/techdocs command to obtain a long listing of the directory, which would show the group permissions. By observing that the techdocs group does not have write permission, I can confirm that users in the techdocs group cannot create files in the /home/techdocs directory.

Question 5: Set permissions on the /home/techdocs directory. On the /home/techdocs directory, configure setgid (2); read, write, and execute permissions (7) for the owner/user and group; and no permissions (0) for other users.

Solution:

To set the permissions as specified, I used the chmod command with the octal method: chmod 2770 /home/techdocs. The 2 at the beginning is used to configure setgid, which sets the group ownership of newly created files to the same group as the directory. The first 7 sets read, write, and execute permissions for the owner/user, the second '7 sets the same permissions for the group, and the 0 sets no permissions for other users who are not the owner or members of the group. This ensures that only the owner/user and the group have full access to the directory, while others have no access.

Question 6:

1. Verify that the permissions are set properly.
2. The techdocs group now has write permission.

Solution:

To verify the permissions, I used the ls -ld /home/techdocs command to do a long listing of the techdocs directory. This provided information about the permissions of the directory. Upon inspection, I confirmed that the owner/user and the owning group have full permissions (read, write, and execute), while others have no permissions (0). This is in accordance with the set permissions specified in the previous task. As a result, the techdocs group now has write permission, allowing members of the group to create, modify, and delete files within the directory.

Question 7: Confirm that users in the techdocs group can now create and edit files in the /home/techdocs directory. Users that are not in the techdocs group cannot edit or create files in the /home/techdocs directory. The tech1 and tech2 users are in the techdocs group. The database1 user is not in that group.

Solution:

To confirm the permissions, I used the su - command followed by the usernames tech1, tech2, and database1 to switch to each of these user accounts. Then, I tried to create a file in the /home/techdocs directory using the touch command. I observed that tech1 and tech2, who are members of the techdocs group, were able to create and edit files in the directory without any issues. However, database1, who is not a member of the techdocs group, received an error message indicating that they do not have permission to create or edit files in the directory. This confirms that users in the techdocs group can now create and edit files in the /home/techdocs directory, while users not in the group do not have such permissions.

Question 8: Modify the /etc/login.defs file to adjust the default umask for login shells. Normal users should have a umask setting that allows the user and group to create, write and execute files and directories, while preventing other users from viewing, modifying, or executing new files and directories.

Solution:

To modify the /etc/login.defs file to adjust the default umask for login shells, follow these steps:

1. Determine the umask of the student user by logging in as the student user and running the umask command. Note down the current umask value, which in this case is 022.
2. Switch to the student login shell using the ssh student@serverb command, providing the student user's password when prompted.
3. Once inside the student login shell, edit the /etc/login.defs file using a text editor of your choice, such as nano or vim. I use vim.
4. Search the file for the umask definition. It may be listed as UMASK or USERGROUPS_ENAB. Update the umask value with the appropriate value, in this case 007, which allows the user and group to create, write, and execute files and directories, while preventing others from viewing, modifying, or executing new files and directories.
5. Save and exit the file.
6. Exit from the student login shell using the exit command.
7. As the student user, verify that the global umask has changed to 007 by running the umask command again. The output should now show the updated umask value.

Note: Modifying system files, such as /etc/login.defs, requires administrative privileges. Make sure to have appropriate permissions or use sudo or root access to edit the file.

Conclusion

I have covered various tasks related to file permissions and ownership in this chapter. I learned how to create directories, change ownership and group, set permissions using the octal method, and modify default umask settings. By implementing these tasks, I have successfully configured permissions to allow or restrict access to files and directories based on ownership and group membership. It is important to understand and implement proper file permissions and ownership in order to maintain security and control access to sensitive data. Regularly reviewing and updating file permissions is essential to ensure that only authorized users have appropriate access levels. I hope you found this chapter informative and useful. Feel free to engage with me if you have any questions or need further clarification.