Access
Control Lists (ACL) :
Access
control lists are the advanced file permissions. By using the ACL we
can assign the user to access or deny accessing a file or a
directory.
For
this at first we should modify the 'fstab' entry for '/' filesystem
as follows.
#
vi /etc/fstab
LABEL=/ / ext3 defaults,acl 1 1
:x
(save and exit)
We
should remount the '/' filesystem to take effect.
#
mount -o remount,rw /
Create
a file and a directory and set permissions as of your choice.
To
display the permissions as of your choice.
#
getfacl /root/test/acltest.txt
To
set read and execute permissions on the file.
#
setfacl -m u:<username>:r-x /root/test/acltest.txt
To
remove the ACL on the file.
#
setfacl -x u:<username> /root/test/acltest.txt
User
Administration & ACL Practice:
Questions
1 | USER'S GROUPS AND PERMISSION:
Create
a group named "sysadmin" .A user sarah and natasha should
belongs to "manager" group as a secondary group . A user
steve should not have access to interactive shell and he should not
be a member of "manager" group. passwd for all user created
should be "password".
Answers
|
#
groupadd sysadmin
#
groupadd manager
#
useradd -g manager sarah
#
useradd -g manager natasha
#
useradd -s /sbin/nologin steve
#
echo password | passwd --stdin sarah
#
echo password | passwd --stdin natasha
#
echo password | passwd --stdin steve
Questions
2 | Implement Access Control List
Implement
acl feature on /var filesystem
copy
/etc/fstab to /var/tmp/fstab
Owner
and group owner of the file created should be retained by root user
Others
should have read permission on the file
harry
should have neither read nor write access to the file
simon
should should have read and write access to the file
user
dax & natasha should not have any access.
Answers
|
#
copy -prv /etc/fstab /var/tmp/fstab
#
chown root.root /var/tmp/fstab
#
chmod 775 /var/tmp/fstab
#
setfacl -m u:harry:--x /var/tmp/fstab
#
setfacl -m u:simon:rw- /var/tmp/fstab
#
setfacl -m u:dax:--- /var/tmp/fstab
#
setfacl -m u:natasha:--- /var/tmp/fstab
Questions
3 | Create users, groups and group members:
To
set up different departments in your company setup the following user
accounts:
A.
Add users joshua, dax, alex, bryan, steve and joy to your system with
their
respective passwords as "password".
respective passwords as "password".
B.
Add the user alex and bryan to the sales group with gid 10000 and
steve and joy to hr group with gid 10001and joshua and dax to the web
group with gid 10002.
C.
Each group should get their respective directory as sales, hr and web
under the /data directory such that files created under these
directories will be owned by the respective group created by their
group members and will prevent to corrupt each other files.
Group GID Directory Users
sales 10000 /data/sales alex,bryan
hr 10001 /data/hr steve,joy
web 10002 /data/web joshua,dax
Answers
|
#
groupadd -g 10000 sales
#
groupadd -g 10001 hr
#
groupadd -g 10002 web
#
mkdir -p /data/sales
#
mkdir -p /data/hr
#
mkdir -p /data/web
#
chmod 1755 /data
#
chgrp sales /data/sales
#
chgrp hr /data/hr
#
chgrp web /data/web
#
useradd -g sales -d /data/sales alex
#
useradd -g sales -d /data/sales bryan
#
useradd -g hr -d /data/hr steve
#
useradd -g hr -d /data/hr joy
#
useradd -g web -d /data/web joshua
#
useradd -g web -d /data/web dax
Questions
4 | DIRECTORY COLLABORATION:
Create
the Directory "/home/manager" with the following
characteristics. Group ownership of "/home/manager" should
go to "manager" group. The directory should be have full
permission for all members off "manager" group but not to
any other users accept "root". Files created under
"/home/manager" should get the same group ownership is set
to the "manager"
Answers
|
#
groupadd manager
#
mkdir /home/manager
#
chgrp manager /home/manager
#
chmod 770 /home.manager
#
setfacl -m u:root:rwx /home/manager
#
setfacl -m g:manager:rwx /manager
No comments :
Post a Comment