File Permission Assignment - Hsanokklis/2023-2024-Tech-journal GitHub Wiki

Lab Goals and Objectives

Create a new user called Fred and two new groups called Marketing and Management

Bob and Fred should be in the Marketing Group

Alice should be in the Management Group

Create directories /marketing and /management

---

Helpful Commands

adduser

• adds a user

passwd

• changes password for a user

ls -ld

• lets you see the permissions for a directory

ls -l

• lets you see all the files and their permissions within a directory

groupadd

• adds a new group

usermod -aG marketing bob/fred

• adds a user to a group

chgrp

• allows you to change the group

chown

• allows you to change the ownership of the file

chmod (ugo)(-+)(rwx) file

• allows you to change permissions of a file

• ugo - user, group, other

• -+ adding or taking away permissions

• rwx - read, write, execute

---

Procedure

SSH to DHCP on wks01

Add Bob, Alice and Fred as users

• use command adduser

Give Bob a password

• used command passwd bob

password is hello

• ls /home to view all the users

• ls -ld

the -ld command lets you see the permissions for a directory. Doing this command in the "alice" directory lets you see the permissions for that directory

The first alice is the owner of the file, the second alice is the group the file is in

Here are the file permissions:

• the first letter indicates the type of file in this case it is a directory because it is a d

• The next 3 letters are the permissions for the owner of the file (which are read, write and execute)

• the next 3 spaces indicate the permissions for the group

when a user is created, a new group is created and the user is then assigned to that group

• the last 3 spaces indicate the permissions for "other"

ie people who are not in the group and not an owner of the file. This is what causes a lot of problems in the Cyber world because people don't set their other permissions correctly and people can easily gain access to things that should not be able to

Example:

Everyone needs to be able to read the /etc/passwd file. It is used to keep track of all the registered accounts that are on a system. Root is the owner of the /etc/passwd file.

• root can read and write to the file (-rw-)

• the root group can read the file (r--)

• Everyone else can read the file (r--)

a really good link used to understand the permissions https://www.pluralsight.com/blog/it-ops/linux-file-permissions#:~:text=Change%20Linux%20file%20permissions%20with,also%20presents%20potential%20security%20risks.

make your groups and add your users!

Make a new group called Marketing and add Fred and Bob

• groupadd marketing

add bob and fred to the marketing group

• usermod -aG marketing bob/fred

• -a --> append

• G --> group

Make a new group called management and add alice

• groupadd management

add alice to the management group

• usermod -aG management alice

Make your directories

Create directory /marketing

Create directory /management

• check the directories were made (in the root) with ls -l /

Become alice!

TROUBLESHOOTING: I was not able to see alice's home directory when I switched her user. I noticed that when I switched it would put me in the root directory rather then the ~ (home) directory. I fixed this by typing the command cd ~ and that put me in the correct directory.

Create an alice.txt file within the alice directory

Switch the user to bob and see if he can access the alice file

Bob does not have permissions to view the file within the directory!

Check out the permissions in the Marketing group

Make a file in accounting and then to see if alice has access to the file

she does indeed have access to the file. The goal is to lock her and only allow fred and bob access to the file. Alice has permission to read and execute the file, but not to write the file

change ownership of the marketing directory so only fred and bob can do things within it

we want to change it so that the group is marketing and not root

*Use chgrp to change the group

_The way to read the command is that you want to apply the marketing group to the marketing directory

• check to make sure that the group has changed to marketing (the owner should still be root)

**See if alice is able to write a file

if everything has gone well she should not be able to write the file

Change the permissions so that the group is able to write in the marketing

fred is in the marketing group so he was able to write a file to the directory

LOL I made the /marketing directory be rwx for all permissions and now alice can cause chaos if she so pleaes

Oh no Alice had persmission to read the file in the marketing directory!(kill her)

• take away all other used permissions with chmod o-rwx /marketing

permission is now deined for alice to see the fredfile.txt!

if you want to know what you groups you are in you can do the command id and it will show you

Solve the Issues!

Only the marketing group should have access to a file you create called /marketing/newproducts.txt

alice does not have permission to view the file in marketing because she is not in the group

bob can see the file because he is in the marketing group

fred can see the marketing group

I updated the permissions so that the marketing group can read, write and execute the file, and other users have no permissions at all.

Bob and Fred should be able to see newproducts.txt, but only Fred should be able to modify the file

Fred is now the owner of the file, which means I can set his permissions to be different then Bob but he is still in the same group

I was able to modify the newproducts.txt file with Fred!

Alice is the manager. The new file /management/bobreview.txt should only be accessible to Alice and the management group.

the group has been changed to management

The read, write and execute settings have been set for the owner and group and other users are not allowed to access the folder.

Deliverable 1

ls -ld /marketing

ls -l /marketing

ls -ld /management

ls -l /management