SYS‐255 Linux File Permissions - aljimenez28/champlain GitHub Wiki

Objective

Gain hands-on experience creating Linux users, groups, and directories, then applying file and directory permissions to control access.

Key Notes

• ls -ld /accounting/ displays the long listing of the directory itself, showing owner, group, and their permissions.
• >> is the append operator, which adds text to the end of a file without overwriting existing content.

Steps Performed

1. Elevate to root

   sudo -i
   
   
   

Opens a root shell for administrative commands.

2. Create users

   useradd bob
   passwd bob
   useradd alice
   useradd charlie
   

   Adds three new users and sets a password for Bob.

3. Inspect home directories and user database

   ls /home
   ls -ld /home
   ls -ld /home/alice
   ls -l /etc/passwd
   

   Lists user home directories and checks /etc/passwd to confirm user creation.

4. Add users to the accounting group

   usermod -aG accounting alice
   usermod -aG accounting bob
   

   Appends Alice and Bob to the accounting group without removing existing group memberships.

5. Create the accounting directory

   mkdir /accounting
   

   Makes the shared directory that will hold accounting files.

6. Switch to Alice to create a test file

   su - alice
   echo alice > alice.txt
   cat alice.txt
   ls -l
   

   Logs in as Alice, creates a file, displays its contents, and lists details.

7. Verify directory ownership and group settings

   ls -ld /accounting/
   

   Shows current permissions for /accounting.

8. Change group ownership of the directory

   chgrp accounting /accounting
   

   Assigns the accounting group to the directory so group members can manage it.

9. Create a file inside accounting

   echo "alice file" > /accounting/alicefile.txt
   

   Creates a file owned by Alice inside the shared directory.

10. Secure the directory

    chmod o-rwx /accounting/
    

    Removes all permissions for others, restricting access to only the owner and accounting group.

11. Confirm current user and groups

    id
    

    Displays user identity and group memberships for verification.

Summary

This lab demonstrated how to:

• Create and manage users and groups.
• Control directory and file access using chgrp and chmod.
• Verify permissions with ls -l and id. By carefully setting group ownership and restricting “others,” only the intended team members can read or modify sensitive files.