Chapter 7 - Permission Management Flashcards
Who are the different owners for a file or directory?
user
group
others
Who owns the file in terms of user, group owner when a new file is created?
Owners are set when a file or directory is created. On creation, the user who creates the file becomes the user owner, and the primary group of that user becomes the group owner
Which command can be used to check the current ownership permissions?
ls -l
Which command can be used to get a list of all files on the system that have a given user or group as the owner?
fine command with -user option
Example : find / -user linda
Which command is used to change a user and group ownership
chown - can be used to change both user and group ownership of a file
chgrp - can be used to change the group ownership
what is the syntax of chown command?
chown who what
example - chown linda account
changes the user ownership of the file account to linder user
Which option with chown, allows you to set ownership recursively, which allows you to set ownership
of the current directory and everything below
chown -R
when you change group ownership of a file or directory how to use chown command?
chown .account /home/account
so we use a . or : in front of the group name to identify that or indicate that itis a group.
What are the all possible ways to use chown command to change the user and group ownerships
chown lisa myfile chown lisa.sales myfile chown lisa:sales myfile chown .sales myfile chown :sales myfile
How to use chgrp command to change the group ownership?
following example, where you can use chgrp to set group ownership for the directory /home/account to the group account:
chgrp account /home/account
If the user is a member of more groups, how to change the effective primary group
groups command to view the active primary group membership of a user
newgrp command to change the effective primary group of a user
Which command to use to apply permissions?
chmod
What permission needed on a directory if you wanted to do anything inside of the directory?
execute
What are the numeric representation of the permissions?
Read 4
Write 2
Execute 1
Give an example of how the permissions can be modified relative to the current permissions?
chmod g+w,o-r somefile
What are the advanced file/directory permissions?
Set User ID (SUID)
Set Group ID (SGID)
sticky bit
What is the set group id (SGID) permission?
This permission has two effects. If applied on an executable file, it gives the user who executes the file the permissions of the group owner of that file.
When applied to a directory, SGID may be useful, because you can use it to set default group ownership on files and subdirectories created in that directory.
What is a sticky bit permission?
This permission is useful to protect files against accidental deletion in an environment where multiple users have write permissions in the same directory.
When you apply sticky bit, a user can delete files only if either of the following
is true:
1. The user is owner of the file.
2. The user is owner of the directory where the file exists.
What is a sticky bit permission?
This permission is useful to protect files against accidental deletion in an environment where multiple users have write permissions in the same directory.
When you apply sticky bit, a user can delete files only if either of the following
is true:
1. The user is owner of the file.
2. The user is owner of the directory where the file exists.
What are the numerical representation of advanced permissions suid, sgid and sticky bit?
SUID - 4, SGID - 2, and sticky bit - 1
Give an example for setting SGID permission to a directory, and set rwx for user and rx for group and others
chmod 2755 /somedir
How to apply any of the special permissions with relative mode?
- For SUID, use chmod u+s.
- For SGID, use chmod g+s.
- For sticky bit, use chmod +t
followed by the name of the file or the directory
that you want to set the permissions on
What is disadv. of normal file permissions to ACLs?
File permissions does not allow you to give permissions to more than one user or one group on the same file.
Which is the command used to create a backup of ACL and give an example?
getfacl command
Example : getfacl -R /directory > file.acls
Which is the command to restore ACLs using the backup of ACLs?
setfacl command
Example : setfacl –restore=file.acls
Does the output of ls -l show the ACLs applied to a file or directory?
No, it just shows a + after the listing of the permissions, which indicates that ACLs apply to the file or directory..
Which command to use to see the current ACLs applied to a file or directory?
getfacl /dir
What is the command to add an ACL to give read and execute permissions to the group sales owning the /dir?
setfacl -m g:sales:rx /dir
-m indicates we are modifying current ACL settings
Which command to use to give permissions to user linda on the /data directory without making her the owner and without changing the current owner assignment.
setfacl -m u:linda:rwx /data
What are the benefits of using default ACLs?
By setting a default ACL, you determine the permissions that will be set for all new items that are created in the directory.
Be aware, though, that a default ACL does not change the permissions for existing files and subdirectories. To change those as well you need to add a normal ACL besides a default ACL
Which option is used with setfacl command to set it is a a default ACL?
d option. Example:
setfacl -m d:g:sales:rx /data
How to use setfacl command If you want others not to get permissions on anything that is created
in /data?
setfacl -m d:o::- /data
Which shell setting is used to determine the default file permissions?
umask
Example - The default umask setting of 022 gives 644 for all new files and 755 for all new directories that are created on your server.
Start with the default permissions for a file set to 666 and subtract the umask to get the effective permissions. For a directory, start with its default permissions that are set to 777 and subtract the umask to get the effective permissions.
How the umask command works in determining the file permissions?
An easy way to see how the umask setting works is as follows: Start with the default permissions for a file set to 666 and subtract the umask to get the effective permissions. For a directory, start with its default permissions that are set to 777 and subtract the umask to get the effective permissions.
Example - The default umask setting of 022 gives 644 for all new files and 755 for all new directories that are created on your server.
which command is used for user extended attributes?
If you want to apply attributes, you can use the chattr command. For example, use chattr +s somefile to apply the attributes to somefile. Need to remove the attribute
again? Then use chattr -s somefile and it will be removed. To get an overview of
all attributes that are currently applied, use the lsattr command.
