Chapter 7 - Permission Management

Question 1

Who are the different owners for a file or directory?

Answer 1

user
group
others

Question 2

Who owns the file in terms of user, group owner when a new file is created?

Answer 2

Owners are set when a file or directory is created. On creation, the user who creates the file becomes the user owner, and the primary group of that user becomes the group owner

Question 3

Which command can be used to check the current ownership permissions?

Answer 3

ls -l

Question 4

Which command can be used to get a list of all files on the system that have a given user or group as the owner?

Answer 4

fine command with -user option

Example : find / -user linda

Question 5

Which command is used to change a user and group ownership

Answer 5

chown - can be used to change both user and group ownership of a file
chgrp - can be used to change the group ownership

Question 6

what is the syntax of chown command?

Answer 6

chown who what
example - chown linda account
changes the user ownership of the file account to linder user

Question 7

Which option with chown, allows you to set ownership recursively, which allows you to set ownership
of the current directory and everything below

Answer 7

chown -R

Question 8

when you change group ownership of a file or directory how to use chown command?

Answer 8

chown .account /home/account

so we use a . or : in front of the group name to identify that or indicate that itis a group.

Question 9

What are the all possible ways to use chown command to change the user and group ownerships

Answer 9

chown lisa myfile
chown lisa.sales myfile
chown lisa:sales myfile
chown .sales myfile
chown :sales myfile

Question 10

How to use chgrp command to change the group ownership?

Answer 10

following example, where you can use chgrp to set group ownership for the directory /home/account to the group account:
chgrp account /home/account

Question 11

If the user is a member of more groups, how to change the effective primary group

Answer 11

groups command to view the active primary group membership of a user
newgrp command to change the effective primary group of a user

Question 12

Which command to use to apply permissions?

Answer 12

chmod

Question 13

What permission needed on a directory if you wanted to do anything inside of the directory?

Answer 13

execute

Question 14

What are the numeric representation of the permissions?

Answer 14

Read 4
Write 2
Execute 1

Question 15

Give an example of how the permissions can be modified relative to the current permissions?

Answer 15

chmod g+w,o-r somefile

Question 16

What are the advanced file/directory permissions?

Answer 16

Set User ID (SUID)
Set Group ID (SGID)
sticky bit

Question 17

What is the set group id (SGID) permission?

Answer 17

This permission has two effects. If applied on an executable file, it gives the user who executes the file the permissions of the group owner of that file.
When applied to a directory, SGID may be useful, because you can use it to set default group ownership on files and subdirectories created in that directory.

Question 18

What is a sticky bit permission?

Answer 18

This permission is useful to protect files against accidental deletion in an environment where multiple users have write permissions in the same directory.
When you apply sticky bit, a user can delete files only if either of the following
is true:
1. The user is owner of the file.
2. The user is owner of the directory where the file exists.

Question 19

What is a sticky bit permission?

Answer 19

This permission is useful to protect files against accidental deletion in an environment where multiple users have write permissions in the same directory.
When you apply sticky bit, a user can delete files only if either of the following
is true:
1. The user is owner of the file.
2. The user is owner of the directory where the file exists.

Question 20

What are the numerical representation of advanced permissions suid, sgid and sticky bit?

Answer 20

SUID - 4, SGID - 2, and sticky bit - 1

Question 21

Give an example for setting SGID permission to a directory, and set rwx for user and rx for group and others

Answer 21

chmod 2755 /somedir

Question 22

How to apply any of the special permissions with relative mode?

Answer 22

1. For SUID, use chmod u+s.
2. For SGID, use chmod g+s.
3. For sticky bit, use chmod +t
   followed by the name of the file or the directory
   that you want to set the permissions on

Question 23

What is disadv. of normal file permissions to ACLs?

Answer 23

File permissions does not allow you to give permissions to more than one user or one group on the same file.

Question 24

Which is the command used to create a backup of ACL and give an example?

Answer 24

getfacl command

Example : getfacl -R /directory > file.acls

Question 25

Which is the command to restore ACLs using the backup of ACLs?

Answer 25

setfacl command

Example : setfacl –restore=file.acls

Question 26

Does the output of ls -l show the ACLs applied to a file or directory?

Answer 26

No, it just shows a + after the listing of the permissions, which indicates that ACLs apply to the file or directory..

Question 27

Which command to use to see the current ACLs applied to a file or directory?

Answer 27

getfacl /dir

Question 28

What is the command to add an ACL to give read and execute permissions to the group sales owning the /dir?

Answer 28

setfacl -m g:sales:rx /dir

-m indicates we are modifying current ACL settings

Question 29

Which command to use to give permissions to user linda on the /data directory without making her the owner and without changing the current owner assignment.

Answer 29

setfacl -m u:linda:rwx /data

Question 30

What are the benefits of using default ACLs?

Answer 30

By setting a default ACL, you determine the permissions that will be set for all new items that are created in the directory.
Be aware, though, that a default ACL does not change the permissions for existing files and subdirectories. To change those as well you need to add a normal ACL besides a default ACL

Question 31

Which option is used with setfacl command to set it is a a default ACL?

Answer 31

d option. Example:

setfacl -m d:g:sales:rx /data

Question 32

How to use setfacl command If you want others not to get permissions on anything that is created
in /data?

Answer 32

setfacl -m d:o::- /data

Question 33

Which shell setting is used to determine the default file permissions?

Answer 33

umask
Example - The default umask setting of 022 gives 644 for all new files and 755 for all new directories that are created on your server.

Start with the default permissions for a file set to 666 and subtract the umask to get the effective permissions. For a directory, start with its default permissions that are set to 777 and subtract the umask to get the effective permissions.

Question 34

How the umask command works in determining the file permissions?

Answer 34

An easy way to see how the umask setting works is as follows: Start with the default permissions for a file set to 666 and subtract the umask to get the effective permissions. For a directory, start with its default permissions that are set to 777 and subtract the umask to get the effective permissions.
Example - The default umask setting of 022 gives 644 for all new files and 755 for all new directories that are created on your server.

Question 35

which command is used for user extended attributes?

Answer 35

If you want to apply attributes, you can use the chattr command. For example, use chattr +s somefile to apply the attributes to somefile. Need to remove the attribute
again? Then use chattr -s somefile and it will be removed. To get an overview of
all attributes that are currently applied, use the lsattr command.