Week 2 - Permissions Flashcards
What does ACL stand for? What is it?
Access Control Lists are comprised of Access Control Entries (ACE)
It controls the level of permission/file access given to each user
What does DACLs stand for? What is it?
DACLs are Discretionary Access Control Lists
They note who can use a file and what they can do with it
What does SACLs stand for? What does it ask Windows to do?
System Access Control Lists
It asks Windows to use an event log to keep track of the files and folders being accessed by each user
How do you navigate to the permissions window in windows?
Explorer > Home Directory > Right Click Desktop > Properties > Security
What’s the command to see which ACLs are assigned to a file/directory? w
icacls filepath
icacls /? for help
What does OI and CI DACLs stand for? What do they mean?
OI object inherit
CI container inherit
this means if I create a new object inside the location they’ll INHERIT the DACL
Each file and folder will have an ____and one or more ___?
Each file and folder will have an owner and one or more DACLs
If an object’s DACL has no ACE, what happens?
It denies all access attempts since there’s no access control entries for the DACL
How many permissions are available on windows and what are they?
- read (see file/directories)
- read and execute (read, execute)
- list folder contents (read, execute)
- write (write, change, create)
- modify (read, write, execute)
what are the permissions available on linux? 3
- read
- write
- execute
on Linux what’s the command to see file permissions?
ls -l ~/filename
For me it worked:
ls -l filename.txt
What does a dash in the file type (1st in front) permission search mean? Linux
it’s a regular file
How are the file permissions details broken up in Linux?
- file type in front
- 1st trio is the permission of the owner of the file
- 2nd trio is the permission of the group who owns the file
- 3rd trio is the permission of all other users
How do you see ACL assigned to a file/permissions? Windows
icacls
What’s the process to change a user’s permissions/access to a folder on windows? (Adding the user to change their permissions)
right click file/folder target > properties > security > edit file permissions > add > enter username of user want to add permission to > OK
then check the boxes of permissions for them
What happens when you deny a user that is in a group that has access?
the user is still denied if the group has access
When does icacls need single quotes and why?
icacls was designed for Command Prompt and its parameters with special characters (parenthesis) confuse PS
We surround icacl’s parameters with single quotes to tell it not to interpret certain parameters as code
What are guest users?
can use a computer without entering a password
What is an authenticated users group? windows
a group that doesn’t include guest users
How do you modify a file/folder permission in the CLI?
Windows
icacls ‘filepath’ /grant ‘Everyone:(OI)(CI)(R)’
permission parameters will vary
How do you only let non-guest users see a file or folder and any future modifications? w
icacls ‘filepath’ /grant ‘Authenticated Users: (OI)(CI)(R)’
How do you remove file permissions for a group? w
icacls ‘filepath’ /remove Everyone
What are the 3 file permission sets on Linux and their letter?
- owner (u)
- group (g)
- other users (o)
How do you modify file access permissions on Linux when adding executable permissions to the owner? (symbolic)
chmod u+x filename
How do you remove executable file permissions for a group on Linux?
chmod g-x filename
How do you add multiple permissions to a file for a group? Read and Exec Linux
Symbolically
chmod g+rx filename
How do you add multiple permission sets to be able to read to a file? linux
symbolic
chmod ugo+r filename
What is the numerical equivalent of RWX in Linux?
r = 4
w = 2
x = 1
How do you set numerical permissions for 3 permission sets for a file in Linux? What would the command look like for:
owner = rwx
group = r
other users = rw
chmod 746 filename
combination of adding up permissions: r,w,x = 4,2,1
Which is better when writing permissions for Linux user sets? Numerical or symbolic?
Numerical because it’s faster, simpler, and don’t have to repeat lines if there are different permissions for each permission group
ie
chmod u+rwx filename
chmod g+rw filename
chmod o+r filename
How do you change the owner of a file? Linux
sudo chown username filename
How do you change the group a sudo file belongs to? Linux
sudo chgrp groupname filename
What are simple permissions?
Simple permissions are a set of special or specific permissions
What does WD/AD/S mean in special permissions Windows?
WD = Write data/Create files
AD = Append data/Create folders
S = Synchronize
What’s the solution to not wanting to let users have modify access to a folder but want everyone to be able to create files?
use special permissions so they’re not able to delete files
What is a creator owner? What applies to them?
the special user/owner of the file the DACL applies to
To view special permissions for a file in the CLI
w
icacls filelocation
What does setuid do in linux?
the owner of the file gives us permission to run the file
To enable setuid in Linux, you can do it which two ways? What do those two ways look like?
To enable setuid, you can:
1) set it symbolically: sudo chmode u+s filename
2) set it numerically: sudo chmode 4547 filename
How do you allow a file to be run as a group member of that file? Numerically and Symbolically
Linux
sudo chmode 2251 filename
or
sudo chmode g+s filename
What number does setgid use?
2
What number does setuid use?
4
What does setgid do?
allows the file to be run as a member of a group
The issue: want to let a user be able to do something that requires root privileges but not give them the actual privileges. what do you do?
set up setuid special permission for the file so that anyone could acesss it as if they were the owner (root)
What is a sticky bit and what permissions does it have? L
a sticky bit locks down a file/folder in sticky place
anyone can write to a file/folder but they can’t delete anything (only owner and root user can)
How would you look at the permissions for the temp directory, and how to make it display just the directory not the contents?
Linux
ls -ld /tmp
What does the special bit t mean when looking at file/folder permissions?
Who can and who can’t?
t = means sticky bit, everyone can add and modify files in a directory but only root or the owner can delete the directory
What are the symbolic and numerical versions of the special permissions for a sticky bit?
symbolic - t
numeric - 1
How do you add a sticky bit permission? 2 ways
sudo chmod +t filename
sudo chmod 1774 filename
What would a ‘d’ in the first character signify?
directory
What type of user has access to, but limited control over a computer? W
standard
Which Windows tool can be used to manage group information?
Computer Management
Which PS command can be used to list the Users within local Groups on a computer?
Get-LocalGroupMember
On Linux, which file contains information about group memberships?
cat /etc/group
Why are user groups useful when it comes to permissions?
Allow you to change multiple user’s permissions at once
faster than doing it manually (like a computer used by many employees may have a usergroup called “Employees” that new hires are added to which automatically gives them the access they need without having to do it manually
What’s the easiest way to make a document public/accessible to everyone?
Windows
Add the desired permission (read) to the “Everyone” group
icacls filename /grant “Everyone:(r)”
