Working with files and dirs

Question 1

Set GID

Answer 1

mkdir -p /dir1/{finance,it}

chmod g+s /dir/it

Question 2

getfacl

Supports only in xfs, ext4

Answer 2

getfacl /dir1

Question 3

setfacl to user and group

Answer 3

setfacl -m u:it_user:rx /dir1

setfacl -m g:it:rx /dir1

Question 4

Change max level of permissions assigned to mask in facl

Answer 4

setfacl -m m::rwx /dir1

setfacl -m m::- /dir1 -remove all privileges and set mask to —

Question 5

Set default facl for user it_user

Remove default permissions

Answer 5

1. setfacl -d -m u:it_user:rw /dir1
so all files and dirs inside dir1 will have default privileges 
2. setfacl -m u:it_user:rwx /dir1
3. cd dir1
4. touch file1
5. getfacl file1=>
it_user will get default facl ie
rw-

setfacl -x /dir1 -remove default permissions

Question 6

Remove facl permissions

Remove facl default permissions

Answer 6

setfacl -x u:it_user /dir1

setfacl -x d:u:it_user /dir1

Question 7

Set facl to multiple users or groups

Answer 7

setfacl -m g:finance:rwX,u:it_user:rw /dir1

Question 8

Copy facl from one file to another

Answer 8

getfacl file1 | setfacl –get-file=- file2

so –get-file=- (minus in this case means output from getfacl file1)

Question 9

Allow group to traverse through dirs inside, but do not apply execute permissions to files inside the /dir1

Answer 9

chmod -R g+rwX /dir1

Question 10

Which FSs support ACL

Answer 10

xfs, ext4

Question 11

What mask sets on ACL

Answer 11

Sets max permission level even if DAC does not match and have less permission access

Question 12

Change mask on ACL

Answer 12

permissions before: 777, mask=rwx
1. chmod 444 file1 => mask=r--
even ACL for a user=Bob is still = rwx
2. setfacl -m m::r file1 => mask=r--
even ACL for a user=Bob is still = rwx
Therefore, Bob will be able to read from file, but will not be able to write to or execute file1

Question 13

Set mask=none on ACL

Answer 13

sefacl -m m::- file1
but when running later:
setfacl -m g:finance:rw file1
mask will change to mask=rw-

Question 14

Set default ACL

Answer 14

ls -la => dir1 drwxr-xr-x
setfacl -d -m u:Bob:rw dir1
getfacl dir1 =>

user: :rwx
group: :r-x
other: :r-x
default: user::rwx
default: user:Bob:rw-
default: group::r-x
default: mask::rwx
default: other::r-x

Therefore user Bob will not be able to create files in dir1, since there are no regular permissions for Bob, there are only default.
we need to setfacl -m u:Bob:rwx dir1
and Bob will be able to create files in dir1

Question 15

Remove default permissions on ACL

Answer 15

setfacl –remove-default dir1

Question 16

Set execute permissions on dirs but not on files

Answer 16

chmod u+X dir1

setfacl -R -m g:finance:rwX dir1

Question 17

Remove all ACL entries

Answer 17

setfacl -b file1