Managing File system security

In our last two articles you learnt about permission. Permission can be set by chmod command in two different way symbolic and binary masks.

In this article we will practically implements whatever you have learnt so far in file permissions. This article is a sequential of last two articles if you have missed last two articles we suggest you to review them before going through this first.

Create 3 user a b c without password. Use for loop despite of creating them separately. You have learnt about this in our advance user managements assignments.

#for user in a b c
>do
>useradd $USER
>passwd –d $USER
>done 

Linux useradd commands

Now create a group example and add user a and b to in.

#groupadd example
#usermod –G example a
#usermod –G example b 

linux usermod groupadd commands

now create a test directory on root partition and change ownership to user a and group to example.

chown chgrp linux commands

Now logon in 3 separate terminals form these users.

From root set permission to

 #chmod 700 /test

chmod linux commands

This will set permissions to

 owner a full
 group example ( a ,b ) none
 other c none 

to verify these permission go on the terminals where user a is logged on and run following commands

$cd /test
$cat > a_file
This is a file of user a
$ls a_file 

linux chmod commands

user a will be able to do all three task read write execute as owner have all three permission Now try to change /test directory form user b . It will deny. Because user b remain in example group. and group have no permissions.

linux chmod commands

Now try to change /test directory form user c. it will also deny. Because user c is other for this directory and other have no permissions.

linux chmod commands

Now change permission from root to

 #chmod 710 /test

linux chmod

This will give full permission to owner a. And execute to b ( b is in the group of a which is example) User c (other ) still have no permissions.

To verify try change directoy form user b to /test it would be success but he will not be able to list the contain of directory.

 $cd /test $ls

linux chmod commands

Also verify the permission of c ( other ) by changing the directory to /test

 $cd /test 

linux chmod commands

Now change permission from root to

 #chmod 751 /test

linux chmod commands

This will give full permission to owner a. execute and read to b ( b is in the group of a which is example) User c (other ) now have execute permissions.

To verify try to list form user b to /test it would be success but he will not be able to write in directory.

 $ls $cat > b_file

linux chmod commands

Also verify the permission of c ( other ) by changing the directory to /test

 $cd /test $ls

chmod example

Now change permission from root to

 #chmod 775 /test

chmod example

This will give full permission to owner a b ( b is in the group of a which is example) User c (other ) now have read and execute permissions.

To verify try make new file form user b to /test it would be success.

 $cd /test $ls $ cat > b_file This file is created by b

chmod example

Also verify the permission of c ( other ) by listing the directory to /test

 $cd /test $ls

chmod example

Now change permission from root to

 #chmod 777 /test

chmod example

This will give full permission to owner a b and c. User c (other ) now have full permissions.

To verify make file form user c

 $ cat > c_file This file is created by user c 

chmod example