Connect to your virtual server with SSH for this exercise.
Unix Permissions
This exercise illustrates how you can restrict access to files and directories using Unix permissions.
π οΈ
On this page
Table of contents
Legend
Parts of this exercise are annotated with the following icons:
-
A task you MUST perform to complete the exercise -
An optional step that you may perform to make sure that everything is working correctly, or to set up
additional tools that are not required but can help you
-
The end of the exercise -
The architecture of the software you ran or deployed during this exercise. -
Troubleshooting tips: how to fix common problems you might encounter
Setup
Create a new alice user:
$> sudo useradd --create-home --shell /bin/bash alice
Tip
You can also use the equivalent short versions of these options:
$> sudo useradd -m -s /bin/bash alice
Make sure other users can access and list the contents of aliceβs home
directory:
$> sudo chmod o+rx /home/alice
The exercise
- Create a file named
file.txtinaliceβs home directory that is readable byalicebut not by you. - Create a directory named
for_alicein the systemβs temporary directory (/tmp). Thealiceuser must be able to traverse this directory, but not list its contents or create new files in it. - The directory must contain a
readable.txtfile thatalicecan read from, but not write to. - The directory must contain a
writable.txtfile thatalicecan read from and write to.
Optional: check if it works
You should not be able to read the file in aliceβs home directory:
$> cat /home/alice/file.txt
cat: /home/alice/file.txt: Permission denied
Temporarily log in as alice (using your administrative privileges and the su command, as in switch user):
$> sudo su --login alice
When you are done, you can go back to being you with the exit command. Your command line prompt should remind you who you are. When in doubt, use the whoami command.
More information
The --login option can also be abbreviated to -l or even simply - (yes,
the people who designed Unix were lazy enough that they did not even want to
type one more letter).
You should be able to read the file in the home directory:
$> cat /home/alice/file.txt
You should not be able to list the for_alice directory:
$> ls /tmp/for_alice
ls: cannot open directory '/tmp/for_alice/': Permission denied
You should not be able to create a file in the for_alice directory:
$> echo Hello > /tmp/for_alice/file.txt
-bash: /tmp/for_alice/file.txt: Permission denied
You should be able to read the readable.txt file in the for_alice directory:
$> cat /tmp/for_alice/readable.txt
You should not be able to modify the readable.txt file in the for_alice directory:
$> echo "Hello, I'm Alice" >> /tmp/for_alice/readable.txt
-bash: /tmp/for_alice/readable.txt: Permission denied
You should be able to write to and read from the writable.txt file in the for_alice directory:
$> echo "Hello, I'm Alice" >> /tmp/for_alice/writable.txt
$> cat /tmp/for_alice/writable.txt
Hello, I'm Alice
As a reminder, in Bash, >> means to redirect the standard output of a command
into a file and to append to the end of that file. If you wanted to overwrite
the whole contents of the file, you could use > instead.
What have I done?
You have learned to open or restrict access to files in a Unix system by judicious use of the chown and chmod commands to change ownership and/or permissions.
You have also practiced using some of the other Unix file-related commands you have learned about so far.