LPI Linux Certification/Manage File Ownership
From Wikibooks, the open-content textbooks collection
Contents |
[edit] Detailed Objective
Weight: 1
Description:
Candidates should be able to control user and group ownership of files. This objective includes the ability to change the user and group owner of a file as well as the default group owner for new files.
- Key knowledge area(s):
- Manage access permissions on regular and special files as well as directories.
- Use the group field to grant file access to workgroups.
- The following is a partial list of the used files, terms and utilities:
- chmod
- chown
- chgrp
[edit] Changing file owner and group
To change the owner of a file or directory, use chown.
chown yann mon_fichier.txt
To change the group of a file or directory, use chgrp.
chgrp dialout caller
The programs gpasswd and yast2 allow you to administrate groups.
gpasswd [-A user,...] [-M user,...] group
- -A: Add users with group administrator privileges.
- -M: Add members in group.
Group administrators can add or delete members of the group
gpasswd -d toto users gpasswd -a toto users
Group administrators can set or remove the password for the group.
gpasswd users gpasswd -r users
[edit] More privileges
It is possible to give more privileges to an user when it executes a particular script or program by setting the uid or gid bit of the file.
If the bit is set, the process will inherit the permissions of the owner of the file not the permissions of the user. To set the effective uid or gid, use chmod.
chmod 2640 [file] # (2) gid is inheritable for group. chmod 4640 [file] # (4) uid is inheritable for user.
Example of such program is /bin/passwd.
The sticky bit can also be set and can make the program text segment resident in RAM. chmod 1640 [file] (1) The file program stays in RAM.
[edit] Exercises
1) Write the command line by using letters with chmod to set the following permissions:
rwxrwxr-x : rwxr--r-- : r--r----- : rwxr-xr-x : rwxr-xr-x : r-x--x--x : -w-r----x : -----xrwx :
2) Write the command line by using octal numbers with chmod to set the following permissions:
rwxrwxrwx : --x--x--x : r---w---x : -w------- : rw-r----- : rwx--x--x :
3) With the following umask values what would be the files and directories creation permissions?
umask = 0027 File permissions: Directory permissions:
umask = 0011 File permissions: Directory permissions:
umask = 0541 File permissions: Directory permissions:
umask = 0777 File permissions: Directory permissions:
4) Create two user accounts
Logging in id: tst1, group users, with bash shell, home directory /home/tst1
Logging in id: tst2, group public, with bash shell, home directory /home/tst2
For the two accounts set a password.
Logging in as tst1 and copy /bin/ls into tst1 home directory as myls. Change the owner of myls to tst1 and the permissions to 0710. What does this permission value mean?
Logging in as tst2 and try to use /home/tst1/myls to list your current directory. Does it work ?
Create in /etc/group and /etc/gshadow a new group labo with tst1 and tst2. Change the owner group of myls to labo.
Try again from tst2 account to execute /home/tst1/myls to list your current directory. Does it work?
