Skip to content

Latest commit

 

History

History
150 lines (102 loc) · 4.34 KB

unix-permissions.md

File metadata and controls

150 lines (102 loc) · 4.34 KB
Raw

Unix Permissions

This exercise illustrates how you can restrict access to files and directories using Unix permissions.

Replace jde by your actual username.

Legend

Parts of this guide are annotated with the following icons:

  • ❗ A task you MUST perform to complete the exercise.
  • ❓ An optional step that you may perform to make sure that everything is working correctly.
  • ⚠️ Critically important information about the exercise.
  • 💎 Tips on the exercise, reminders about previous exercises, or explanations about how this exercise differs from the previous one.
  • 👾 More advanced tips on how to save some time. Challenges.
  • 📚 Additional information about the exercise or the commands and tools used.
  • 🏁 The end of the exercise.
  • 💥 Troubleshooting tips: how to fix common problems you might encounter.

❗ Setup

Create a new alice user:

$> sudo useradd --create-home --shell /bin/bash alice

Make sure other users can access and list the contents of alice's home directory:

$> sudo chmod o+rx /home/alice

❗ The exercise

  • Create a file named file.txt in alice's home directory that is readable by alice but not by you.
  • Create a directory named for_alice in the system's temporary directory (/tmp). The alice user must be able to traverse this directory, but not list its contents or create new files in it.
  • The directory must contain a readable.txt file that alice can read from, but not write to.
  • The directory must contain a writable.txt file that alice can read from and write to.

❓ Check if it works

You should not be able to read the file in alice's home directory:

$> cat /home/alice/file.txt
cat: /home/alice/file.txt: Permission denied

Temporarily log in as alice (using your administrative privileges and the su command, as in switch user):

$> sudo su --login alice

💎 When you are done, you can go back to being you with the exit command. Your command line prompt should remind you who you are. When in doubt, use the whoami command.

📚 The --login option can also be abbreviated to -l or even simply - (yes, the people who designed Unix were lazy enough that they did not even want to type one more letter).

You should be able to read the file in the home directory:

$> cat /home/alice/file.txt

You should not be able to list the for_alice directory:

$> ls /tmp/for_alice
ls: cannot open directory '/tmp/for_alice/': Permission denied

You should not be able to create a file in the for_alice directory:

$> echo Hello > /tmp/for_alice/file.txt
-bash: /tmp/for_alice/file.txt: Permission denied

You should be able to read the readable.txt file in the for_alice directory:

$> cat /tmp/for_alice/readable.txt

You should not be able to modify the readable.txt file in the for_alice directory:

$> echo "Hello, I'm Alice" >> /tmp/for_alice/readable.txt
-bash: /tmp/for_alice/readable.txt: Permission denied

You should be able to write to and read from the writable.txt file in the for_alice directory:

$> echo "Hello, I'm Alice" >> /tmp/for_alice/writable.txt

$> cat /tmp/for_alice/writable.txt
Hello, I'm Alice

📚 As a reminder, in Bash, >> means to redirect the standard output of a command into a file and to append to the end of that file. If you wanted to overwrite the whole contents of the file, you could use > instead.

🏁 What have I done?

You have learned to open or restrict access to files in a Unix system by judicious use of the chown and chmod commands to change ownership and/or permissions.

You have also practiced using some of the other Unix file-related commands you have learned about so far.