CYSE 270: Linux System for Cybersecurity
Lab 6 – File Permission
CYSE 270: Linux System for Cybersecurity
You need to configure the system to allow three users to perform the shared folder actions.
Task A: Get accounts and groups ready
Step 1. Create three groups, employee, payroll, and admin.
Step 2. Create three user accounts with a specified home directory for Sophia, Olivia, and Emma. Set
the primary group for Sophia, Olivia, and Emma to "employee", "payroll", and "admin", respectively.
And change their login shell to
in
ash. You can refer to the options in Table 7-4. Don't forget to
set their passwords.
Step 3. Create a shared group called "your_midas" (replace it with your MIDAS ID) and set this shared
group as the above accounts' secondary group. After this step, remember to check each user's group
profile.
Step 4. Create a directory named /home/cyse_project, which to be owned by the group, your_midas.
After this step, remember to check the permission of this shared directory.
Step 5. Change the permissions of the /home/cyse_project directory to "drwxrwx---" so that only the
project group members have access to this directory. After this step, remember to check the
permission of this shared directory.
Step 6. Switch to Sophia's account. Change the default permissions to "-rw-r-----" for Sophia when she
creates a file or directory. Check the value of umask, and permission of a new file after this step.
Step 7. Create a new file called "Sophia_homework" in the home directory and put your name in the
file. After this step, remember to check the content and the permission of the new file.
Step 8. Copy "Sophia_homework" to the /home/cyse_project directory. After this step, remember to
check the permission of the file in the shared directory.
Step 9. Switch to Emma's account. Try to read "Sophia_homework" in the /home/cyse_project
directory.
Task B: Set SGID permission
Step 1. Switch to root account. To allow group members to access this file, you need to fix the sharing
issue by setting the co
ect SGID group values to give the group user read permission.
Step 2. Switch to Sophia's account. Copy "Sophia_homework" to the /home/cyse_project directory as
"Sophia_homework2".
Step 3. Switch to Emma's account. Try to read "Sophia_ homework2" in the /home/cyse_project
directory.
Task C: Unset SGID permissions
Step 1. Switch to root account. To disallow group members to access the files in this folder, you need to
fix the sharing issue by setting the co
ect SGID group values to remove the group user read
permission.
Step 2. Switch to Sophia's account. Copy "Sophia_homework" to the /home/cyse_project directory as
"Sophia_homework3".
Step 3. Switch to Olivia's account. Try to read "Sophia_home3" in the /home/cyse_project directory.
CYSE 270: Linux System for Cybersecurity
Extra credit: Sticky Bit
Step 1. Switch to Olivia’ account. Delete “Sophia_ homework" in the /home/cyse_project directory.
Step 2. Switch to root account. Set the sticky bit permission, to make files can only be removed by the
owner of the file.
Step 3. Switch to Olivia’ account. Try to delete “Sophia_ homework3" in the /home/cyse_project
directory. Can you delete it this time? Why?