Skip to content

Instantly share code, notes, and snippets.

@MrSnyder

MrSnyder/exercise_linux_permissions

Last active February 1, 2023 10:54
Show Gist options
  • Save MrSnyder/96053fc706defa1375c2482e55edde75 to your computer and use it in GitHub Desktop.
Save MrSnyder/96053fc706defa1375c2482e55edde75 to your computer and use it in GitHub Desktop.
Download ZIP
Linux permissions exercise
Raw
exercise_linux_permissions
# Linux permissions exercise
## Step 0: Create an example directory hierarchy
```
/srv
└── telekom
├── bin
├── gigabit
│   ├── bin
│   ├── devops
│   └── reports
└── terabit
```
```bash
sudo mkdir /srv/telekom
sudo mkdir /srv/telekom/bin
sudo mkdir /srv/telekom/gigabit
sudo mkdir /srv/telekom/gigabit/bin
sudo mkdir /srv/telekom/gigabit/reports
sudo mkdir /srv/telekom/gigabit/devops
sudo mkdir /srv/telekom/terabit
```
## Step 1: Controlling access to telekom directory
```bash
# add users
sudo adduser marty
sudo adduser pete
sudo adduser steve
sudo adduser bill
sudo adduser jon
sudo adduser sara
sudo groupadd telekom
sudo usermod -a -G telekom pete
sudo usermod -a -G telekom steve
sudo usermod -a -G telekom bill
sudo usermod -a -G telekom jon
sudo usermod -a -G telekom sara
```
* Task: Try to restrict access to `/srv/telekom` folder, so that only members of telekom group can use it.
* Task: Verify that pete can see the files there.
* Task: Verify that marty cannot see the files here.
* Task: Verify that pete can write a file there.
* Task: As user pete, try to create a simple script `hello.sh` (see below) in `/srv/telekom/bin`
* Task: Try to understand, why this may not work
* Task: Change the permissions of the `/srv/telekom/bin` folder and try again.
* Task: Make the script executable and execute it.
* Task: Check if other members of the telekom group can execute the script, if not, try to make that possible.
```bash
#!/bin/sh
echo Hello Telekom
```
## Step 2: Controlling access to telekom/gigabit directory
```bash
sudo groupadd gigabit
sudo usermod -a -G gigabit steve
sudo usermod -a -G gigabit bill
sudo usermod -a -G gigabit jon
```
* Task: Restrict access to `/srv/telekom/gigabit` folder to members of gigabit group.
* Task: Verify that steve can see the files there.
* Task: Verify that pete cannot see the files here.
* Task: Verify that steve can write a file there.
## Step 3: Controlling access to telekom/terabit directory
```bash
sudo groupadd terabit
sudo usermod -a -G terabit sara
sudo usermod -a -G terabit jon
sudo usermod -a -G terabit bill
```
* Task: Restrict access to `/srv/telekom/terabit` folder to members of terabit group.
* Task: Verify that sara can see the files there.
* Task: Verify that steve cannot see the files here.
* Task: Verify that sara can write a file there.
* Task: Verify that bill can write a file there.
## Step 4: Controlling access in telekom/gigabit subdirectories
```bash
sudo groupadd gigabit-sales
sudo groupadd gigabit-nerdz
sudo usermod -a -G gigabit-sales steve
sudo usermod -a -G gigabit-nerdz,gigabit-sales bill
sudo usermod -a -G gigabit-nerdz jon
```
* Task: Restrict access to `/srv/telekom/gigabit/reports` to members of gigabit-sales group
* Task: Verify that bill can create a file there.
* Task: Verify that jon cannot see the files there.
* Task: Restrict access to `/srv/telekom/gigabit/devops` to members of gigabit-nerdz group
* Task: Verify that jon can create a file there.
* Task: Verify that steve cannot see the files there.
* Task: Create a dummy script `/srv/telekom/gigabit/bin/hello.sh`
* Task: Make the script executable for all gigabit members
* Task: Check execution for both steve and jon
* Task: Create a dummy script `/srv/telekom/gigabit/bin/ci-cd.sh`
* Make the script executable to the gigabit-nerdz group only
* Task: Check execution for both bill and jon
* Task: Check that execution does not work for steve
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment