RH124 - ch07s07

In this lab, you configure permissions on files and set up a directory that users in a particular group can use to share files on the local file system.

Outcomes

Create a directory where users can work collaboratively on files.
Create files that are automatically assigned group ownership.
Create files that are not accessible outside the group.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command prepares your environment and ensures that all required resources are available.

[student@workstation ~]$ lab start perms-review

Instructions

Log in to serverb as the student user. Run the sudo -i command at the shell prompt to become the root user. Use student as the student user password.

[student@workstation ~]$ ssh student@serverb
...output omitted...
[student@serverb ~]$ sudo -i
[sudo] password for student: student
[root@serverb ~]#

Create a /home/techdocs directory.
Use the mkdir command to create a /home/techdocs directory.
[root@serverb ~]# mkdir /home/techdocs
Change the group ownership of the /home/techdocs directory to the techdocs group.
Use the chown command to change the group ownership for the /home/techdocs directory to the techdocs group.
[root@serverb ~]# chown :techdocs /home/techdocs
Verify that users in the techdocs group cannot create files in the /home/techdocs directory.
Use the su command to switch to the tech1 user.
[root@serverb ~]# su - tech1 [tech1@serverb ~]$
Create a techdoc1.txt file in the /home/techdocs directory. This step should fail.
Although the /home/techdocs directory is owned by the techdocs group and tech1 is part of the techdocs group, you cannot create a file in that directory. The reason is because the techdocs group does not have write permission.
[tech1@serverb ~]$ touch /home/techdocs/techdoc1.txt touch: cannot touch '/home/techdocs/techdoc1.txt': Permission denied
List the directory's permissions.
[tech1@serverb ~]$ ls -ld /home/techdocs/ drwxr-xr-x. 2 root techdocs 6 Feb 5 16:05 /home/techdocs/
Set permissions on the /home/techdocs directory. On the /home/techdocs directory, configure setgid (2); read, write, and execute permissions (7) for the owner/user and group; and no permissions (0) for other users.
Exit from the tech1 user shell.
[tech1@serverb ~]$ exit logout [root@serverb ~]#
Set the group permission for the /home/techdocs directory. Configure setgid; read, write, and execute permissions for the owner and group; and no permissions for others.
[root@serverb ~]# chmod 2770 /home/techdocs
Verify that the permissions are set correctly.
The techdocs group now has write permission.
[root@serverb ~]# ls -ld /home/techdocs drwxrws---. 2 root techdocs 6 Feb 4 18:12 /home/techdocs/

Confirm that users in the techdocs group can now create and edit files in the /home/techdocs directory. Users that are not in the techdocs group cannot edit or create files in the /home/techdocs directory. The tech1 and tech2 users are in the techdocs group. The database1 user is not in that group.

Switch to the tech1 user. Create a techdoc1.txt file in the /home/techdocs directory. Add some text to the /home/techdocs/techdoc1.txt file. Exit from the tech1 user shell.

[root@serverb ~]# su - tech1
[tech1@serverb ~]$ touch /home/techdocs/techdoc1.txt
[tech1@serverb ~]$ ls -l /home/techdocs/techdoc1.txt
-rw-r--r--. 1 tech1 techdocs 0 Feb  5 16:42 /home/techdocs/techdoc1.txt
[tech1@serverb ~]$ echo "This is the first tech doc." > /home/techdocs/techdoc1.txt
[tech1@serverb ~]$ exit
logout
[root@serverb ~]#

Switch to the tech2 user. Display the content of the /home/techdocs/techdoc1.txt file. Create a techdoc2.txt file in the /home/techdocs directory. Exit from the tech2 user shell.

[root@serverb ~]# su - tech2
[tech2@serverb ~]$ cd /home/techdocs
[tech2@serverb techdocs]$ cat techdoc1.txt
This is the first tech doc.
[tech2@serverb techdocs]$ touch /home/techdocs/techdoc2.txt
[tech2@serverb techdocs]$ ls -l
total 4
-rw-r--r--. 1 tech1 techdocs 28 Feb  5 17:43 techdoc1.txt
-rw-r--r--. 1 tech2 techdocs  0 Feb  5 17:45 techdoc2.txt
[tech2@serverb techdocs]$ exit
logout
[root@serverb ~]#

Switch to the database1 user. Display the content of the /home/techdocs/techdoc1.txt file. You get a Permission Denied message. Verify that the database1 user does not have access to the file. Exit from the database1 user shell.

Enter the following long echo command on a single line:

[root@serverb ~]# su - database1
[database1@serverb ~]$ cat /home/techdocs/techdoc1.txt
cat: /home/techdocs/techdoc1.txt: Permission denied
[database1@serverb ~]$ ls -l /home/techdocs/techdoc1.txt
ls: cannot access '/home/techdocs/techdoc1.txt': Permission denied
[database1@serverb ~]$ exit
logout
[root@serverb ~]#

Modify the /etc/login.defs file to adjust the default umask for login shells. Normal users should have a umask setting that allows the user and group to create, write, and execute files and directories, and preventing other users from viewing, modifying, or executing new files and directories.
Determine the umask of the student user. Switch to the student login shell. When done, exit from the shell.
[root@serverb ~]# su - student [student@serverb ~]$ umask 0022 [student@serverb ~]$ exit logout [root@serverb ~]#
Edit the /etc/login.defs file and set a umask of 007. The /etc/login.defs file already contains a umask definition. Search the file and update with the appropriate value.
[root@serverb ~]# cat /etc/login.defs ...output omitted... UMASK 007 ...output omitted...
As the student user, verify that the global umask changes to 007.
[root@serverb ~]# exit logout [student@serverb ~]$ exit logout Connection to serverb closed. [student@workstation ~]$ ssh student@serverb ...output omitted... [student@serverb ~]$ umask 0007
Return to the workstation system as the student user.
[student@serverb ~]$ exit logout Connection to serverb closed. [student@workstation ~]$

Evaluation

As the student user on the workstation machine, use the lab command to grade your work. Correct any reported failures and rerun the command until successful.

[student@workstation ~]$ lab grade perms-review

Finish

On the workstation machine, change to the student user home directory and use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish perms-review

This concludes the section.

Discuss Red Hat System Administration I

Go to community

RH124 Chapter 15 Lab 3: Install zsh Package

VictoriaB97

16 sty 2024

Hello,I am trying to finish up Lab 3 of the Chapter 15 Comprehensive Review Labs in RH124, and when I type in sudo dnf install zsh for the 6th specification of the lab, I get an error message basically saying that it failed to download metadata for the repo 'ansible-2.9-for-rhel-9-x86_64-rpms', and that they could not download repomd.xml. It provided a 404 status code.Can someone please let me know what the problem is, and if there is a current workaround? Thanks.

377

Red Hat System Administration I | Guided Exercise: Explain and Investigate RPM Software Pack

AbeHiero

10 lis 2023

I cannot start the lab with command: lab start software-rpm. I get this error:ModuleNotFoundError: No module named 'rhcsa-classroom'Script software-rpm not in course library rhcsa-classroom Anyone else see this?

172

Red Hat System Administration I (RH124)

Haley_Ruccio

19 lip 2023

The first of two courses covering the core system administration tasks needed to manage Red Hat Enterprise Linux serversRed Hat System Administration I (RH124) is designed for IT professionals without previous Linux system administration experience. The course provides students with Linux administration competence by focusing on core administration tasks. This course also provides a foundation for students who plan to become full-time Linux system administrators by introducing key command-line concepts and enterprise-level tools. This course is the first of a two-course series that takes a computer professional without Linux system administration knowledge to become a fully capable Linux administrator. These concepts are further developed in the follow-on course, Red Hat System Administration II (RH134).This course is based on Red Hat® Enterprise Linux 9.0.Course content summaryIntroduce Linux and the Red Hat Enterprise Linux ecosystem.Run commands and view shell environments.Manage, organize, and secure files.Manage users, groups and user security policies.Control and monitor systemd services.Configure remote access using the web console and SSH.Configure network interfaces and settings.Manage software using DNFAudience for this courseThe primary persona is a technical professional with current or pending responsibilities as a Linux enterprise or cloud system administrator.This course is popular in Red Hat Academy, and is targeted at the student who is planning to become a technical professional using Linux.Prerequisites for this courseBasic technical user skills with computer applications on some operating systems are expected.Take our free assessment to gauge whether this offering is the best fit for your skills.Technology considerationsThere are no special technical requirements for this course.This course is not designed for bring your own device (BYOD).Internet access is not required but is recommended so that students can research and browse Red Hat online resources.

336

Revision: rh124-9.0-398f302