RH199 - ch04s04

Preface A: Introduction

Section A.1: Orientation to the Classroom Lab Environment

Chapter 1: Local and Remote Logins

Section 1.1: Accessing the Command Line Using the Local Console

Section 1.2: Quiz: Local Console Access Terms

Section 1.3: Configuring SSH Key-based Authentication

Section 1.4: Guided Exercise: Using SSH Key-based Authentication

Section 1.5: Getting Help From Red Hat

Section 1.6: Guided Exercise: Creating and Viewing an SoS Report

Chapter 2: File System Navigation

Section 2.1: The Linux File System Hierarchy

Section 2.2: Quiz: File System Hierarchy

Section 2.3: Managing Files Using Command-Line Tools

Section 2.4: Guided Exercise: Command-Line File Management

Section 2.5: Making Links Between Files

Section 2.6: Guided Exercise: Making Links Between Files

Chapter 3: Users and Groups

Section 3.1: Users and Groups

Section 3.2: Quiz: User and Group Concepts

Section 3.3: Gaining Superuser Access

Section 3.4: Guided Exercise: Running Commands as root

Section 3.5: Managing Local User Accounts

Section 3.6: Guided Exercise: Creating Users Using Command-line Tools

Section 3.7: Managing Local Group Accounts

Section 3.8: Guided Exercise: Managing Groups Using Command-line Tools

Section 3.9: Managing User Passwords

Section 3.10: Guided Exercise: Managing User Password Aging

Section 3.11: Using Identity Management Services

Section 3.12: Guided Exercise: Connecting to a Central LDAP and Kerberos Server

Section 3.13: Lab: Managing Linux Users and Groups

Chapter 4: File Permissions

Section 4.1: Managing File System Permissions from the Command Line

Section 4.2: Guided Exercise: Managing File Security from the Command Line

Section 4.3: Managing Default Permissions and File Access

SectionSection 4.4: Guided Exercise: Controlling New File Permissions and Ownership

Section 4.5: POSIX Access Control Lists (ACLs)

Section 4.6: Quiz: Interpret ACLs

Section 4.7: Securing Files with ACLs

Section 4.8: Guided Exercise: Using ACLs to Grant and Limit Access

Chapter 5: SELinux Permissions

Section 5.1: Enabling and Monitoring Security Enhanced Linux (SELinux)

Section 5.2: Quiz: SELinux Concepts

Section 5.3: Changing SELinux Modes

Section 5.4: Guided Exercise: Changing SELinux Modes

Section 5.5: Changing SELinux Contexts

Section 5.6: Guided Exercise: Changing SELinux Contexts

Section 5.7: Changing SELinux Booleans

Section 5.8: Guided Exercise: Changing SELinux Booleans

Section 5.9: Troubleshooting SELinux

Section 5.10: Guided Exercise: Troubleshooting SELinux

Section 5.11: Lab: Managing SELinux Security

Chapter 6: Process Management

Section 6.1: Killing Processes

Section 6.2: Guided Exercise: Killing Processes

Section 6.3: Monitoring Process Activity

Section 6.4: Guided Exercise: Monitoring Process Activity

Section 6.5: Using nice and renice to Influence Process Priority

Section 6.6: Guided Exercise: Discovering Process Priorities

Section 6.7: Lab: Managing Priority of Linux Processes

Chapter 7: Updating Software Packages

Section 7.1: Attaching Systems to Subscriptions for Software Updates

Section 7.2: Quiz: Red Hat Subscription Management

Section 7.3: Managing Software Updates with yum

Section 7.4: Guided Exercise: Installing and Updating Software with yum

Section 7.5: Enabling yum Software Repositories

Section 7.6: Guided Exercise: Enabling Software Repositories

Section 7.7: Lab: Installing and Updating Software Packages

Chapter 8: Creating and Mounting File Systems

Section 8.1: Mounting and Unmounting File Systems

Section 8.2: Guided Exercise: Mounting and Unmounting File Systems

Section 8.3: Adding Partitions, File Systems, and Persistent Mounts

Section 8.4: Guided Exercise: Adding Partitions, File Systems, and Persistent Mounts

Section 8.5: Managing Swap Space

Section 8.6: Guided Exercise: Adding and Enabling Swap Space

Section 8.7: Lab: Adding Disks, Partitions, and File Systems to a Linux System

Chapter 9: Service Management and Boot Troubleshooting

Section 9.1: Identifying Automatically Started System Processes

Section 9.2: Guided Exercise: Identify the Status of systemd Units

Section 9.3: Controlling System Services

Section 9.4: Guided Exercise: Using systemctl to Manage Services

Section 9.5: The Red Hat Enterprise Linux Boot Process

Section 9.6: Guided Exercise: Selecting a Boot Target

Section 9.7: Repairing Common Boot Issues

Section 9.8: Guided Exercise: Resetting a Lost root Password

Section 9.9: Repairing File System Issues at Boot

Section 9.10: Guided Exercise: Repairing Boot Problems

Section 9.11: Repairing Boot Loader Issues

Section 9.12: Guided Exercise: Repairing a Boot Loader Problem

Section 9.13: Lab: Controlling Services and Daemons

Chapter 10: Network Configuration

Section 10.1: Validating Network Configuration

Section 10.2: Guided Exercise: Examining Network Configuration

Section 10.3: Configuring Networking with nmcli

Section 10.4: Guided Exercise: Configuring Networking with nmcli

Section 10.5: Editing Network Configuration Files

Section 10.6: Guided Exercise: Editing Network Configuration Files

Section 10.7: Configuring Host Names and Name Resolution

Section 10.8: Guided Exercise: Configuring Host Names and Name Resolution

Section 10.9: Lab: Managing Red Hat Enterprise Linux Networking

Chapter 11: System Logging and NTP

Section 11.1: System Log Architecture

Section 11.2: Quiz: System Logging Components

Section 11.3: Reviewing Syslog Files

Section 11.4: Guided Exercise: Finding Log Entries

Section 11.5: Reviewing systemd Journal Entries

Section 11.6: Guided Exercise: Finding Events With journalctl

Section 11.7: Preserving the systemd Journal

Section 11.8: Guided Exercise: Configure a Persistent systemd Journal

Section 11.9: Maintaining Accurate Time

Section 11.10: Guided Exercise: Adjusting System Time

Section 11.11: Lab: Analyzing and Storing Logs

Chapter 12: Logical Volume Management

Section 12.1: Managing Logical Volumes

Section 12.2: Guided Exercise: Adding a Logical Volume

Section 12.3: Extending Logical Volumes

Section 12.4: Guided Exercise: Extending a Logical Volume

Section 12.5: Lab: Managing Logical Volume Management (LVM) Storage

Chapter 13: Scheduled Processes

Section 13.1: Scheduling System cron Jobs

Section 13.2: Guided Exercise: Scheduling System cron Jobs

Section 13.3: Managing Temporary Files

Section 13.4: Guided Exercise: Managing Temporary Files

Chapter 14: Mounting Network File Systems

Section 14.1: Mounting Network Storage with NFS

Section 14.2: Guided Exercise: Mounting and Unmounting NFS

Section 14.3: Automounting Network Storage with NFS

Section 14.4: Guided Exercise: Automounting NFS

Section 14.5: Accessing Network Storage with SMB

Section 14.6: Guided Exercise: Mounting a SMB File System

Section 14.7: Lab: Accessing Network Storage with Network File System (NFS)

Section 14.8: Lab: Accessing Network Storage with SMB

Chapter 15: Firewall Configuration

Section 15.1: Limiting Network Communication

Section 15.2: Guided Exercise: Limiting Network Communication

Section 15.3: Lab: Limiting Network Communication

Chapter 16: Virtualization and Kickstart

Section 16.1: Defining the Anaconda Kickstart System

Section 16.2: Quiz: Kickstart File Syntax and Modification

Section 16.3: Deploying a New Virtual System with Kickstart

Section 16.4: Guided Exercise: Installing a System Using Kickstart

Section 16.5: Managing a Local Virtualization Host

Section 16.6: Quiz: Managing a Local Virtualization Host

Bookmark this page

P 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

Guided Exercise: Controlling New File Permissions and Ownership

In this lab, you will control default permissions on new files using the umask command and setgid permission.

Outcomes

Create a shared directory where new files are automatically owned by the group ateam.
Experiment with various umask settings.
Adjust default permissions for specific users.
Confirm your adjustment is correct.

Reset your serverX system. Run lab permissions setup to create the alice account. The password for alice is password.

Log in as alice on your serverX virtual machine and open a window with a Bash prompt. Use the umask command without arguments to display Alice's default umask value.
```
[alice@serverX ~]$ umask
0002
```

Create a new directory /tmp/shared and a new file /tmp/shared/defaults to see how the default umask affects permissions.

[alice@serverX ~]$ mkdir /tmp/shared
[alice@serverX ~]$ ls -ld /tmp/shared
drwxrwxr-x. 2 alice alice 6 Jan 26 18:43 /tmp/shared
[alice@serverX ~]$ touch /tmp/shared/defaults
[alice@serverX ~]$ ls -l /tmp/shared/defaults
-rw-rw-r--. 1 alice alice 0 Jan 26 18:43 /tmp/shared/defaults

Change the group ownership of /tmp/shared to ateam and record the new ownership and permissions.

[alice@serverX ~]$ chown :ateam /tmp/shared
[alice@serverX ~]$ ls -ld /tmp/shared
drwxrwxr-x. 2 alice ateam 21 Jan 26 18:43 /tmp/shared

Create a new file in /tmp/shared and record the ownership and permissions.

[alice@serverX ~]$ touch /tmp/shared/alice3
[alice@serverX ~]$ ls -l /tmp/shared/alice3
-rw-rw-r--. 1 alice alice 0 Jan 26 18:46 /tmp/shared/alice3

Ensure the permissions of /tmp/shared cause files created in that directory to inherit the group ownership of ateam.

[alice@serverX ~]$ chmod g+s /tmp/shared
[alice@serverX ~]$ ls -ld /tmp/shared
drwxrwsr-x. 2 alice ateam 34 Jan 26 18:46 /tmp/shared
[alice@serverX ~]$ touch /tmp/shared/alice4
[alice@serverX ~]$ ls -l /tmp/shared/alice4
-rw-rw-r--. 1 alice ateam 0 Jan 26 18:48 /tmp/shared/alice4

Change the umask for alice such that new files are created with read-only access for the group and no access for other users. Create a new file and record the ownership and permissions.

[alice@serverX ~]$ umask 027
[alice@serverX ~]$ touch /tmp/shared/alice5
[alice@serverX ~]$ ls -l /tmp/shared/alice5
-rw-r-----. 1 alice ateam 0 Jan 26 18:48 /tmp/shared/alice5

Open a new Bash shell as alice and view the umask.
```
[alice@serverX ~]$ umask
0002
```

Change the default umask for alice to prohibit all access for users not in their group.

[alice@serverX ~]# echo "umask 007" >> ~/.bashrc
[alice@serverX ~]# cat ~/.bashrc
# .bashrc

# Source global definitions
if [ -f /etc/bashrc ]; then
	. /etc/bashrc
fi

# Uncomment the following line if you don't like systemctl's auto-paging feature:
# export SYSTEMD_PAGER=

# User specific aliases and functions
umask 007

Log out and back into serverX as alice and confirm that the umask changes you made are persistent.
```
[alice@serverX ~]$ umask
0007
```

Revision: rh199-7-d0984a3