RH199 - ch04s05

Course update

An updated version of this course is available that uses a newer version of Red Hat Enterprise Linux in the lab environment. Therefore, the RHEL 9.0 version of the lab environment will retire on December 31, 2024. Please complete any work in this lab environment before it is removed on December 31, 2024. For the most up-to-date version of this course, we recommend moving to the RHEL 9.3 version.

Preface A: Introduction

Section A.1: RHCSA Rapid Track

Section A.2: Orientation to the Classroom Environment

Section A.3: Performing Lab Exercises

Chapter 1: Access Systems and Get Support

Section 1.1: Edit Text Files from the Shell Prompt

Section 1.2: Guided Exercise: Edit Text Files from the Shell Prompt

Section 1.3: Configure SSH Key-based Authentication

Section 1.4: Guided Exercise: Configure SSH Key-based Authentication

Section 1.5: Create a Diagnostics Report

Section 1.6: Guided Exercise: Create a Diagnostics Report

Section 1.7: Detect and Resolve Issues with Red Hat Insights

Section 1.8: Quiz: Detect and Resolve Issues with Red Hat Insights

Section 1.9: Summary

Chapter 2: Manage Files from the Command Line

Section 2.1: Describe Linux File System Hierarchy Concepts

Section 2.2: Quiz: Describe Linux File System Hierarchy Concepts

Section 2.3: Make Links Between Files

Section 2.4: Guided Exercise: Make Links Between Files

Section 2.5: Match File Names with Shell Expansions

Section 2.6: Quiz: Match File Names with Shell Expansions

Section 2.7: Lab: Manage Files from the Command Line

Section 2.8: Summary

Chapter 3: Manage Local Users and Groups

Section 3.1: Describe User and Group Concepts

Section 3.2: Quiz: Describe User and Group Concepts

Section 3.3: Gain Superuser Access

Section 3.4: Guided Exercise: Gain Superuser Access

Section 3.5: Manage Local User Accounts

Section 3.6: Guided Exercise: Manage Local User Accounts

Section 3.7: Manage Local Group Accounts

Section 3.8: Guided Exercise: Manage Local Group Accounts

Section 3.9: Manage User Passwords

Section 3.10: Guided Exercise: Manage User Passwords

Section 3.11: Lab: Manage Local Users and Groups

Section 3.12: Summary

Chapter 4: Control Access to Files

Section 4.1: Manage File System Permissions from the Command Line

Section 4.2: Guided Exercise: Manage File System Permissions from the Command Line

Section 4.3: Manage Default Permissions and File Access

Section 4.4: Guided Exercise: Manage Default Permissions and File Access

SectionSection 4.5: Lab: Control Access to Files

Section 4.6: Summary

Chapter 5: Manage SELinux Security

Section 5.1: Change the SELinux Enforcement Mode

Section 5.2: Guided Exercise: Change the SELinux Enforcement Mode

Section 5.3: Control SELinux File Contexts

Section 5.4: Guided Exercise: Control SELinux File Contexts

Section 5.5: Adjust SELinux Policy with Booleans

Section 5.6: Guided Exercise: Adjust SELinux Policy with Booleans

Section 5.7: Investigate and Resolve SELinux Issues

Section 5.8: Guided Exercise: Investigate and Resolve SELinux Issues

Section 5.9: Lab: Manage SELinux Security

Section 5.10: Summary

Chapter 6: Tune System Performance

Section 6.1: Kill Processes

Section 6.2: Guided Exercise: Kill Processes

Section 6.3: Monitor Process Activity

Section 6.4: Guided Exercise: Monitor Process Activity

Section 6.5: Adjust Tuning Profiles

Section 6.6: Guided Exercise: Adjust Tuning Profiles

Section 6.7: Influence Process Scheduling

Section 6.8: Guided Exercise: Influence Process Scheduling

Section 6.9: Lab: Tune System Performance

Section 6.10: Summary

Chapter 7: Schedule Future Tasks

Section 7.1: Schedule Recurring User Jobs

Section 7.2: Guided Exercise: Schedule Recurring User Jobs

Section 7.3: Schedule Recurring System Jobs

Section 7.4: Guided Exercise: Schedule Recurring System Jobs

Section 7.5: Manage Temporary Files

Section 7.6: Guided Exercise: Manage Temporary Files

Section 7.7: Quiz: Schedule Future Tasks

Section 7.8: Summary

Chapter 8: Install and Update Software Packages

Section 8.1: Register Systems for Red Hat Support

Section 8.2: Quiz: Register Systems for Red Hat Support

Section 8.3: Install and Update Software Packages with DNF

Section 8.4: Guided Exercise: Install and Update Software Packages with DNF

Section 8.5: Enable DNF Software Repositories

Section 8.6: Guided Exercise: Enable DNF Software Repositories

Section 8.7: Lab: Install and Update Software Packages

Section 8.8: Summary

Chapter 9: Manage Basic Storage

Section 9.1: Mount and Unmount File Systems

Section 9.2: Guided Exercise: Mount and Unmount File Systems

Section 9.3: Add Partitions, File Systems, and Persistent Mounts

Section 9.4: Guided Exercise: Add Partitions, File Systems, and Persistent Mounts

Section 9.5: Manage Swap Space

Section 9.6: Guided Exercise: Manage Swap Space

Section 9.7: Lab: Manage Basic Storage

Section 9.8: Summary

Chapter 10: Manage Storage Stack

Section 10.1: Create and Extend Logical Volumes

Section 10.2: Guided Exercise: Create and Extend Logical Volumes

Section 10.3: Lab: Manage Storage Stack

Section 10.4: Summary

Chapter 11: Control Services and Boot Process

Section 11.1: Identify Automatically Started System Processes

Section 11.2: Guided Exercise: Identify Automatically Started System Processes

Section 11.3: Control System Services

Section 11.4: Guided Exercise: Control System Services

Section 11.5: Select the Boot Target

Section 11.6: Guided Exercise: Select the Boot Target

Section 11.7: Reset the Root Password

Section 11.8: Guided Exercise: Reset the Root Password

Section 11.9: Repair File-system Issues at Boot

Section 11.10: Guided Exercise: Repair File-system Issues at Boot

Section 11.11: Lab: Control the Boot Process

Section 11.12: Summary

Chapter 12: Analyze and Store Logs

Section 12.1: Describe System Log Architecture

Section 12.2: Quiz: Describe System Log Architecture

Section 12.3: Review Syslog Files

Section 12.4: Guided Exercise: Review Syslog Files

Section 12.5: Review System Journal Entries

Section 12.6: Guided Exercise: Review System Journal Entries

Section 12.7: Preserve the System Journal

Section 12.8: Guided Exercise: Preserve the System Journal

Section 12.9: Maintain Accurate Time

Section 12.10: Guided Exercise: Maintain Accurate Time

Section 12.11: Lab: Analyze and Store Logs

Section 12.12: Summary

Chapter 13: Manage Networking

Section 13.1: Validate Network Configuration

Section 13.2: Guided Exercise: Validate Network Configuration

Section 13.3: Configure Networking from the Command Line

Section 13.4: Guided Exercise: Configure Networking from the Command Line

Section 13.5: Edit Network Configuration Files

Section 13.6: Guided Exercise: Edit Network Configuration Files

Section 13.7: Configure Hostnames and Name Resolution

Section 13.8: Guided Exercise: Configure Hostnames and Name Resolution

Section 13.9: Lab: Manage Networking

Section 13.10: Summary

Chapter 14: Access Network-Attached Storage

Section 14.1: Manage Network-Attached Storage with NFS

Section 14.2: Guided Exercise: Manage Network-Attached Storage with NFS

Section 14.3: Automount Network-Attached Storage

Section 14.4: Guided Exercise: Automount Network-Attached Storage

Section 14.5: Lab: Access Network-Attached Storage

Section 14.6: Summary

Chapter 15: Manage Network Security

Section 15.1: Manage Server Firewalls

Section 15.2: Guided Exercise: Manage Server Firewalls

Section 15.3: Control SELinux Port Labeling

Section 15.4: Guided Exercise: Control SELinux Port Labeling

Section 15.5: Lab: Manage Network Security

Section 15.6: Summary

Chapter 16: Run Containers

Section 16.1: Container Concepts

Section 16.2: Quiz: Container Concepts

Section 16.3: Deploy Containers

Section 16.4: Guided Exercise: Deploy Containers

Section 16.5: Manage Container Storage and Network Resources

Section 16.6: Guided Exercise: Manage Container Storage and Network Resources

Section 16.7: Manage Containers as System Services

Section 16.8: Guided Exercise: Manage Containers as System Services

Section 16.9: Lab: Run Containers

Section 16.10: Summary

Chapter 17: Comprehensive Review

Section 17.1: Comprehensive Review

Section 17.2: Lab: Fix Boot Issues and Maintain Servers

Section 17.3: Lab: Configure and Manage File Systems and Storage

Section 17.4: Lab: Configure and Manage Server Security

Section 17.5: Lab: Run Containers

Bookmark this page

P 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

Lab: Control Access to Files

In this lab, you configure permissions on files and set up a directory that users in a particular group can use to share files on the local file system.

Outcomes

Create a directory where users can work collaboratively on files.
Create files that are automatically assigned group ownership.
Create files that are not accessible outside the group.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command prepares your environment and ensures that all required resources are available.

[student@workstation ~]$ lab start perms-review

Instructions

Log in to serverb as the student user. Run the sudo -i command at the shell prompt to become the root user. Use student as the student user password.

[student@workstation ~]$ ssh student@serverb
...output omitted...
[student@serverb ~]$ sudo -i
[sudo] password for student: student
[root@serverb ~]#

Create a /home/techdocs directory.
Use the mkdir command to create a /home/techdocs directory.
[root@serverb ~]# mkdir /home/techdocs
Change the group ownership of the /home/techdocs directory to the techdocs group.
Use the chown command to change the group ownership for the /home/techdocs directory to the techdocs group.
[root@serverb ~]# chown :techdocs /home/techdocs
Verify that users in the techdocs group cannot create files in the /home/techdocs directory.
Use the su command to switch to the tech1 user.
[root@serverb ~]# su - tech1 [tech1@serverb ~]$
Create a techdoc1.txt file in the /home/techdocs directory. This step should fail.
Although the /home/techdocs directory is owned by the techdocs group and tech1 is part of the techdocs group, you cannot create a file in that directory. The reason is because the techdocs group does not have write permission.
[tech1@serverb ~]$ touch /home/techdocs/techdoc1.txt touch: cannot touch '/home/techdocs/techdoc1.txt': Permission denied
List the directory's permissions.
[tech1@serverb ~]$ ls -ld /home/techdocs/ drwxr-xr-x. 2 root techdocs 6 Feb 5 16:05 /home/techdocs/
Set permissions on the /home/techdocs directory. On the /home/techdocs directory, configure setgid (2); read, write, and execute permissions (7) for the owner/user and group; and no permissions (0) for other users.
Exit from the tech1 user shell.
[tech1@serverb ~]$ exit logout [root@serverb ~]#
Set the group permission for the /home/techdocs directory. Configure setgid; read, write, and execute permissions for the owner and group; and no permissions for others.
[root@serverb ~]# chmod 2770 /home/techdocs
Verify that the permissions are set correctly.
The techdocs group now has write permission.
[root@serverb ~]# ls -ld /home/techdocs drwxrws---. 2 root techdocs 6 Feb 4 18:12 /home/techdocs/

Confirm that users in the techdocs group can now create and edit files in the /home/techdocs directory. Users that are not in the techdocs group cannot edit or create files in the /home/techdocs directory. The tech1 and tech2 users are in the techdocs group. The database1 user is not in that group.

Switch to the tech1 user. Create a techdoc1.txt file in the /home/techdocs directory. Add some text to the /home/techdocs/techdoc1.txt file. Exit from the tech1 user shell.

[root@serverb ~]# su - tech1
[tech1@serverb ~]$ touch /home/techdocs/techdoc1.txt
[tech1@serverb ~]$ ls -l /home/techdocs/techdoc1.txt
-rw-r--r--. 1 tech1 techdocs 0 Feb  5 16:42 /home/techdocs/techdoc1.txt
[tech1@serverb ~]$ echo "This is the first tech doc." > /home/techdocs/techdoc1.txt
[tech1@serverb ~]$ exit
logout
[root@serverb ~]#

Switch to the tech2 user. Display the content of the /home/techdocs/techdoc1.txt file. Create a techdoc2.txt file in the /home/techdocs directory. Exit from the tech2 user shell.

[root@serverb ~]# su - tech2
[tech2@serverb ~]$ cd /home/techdocs
[tech2@serverb techdocs]$ cat techdoc1.txt
This is the first tech doc.
[tech2@serverb techdocs]$ touch /home/techdocs/techdoc2.txt
[tech2@serverb techdocs]$ ls -l
total 4
-rw-r--r--. 1 tech1 techdocs 28 Feb  5 17:43 techdoc1.txt
-rw-r--r--. 1 tech2 techdocs  0 Feb  5 17:45 techdoc2.txt
[tech2@serverb techdocs]$ exit
logout
[root@serverb ~]#

Switch to the database1 user. Display the content of the /home/techdocs/techdoc1.txt file. You get a Permission Denied message. Verify that the database1 user does not have access to the file. Exit from the database1 user shell.

Enter the following long echo command on a single line:

[root@serverb ~]# su - database1
[database1@serverb ~]$ cat /home/techdocs/techdoc1.txt
cat: /home/techdocs/techdoc1.txt: Permission denied
[database1@serverb ~]$ ls -l /home/techdocs/techdoc1.txt
ls: cannot access '/home/techdocs/techdoc1.txt': Permission denied
[database1@serverb ~]$ exit
logout
[root@serverb ~]#

Modify the /etc/login.defs file to adjust the default umask for login shells. Normal users should have a umask setting that allows the user and group to create, write, and execute files and directories, and preventing other users from viewing, modifying, or executing new files and directories.
Determine the umask of the student user. Switch to the student login shell. When done, exit from the shell.
[root@serverb ~]# su - student [student@serverb ~]$ umask 0022 [student@serverb ~]$ exit logout [root@serverb ~]#
Edit the /etc/login.defs file and set a umask of 007. The /etc/login.defs file already contains a umask definition. Search the file and update with the appropriate value.
[root@serverb ~]# cat /etc/login.defs ...output omitted... UMASK 007 ...output omitted...
As the student user, verify that the global umask changes to 007.
[root@serverb ~]# exit logout [student@serverb ~]$ exit logout Connection to serverb closed. [student@workstation ~]$ ssh student@serverb ...output omitted... [student@serverb ~]$ umask 0007
Return to the workstation system as the student user.
[student@serverb ~]$ exit logout Connection to serverb closed. [student@workstation ~]$

Evaluation

As the student user on the workstation machine, use the lab command to grade your work. Correct any reported failures and rerun the command until successful.

[student@workstation ~]$ lab grade perms-review

Finish

On the workstation machine, change to the student user home directory and use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish perms-review

This concludes the section.

Revision: rh199-9.0-4fecb06