RH199 - ch04s04

Create a shared directory where the operators group automatically owns new files.
Experiment with various umask settings.
Adjust default permissions for specific users.
Verify your change.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command prepares your environment and ensures that all required resources are available.

[student@workstation ~]$ lab start perms-default

Instructions

[student@workstation ~]$ ssh student@servera
...output omitted...
[student@servera ~]$

Switch to the operator1 user with redhat as the password.

[student@servera ~]$ su - operator1
Password: redhat
[operator1@servera ~]$

List the operator1 user's default umask value.
```
[operator1@servera ~]$ umask
0022
```

Create a /tmp/shared directory. In the /tmp/shared directory, create a defaults file. Look at the default permissions.

Create the /tmp/shared directory. List the permissions of the new directory.

[operator1@servera ~]$ mkdir /tmp/shared
[operator1@servera ~]$ ls -ld /tmp/shared
drwxr-xr-x. 2 operator1 operator1 6 Feb  4 14:06 /tmp/shared

Create a defaults file in the /tmp/shared directory.

[operator1@servera ~]$ touch /tmp/shared/defaults

List the permissions of the new file.

[operator1@servera ~]$ ls -l /tmp/shared/defaults
-rw-r--r--. 1 operator1 operator1 0 Feb  4 14:09 /tmp/shared/defaults

Change the group ownership of the /tmp/shared directory to the operators group. Confirm the new ownership and permissions.
1. Change the group ownership of the /tmp/shared directory to the operators group.
```
[operator1@servera ~]$ chown :operators /tmp/shared
```
2. List the permissions of the /tmp/shared directory.
```
[operator1@servera ~]$ ls -ld /tmp/shared
drwxr-xr-x. 2 operator1 operators 22 Feb  4 14:09 /tmp/shared
```
3. Create a group file in the /tmp/shared directory. List the file permissions.
```
[operator1@servera ~]$ touch /tmp/shared/group
[operator1@servera ~]$ ls -l /tmp/shared/group
-rw-r--r--. 1 operator1 operator1 0 Feb  4 17:00 /tmp/shared/group
```
  Note
  The group owner of the /tmp/shared/group file is not operators but operator1.
Ensure that the operators group owns files that are created in the /tmp/shared directory.
1. Set the group ID to the operators group for the /tmp/shared directory.
```
[operator1@servera ~]$ chmod g+s /tmp/shared
```
2. Create a ops_db.txt file in the /tmp/shared directory.
```
[operator1@servera ~]$ touch /tmp/shared/ops_db.txt
```
3. Verify that the operators group is the group owner for the new file.
```
[operator1@servera ~]$ ls -l /tmp/shared/ops_db.txt
-rw-r--r--. 1 operator1 operators 0 Feb  4 16:11 /tmp/shared/ops_db.txt
```
Create an ops_net.txt file in the /tmp/shared directory. Record the ownership and permissions. Change the umask for the operator1 user. Create an ops_prod.txt file. Record the ownership and permissions of the ops_prod.txt file.
1. Create an ops_net.txt file in the /tmp/shared directory.
```
[operator1@servera ~]$ touch /tmp/shared/ops_net.txt
```
2. List the permissions of the ops_net.txt file.
```
[operator1@servera ~]$ ls -l /tmp/shared/ops_net.txt
-rw-r--r--. 1 operator1 operators 5 Feb  0 15:43 /tmp/shared/ops_net.txt
```
3. Change the umask for the operator1 user to 027. Confirm the change.
```
[operator1@servera ~]$ umask 027
[operator1@servera ~]$ umask
0027
```
4. Create an ops_prod.txt file in the /tmp/shared/ directory. Verify that newly created files have read-only access for the operators group and no access for other users.
```
[operator1@servera ~]$ touch /tmp/shared/ops_prod.txt
[operator1@servera ~]$ ls -l /tmp/shared/ops_prod.txt
-rw-r-----. 1 operator1 operators 0 Feb  0 15:56 /tmp/shared/ops_prod.txt
```

Open a new terminal window and log in to servera as operator1.

[student@workstation ~]$ ssh operator1@servera
...output omitted...
[operator1@servera ~]$

List the umask value for operator1.
```
[operator1@servera ~]$ umask
0022
```

Change the default umask for the operator1 user. The new umask prohibits all access for users that are not in their group. Confirm that the umask is changed.

Change the default umask for the operator1 user to 007.

[operator1@servera ~]$ echo "umask 007" >> ~/.bashrc
[operator1@servera ~]$ cat ~/.bashrc
# .bashrc

# Source global definitions
if [ -f /etc/bashrc ]; then
	. /etc/bashrc
fi
...output omitted...
umask 007

Log out and log in again as the operator1 user. Confirm that the change is permanent.

[operator1@servera ~]$ exit
logout
Connection to servera closed.
[student@workstation ~]$ ssh operator1@servera
...output omitted...
[operator1@servera ~]$ umask
0007

Create an ops_prod2.txt file in the /tmp/shared/ directory. Verify that newly created files have read and write access for the operators group and no access for other users, due to the new umask of 007.
```
[operator1@servera ~]$ touch /tmp/shared/ops_prod2.txt
[operator1@servera ~]$ ls -l /tmp/shared/ops_prod2.txt
-rw-rw----. 1 operator1 operators 0 Feb  0 15:56 /tmp/shared/ops_prod2.txt
```
On servera, close all operator1 and student user shells. Return to the workstation system as the student user.
Warning
Failure to exit from all operator1 shells causes the finish script to fail.
```
[operator1@servera ~]$ exit
logout
Connection to servera closed.
[student@workstation ~]$
```

Finish

On the workstation machine, change to the student user home directory and use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish perms-default

Revision: rh199-9.3-8dd73db

Click CREATE to build all of the virtual machines needed for the classroom lab environment. This may take several minutes to complete. Once created the environment can then be stopped and restarted to pause your experience.

If you DELETE your lab, you will remove all of the virtual machines in your classroom and lose all of your progress.

RHCSA Rapid Track

Guided Exercise: Manage Default Permissions and File Access

Note

Warning