we are implementing file and directory permission with special type of permission such as sticky bit and acl
(1) Add 4 users
useradd u1
useradd u2
useradd u3
useradd u3
useradd u4
(2) Now add 2 groups
groupadd linux
groupadd oracle
(3) Now add the users to the group linux and oracle
usermod -G linux u1
usermod -G linux u2
usermod -G oracle u3
usermod -G oracle u4
(4) After that make 2 directory
mkdir /linux
mkdir /oracle
(5) Change group of both the directory
chgrp oracle /oracle
chgrp linux /linux
(6) Now change the permissions of both the directory only group members can access the directory
chmod 770 /oracle
chmod 770 /linux
(8) Now login from user u1
su - u1
(9) Now create direcory a directory /linux/u1
mkdir /linux/u1
#successful
(10) Now create a directory /oracle/abc
mkdir /oracle /abc
#permission denied
# user u1 can't have permission to make file and directory in /oracle directory
(11) Now login from user u2
su - u2
rm - rf /linux/u1
#sucessful
(12) To prevent this we implement sticky bit only root user and owner of the file can implement in the Directory
chmod 1770 /linux/u1
(13) To check it
su - u2
rm -rf /linux/u1
#permission denied
------------------------------------------------------------------------------------------------------------
There is an another type of permission that is ACL (acces control list)
that is implemented as
setfacl -m u:u1:rwx /linux
setfacl -m u:u2:rw- /linux
(1) Add 4 users
useradd u1
useradd u2
useradd u3
useradd u3
useradd u4
(2) Now add 2 groups
groupadd linux
groupadd oracle
(3) Now add the users to the group linux and oracle
usermod -G linux u1
usermod -G linux u2
usermod -G oracle u3
usermod -G oracle u4
(4) After that make 2 directory
mkdir /linux
mkdir /oracle
(5) Change group of both the directory
chgrp oracle /oracle
chgrp linux /linux
(6) Now change the permissions of both the directory only group members can access the directory
chmod 770 /oracle
chmod 770 /linux
(8) Now login from user u1
su - u1
(9) Now create direcory a directory /linux/u1
mkdir /linux/u1
#successful
(10) Now create a directory /oracle/abc
mkdir /oracle /abc
#permission denied
# user u1 can't have permission to make file and directory in /oracle directory
(11) Now login from user u2
su - u2
rm - rf /linux/u1
#sucessful
(12) To prevent this we implement sticky bit only root user and owner of the file can implement in the Directory
chmod 1770 /linux/u1
(13) To check it
su - u2
rm -rf /linux/u1
#permission denied
------------------------------------------------------------------------------------------------------------
There is an another type of permission that is ACL (acces control list)
that is implemented as
setfacl -m u:u1:rwx /linux
setfacl -m u:u2:rw- /linux
No comments:
Post a Comment