Linux Essentials
NDG Linux Essentials English 0423: Ownership and Permissions
Scenarios - from Netacad.com
Question 1:
Based on the following information, what access would the user bob have on the file abc.txt?
drwxr-xr-x. 17 root root 4096 23:38 /
drwxr-xr--. 10 root root 128 03:38 /data
-rwxr-xr--. 1 bob bob 100 21:08 /data/abc.txt
--------------------------
Answer 1 Below:
--------------------------
/* --------------------- */
Explanation:
Initially it would appear that the user bob can view the contents of the abc.txt file as well as copy the file, modify its contents and run it like a program. This erroneous conclusion would be the result of looking solely at the file's permissions (rwx for the user bob in this case).
However, to do anything with the file, the user must first "get into" the /data directory. The permissions for bob for the /data directory are the permissions for "others" (r--), which means bob can't even use the cd command to get into the directory. If the execute permission (--x) were set for the directory, then the user bob would be able to "get into" the directory, meaning the permissions of the file itself would apply.
Lesson Learned:
The permissions of all parent directories must be considered before considering the permissions on a specific file.
Answer 1: None
Question 2:
Based on the following information, who can use the ls command to display the contents of the /data directory (ls /data)?
drwxr-xr-x. 17 root root 4096 23:38 /
drwxr-xr--. 10 root root 128 03:38 /data
-rwxr-xr--. 1 bob bob 100 21:08 /data/abc.txt
--------------------------
Answer 2 Below:
--------------------------
/* --------------------- */
Explanation:
All that is required to be able to view a directory's contents is r permission on the directory (and the ability to access the parent directories). The x permission for all users in the / directory means all users can use / as part of a path, so everyone can get through the / directory to get to the /data directory. The r permission for all users in the /data directory means all users can use the ls command to view the contents. This includes hidden files, so the ls -a command also works on this directory.
However, note that in order to see file details (ls -l), the directory would also require x permission. So while the root user and members of the root group have this access on the /data directory, no other users would be able to execute ls -l /data.
Lesson Learned:
The r permission allows a user to view a listing of the directory.
Answer 2: All users.
Question 3:
Based on the following information, who can delete the /data/abc.txt file?
drwxr-xr-x. 17 root root 4096 23:38 /
drwxrw-rw-. 10 root root 128 03:38 /data
-rwxr-xr--. 1 bob bob 100 21:08 /data/abc.txt
--------------------------
Answer 3 Below:
--------------------------
/* --------------------- */
Explanation:
A user needs no permissions at all on the file itself to delete a file. The w permission on the directory that the file is stored in is required to delete a file in a directory. Based on that, it would seem that all users could delete the /data/abc.txt file, since everyone has w permission on the directory.
However, to delete a file, you must also be able to "get into" the directory. Since only the root user has x permission on the /data directory, only root can "get into" that directory to delete files in this directory.
Lesson Learned:
The w permission allows a user to delete files from a directory, but only if the user also has x permission on the directory.
Answer 3: Only the root user
Question 4:
True or False: Based on the following information the user bob can successfully execute the following command: more /data/abc.txt?
drwxr-xr-x. 17 root root 4096 23:38 /
dr-xr-x--x. 10 root root 128 03:38 /data
-rwxr-xr--. 1 bob bob 100 21:08 /data/abc.txt
--------------------------
Answer 4 Below:
--------------------------
/* --------------------- */
Explanation:
As previously mentioned, to access a file, the user must have access to the directory. The access to the directory only requires x permission; even though r permission would be useful to list files in a directory, it isn't required to "get into" the directory and access files within the directory.
When the command more /data/abc.txt is executed, the following permissions are checked: x permission on the / directory, x permission on the data directory and r permission on the abc.txt file. Since the user bob has all of these permissions, the command executes successfully.
Lesson Learned:
The x permission is required to "get into" a directory, but the r permission on the directory is not necessary unless you want to list the directory's contents.
Answer 4: True
Question 5:
True or False: Based on the following information the user bob can successfully execute the following command: more /data/abc.txt?
Note that the /data directory has different user and group owners than previous examples
drwxr-xr-x. 17 root root 4096 23:38 /
dr-xr-x---. 10 sue payroll 128 03:38 /data
-rwxr-xr--. 1 bob bob 100 21:08 /data/abc.txt
--------------------------
Answer 5 Below:
--------------------------
/* --------------------- */
Explanation:
In order to access the /data/abc.txt file, the user bob needs to be able to "get into" the /data directory. This requires x permission, which bob may or may not have, depending on whether he is a member of the payroll group.
If bob is a member of the payroll group, then his permissions on the /data directory are r-x, and the command more will execute successfully (bob also needs x on / and r on abc.txt, which he already has).
If he isn't a member of the payroll group, his permissions on the /data directory are ---, and the more command will fail.
Lesson Learned:
You must look at each file and directory permissions separately and be aware of which groups the user account belongs to.
Answer 5: Not enough information to determine
Question 6:
True or False: Based on the following information the user bob can successfully execute the following command: more /data/abc.txt?
Note that the /data directory has different user and group owners than the previous example
drwxr-xr-x. 17 root root 4096 23:38 /
dr-xr-x---. 10 bob bob 128 03:38 /data
----rw-rwx. 1 bob bob 100 21:08 /data/abc.txt
--------------------------
Answer 6 Below:
--------------------------
/* --------------------- */
Explanation:
Recall that if you are the owner of a file, then the only permissions that are checked are the user owner permissions. In this case, that would be --- for bob on the /data/abc.txt file.
In this case, members of the bob group and "others" have more permissions on the file than bob has.
Lesson Learned:
Don't provide permissions to the group owner and "others" without applying at least the same level of access to the owner of the file.
Answer 6: False