This Learn On Demand Pro Series is part of a Career Path: Become a System Administrator
The capacity to share files is an initial expectation with any new operating system. When utilizing one of the traditional Linux distributions, you have several distinct file sharing alternatives to pick from. Some of them are manageable but not that reliable. Others are incredibly stable, yet need some basic set up initially. This virtual lab teaches learners to test the assigned permissions to the user accounts and groups that are required to configure standard permissions in Linux. The other guided challenges in this series are “Verify Storage in Linux” and “Can You Configure ACL Permissions in Linux?”
Understand the Scenario
In this virtual lab, you are a system administrator responsible for managing a Linux file server. Your job is to implement security using standard Linux permissions. To complete this challenge, first, you will create file server resources, users, and groups. Next, you will configure ownership and permissions to enforce business rules. Finally, you will test the configuration. To complete this challenge, learners will use a default installation of CentOS 7 Linux with the Server with GUI package installed. You will use three non-privileged accounts and one group during this challenge. The three accounts represent different roles. The first account represents the PayrollManager; the second account represents a PayrollEmployee, and the third account represents a NonPayrollEmployee. The group is called Payroll.
Create users, a file, and a group
A file server is responsible for storing files in a centralized spot while allowing access to networked computers. With the help of a file server, users can save work and can work on the files without having to move around a disk. In this first section of the lab, learners will learn how to create users, a file, and a group. First, they will get the root credentials and create a directory named /PayrollData at the root of the file system. After creating the directory, they will use Vim to create a text file named file1 in the /PayrollData directory, and then add the text Hello World to the file. Next, they will create three user accounts named PayrollManager, PayrollEmployee, NonPayrollEmployee, and assign a password to all three accounts. Finally, they will create a group named Payroll and add the PayrollEmployee to the Payroll group. The PayrollManager and NonPayrollEmployee will not be members of the group.
Set the ownership and group association of a directory using the chown command
In this section of the lab, learners will assign the ownership of the /PayrollData directory and its contents to the PayrollManager account by using the chown command. After this, they will set the group association of the /PayrollData directory and its contents to the Payroll group. Finally, they will check that the PayrollManager account is the owner of the /PayrollData directory and confirm that the /PayrollData directory is associated with the Payroll group.
Test the permissions using different accounts
In this section of the lab, learners will change to the context and credentials of the PayrollManager to verify that they can edit file1, and then create a new file named newfile* in the /PayrollData** directory. After this, they will learn how to change to the context and credentials of the PayrollEmployee to verify that they can read file1, and then attempt to create a new file named “anotherfile” in the /PayrollData directory. They will also change to the context and credentials of the NonPayrollEmployee and verify that they cannot access the resources in /PayrollData. After this, they will check and confirm that the PayrollManager user can read file1 in the /Payroll directory, and can create a new file in the /Payroll directory. Finally, they will confirm that the PayrollEmployee user, as a member of the Payroll group, can read the contents of the file, but cannot create new files and that the NonPayrollEmployee user has no access to the /Payroll directory or its contents.
Lab Summary Conclusion
After completing the “Configure Standard Permissions in Linux” virtual lab, you will have accomplished the following:
- Created file server resources, users, and groups.
- Configured ownership and permissions to enforce business rules.
- Tested the configuration