chmod Special Permissions Quiz

Questions and Answers

What happens when the Setuid bit is set on an executable file?

Users cannot execute the file.

Users can only read the file.

Users can run the file with their own permissions.

Users can run the file with the permissions of the file's owner. (correct)

The Setgid bit influences the permissions of an executable file only.

False

What is an example of a command that uses the Setuid permission?

passwd

The Setgid bit ensures that files created in a directory inherit the directory's ______.

group

Match the following special permissions with their functions:

Setuid = Allows running a file with the owner's permissions Setgid = Allows running a file with the group's permissions Sticky Bit = Only file owner can delete their files in a directory SUID on directory = Files inherit the directory’s group

What will the file permissions look like when the Setuid bit is set for the owner?

rwsr-xr-x

The Sticky Bit is specifically used to grant elevated permissions to executable files.

False

Which command would you use to set the Setgid bit on a directory?

chmod g+s directory

What does the Setuid permission do?

Allows a file to run with the owner's permissions

The Setgid permission ensures that newly created files within a directory inherit the owner's permissions.

False

What command is used to add the Sticky Bit to a directory?

chmod o+t directory_name

PAM stands for __________.

Pluggable Authentication Modules

Match the PAM module with its purpose:

pam_unix.so = Handles traditional password-based authentication pam_ldap.so = Authenticates users against an LDAP directory pam_tally2.so = Tracks failed login attempts and locks accounts pam_cracklib.so = Enforces password strength rules

Which type of PAM module is responsible for checking if a user's account is valid?

account

PAM allows only one authentication method to be used per service.

False

What is the purpose of the Sticky Bit in a directory?

Restricts file deletion to the file owner and root

A configuration file for PAM is typically located in __________.

/etc/pam.d/

Match the following PAM types with their descriptions:

auth = Handles user authentication account = Verifies account validity password = Manages password updates session = Sets up user sessions

Which of the following is a common module for enforcing password strength?

pam_cracklib.so

PAM allows system administrators to define authentication policies for applications in multiple locations.

False

What happens when an application requests authentication through PAM?

PAM processes the request and determines the authentication result based on its configured modules.

The command to set Setgid on a directory is __________.

chmod g+s directory_name

Study Notes

chmod Special Permissions

• s in chmod refers to Setuid or Setgid permissions, affecting file/directory access.

Setuid (Set User ID)

• Purpose: Allows running an executable with the owner's permissions, temporarily.
• How it Works: Executes a file as if run by the owner of the file.
• Example: passwd command—updates passwords with root privileges.
• Setting Setuid: chmod u+s file (adds to owner)

Setgid (Set Group ID)

• Purpose: Allows running an executable with the group's permissions, temporarily. Applies group ownership to newly created files/directories inside.
• How it Works: Temporarily runs with group permissions. Used for shared directories; ensures created files inherit the same group ownership.
• Example: Shared team directory where all files belong to the team.
• Setting Setgid: chmod g+s directory (adds to group)

Sticky Bit (t)

• Sticky bit, although not an s, is a special permission frequently used with chmod. On directories, only owner or root can delete/rename files, even if others have write access.

Examples and Use Cases

1. Setuid (Binary): Example program requiring temporary root privileges.

   • Owner: root
   • Permissions appear as: -rwsr-xr-x 1 root root 12345 Jan 7 14:00 program

2. Setgid (Directory): Shared team directory with group ownership inheritance.

   • Permissions appear as: drwxrwsr-x 2 user team 4096 Jan 7 14:00 directory

3. Sticky Bit with Setgid: Group collaboration with file security in a directory.

• Permissions appear as: drwxrwsr-t 2 user team 4096 Jan 7 14:00 dir

Pluggable Authentication Modules (PAM)

• Purpose: A framework for flexible & centralized user authentication in Unix-like systems.

Key Features of PAM

• Pluggable: Uses modular "plugins" (modules) for authentication tasks.
• Centralized: Defines policies for all applications in one place (config files).
• Customizable: Services (e.g., SSH, sudo, login), can have unique authentication rules.

How PAM Works

1. Application Request: Application requests authentication from PAM.
2. PAM Processes: PAM consults its config files to determine modules needed.
3. Results: Modules handle specific tasks, and PAM returns a success/fail result to the application.

PAM Configuration

• Location: /etc/pam.d/ (or /etc/pam.conf)
• Syntax: [type] [control] [module-path] [arguments] describes each module and its behavior—controls, module path, etc.

PAM Module Types and Examples

• auth: User authentication.
• account: Checks account validity.
• password: Manages password updates.
• session: Sets up/tears down user sessions.
• pam_unix.so: Traditional password authentication.
• pam_ldap.so: LDAP (directory service) authentication.
• pam_tally2.so: Tracks failed login attempts, locks accounts after failures.
• pam_cracklib.so: Enforces password strength rules.
• pam_mkhomedir.so: Automatically creates home directories on initial login.

PAM Examples in Action

• SSH Authentication (/etc/pam.d/sshd): Combining modules for flexible authentication.
• Password Strength: Enforces strong passwords using pam_cracklib.
• Account Lockout: Locks accounts after repeated login failures using pam_tally2.

Advantages of PAM

• Flexible: Customize authentication policies easily.
• Centralized: Manage authentication across multiple services uniformly.
• Extensible: Add new authentication methods (e.g, biometric).
• Interoperable: Integrates with outside systems (e.g., LDAP, Kerberos).

Conclusion

• PAM provides centralized & flexible user authentication in Unix-like systems, enhancing security and simplifying system administration.

Description

Test your knowledge on special permissions in Unix using chmod, including Setuid, Setgid, and the Sticky Bit. This quiz will help you understand how these permissions affect file access and group ownership. Perfect for anyone looking to deepen their understanding of Unix permissions.