Unix File System Permissions

Questions and Answers

What is the default group ownership of a file created by a user?

• The root group
• The user's secondary group
• A random group
• The user's primary group (correct)

The userdel command is used to add a user to a group.

False (B)

What command is used to create a new user?

useradd

The file ________ contains all user details as a list.

/etc/passwd

What flag is used with the usermod command to add a user to a group?

-aG (A)

The groupdel command is used to add a group.

False (B)

Match the following commands with their functions:

useradd = Create a new user usermod = Modify user attributes userdel = Delete a user account groupadd = Create a new group groupdel = Delete a group

What command is used to change the group ownership of a file or directory?

chown

What does the permission 'rw-' indicate?

The group has read and write permissions, but not execute (C)

The 'chown' command is used to change the permissions of a file.

False (B)

What is the command used to change the permissions of a file?

chmod

Each file has a primary user that owns it and a ______________ assigned to it.

group

What is the effect of setting the permissions to 700?

The file is visible only to the username and no one else (B)

Match the following commands with their functions:

chmod = Change the permissions of a file chown = Change the ownership of a file chgrp = Change the group of a file mkdir = Create a new directory

The root user has limited privileges in Linux.

False (B)

What is the purpose of groups in Linux?

To simplify access control and permissions management

What is the purpose of user and group management in Linux?

To maintain security and access control (D)

The /etc/gshadow file contains all user accounts details as a list.

False (B)

What is the purpose of the 'chage' command in Linux?

To manage password policies and measures

The password inactive date is the deadline for using an expired password, after the deadline the user account will be ______________________ if the expired password is not changed.

locked

What is the purpose of file system permissions in Unix?

To control the ability of user and group accounts to read, modify, and execute files (D)

The numerical value 777 for a directory grants only the owner full permissions.

False (B)

What is the purpose of password expiration date?

To specify the last date the password remains valid (D)

Match the following password aging policy settings with their descriptions:

Last password change date = The date when the last password has been changed by the user Password expiration date = The last date the password remains valid, after the last date the password is no longer valid Account expiration date = The deadline for the user will be able to use an account, after the deadline the account will be automatically locked Minimum number of days between password change = The number of days before the user is allowed to rechange the password

What is the meaning of the numerical value 755 for file permissions?

Owner/User has full permissions, Group has read and execute permissions, and Other/Everyone has read and execute permissions

A file with permissions $ ls -l –rwxrw- - - -. indicates that the file owner has permissions to ______________ the file.

read, write, and execute

The /etc/login.defs file is used to manage user accounts in Linux.

False (B)

What is the permission level of 0 in numerical value?

No access to the file whatsoever (A)

What is the purpose of sending a warning message to users to change the password?

To give users a reminder to change their password before it expires

The permission level of 7 in numerical value means read and write permissions only.

False (B)

Match the following numerical values with their corresponding permission levels:

0 = No access to the file whatsoever 1 = Execute permissions only 4 = Read permissions only 7 = Read, write, and execute permissions (full permissions)

Study Notes

File/Folder Permissions and Ownership

• File system permissions control the ability of user and group accounts to read, modify, and execute the contents of files and to enter directories.
• Three types of access (permissions): read (r), write (w), execute (x).
• Each file belongs to a specific user and group (ownership).
• Access to files is controlled by user (u), group (g), and other/everyone (o) permission bits, usually set using a numerical value.

Access Levels and Permissions

• Different access levels depending on numerical values:
  • 0 (---) – no access to the file whatsoever
  • 1 (--x) – execute permissions only
  • 2 (-w-) – write permissions only
  • 3 (-wx) – write and execute permissions
  • 4 (r--) – read permissions only
  • 5 (r-x) – read and execute permissions
  • 6 (rw-) – read and write permissions
  • 7 (rwx) – read, write, and execute permissions (full permissions)

Directory Permissions

• Base permission for a directory is 777 (drwxrwxrwx), which grants everyone the permissions to read, write, and execute.
• Example of 644 permissions:
  • Owner/User: Read and Write
  • Group: Read only
  • Other/Everyone: Read only

Setting Permissions and Ownership

• To set permissions, use the chmod command followed by the permission value and the file name.
• Example: chmod 755 file_name sets the permissions to 755 for the file file_name.
• To recursively change permissions, use the -R flag: chmod -R 755.
• To change ownership, use the chown command followed by the user and group names, and the file name.
• Example: chown user:siteground file_name sets the owner to user and the group to siteground.

Understanding Users and Groups

• In Linux, a user is an individual who interacts with the system, with a unique username and user ID (UID).
• User accounts are used to log in, run processes, and access files and directories.
• Groups are collections of users, used to simplify access control and permissions management.
• A group has a unique group ID (GID).

User Management

• Creating users: use the useradd command followed by the username.
• Example: sudo useradd viswa creates a new user named viswa.
• Setting user password: use the passwd command followed by the password.
• Modifying user attributes: use the usermod command.
• Deleting users: use the userdel command with the -r flag to remove the user and their home directory.

Group Management

• Creating groups: use the groupadd command followed by the group name.
• Example: sudo groupadd mygroup creates a new group named mygroup.
• Adding users to groups: use the usermod command with the -aG flag.
• Example: sudo usermod -aG mygroup username adds the user to the mygroup group.
• Changing group ownership of files: use the chown command with the group name.
• Deleting groups: use the groupdel command followed by the group name.

Group Database Files

• /etc/group contains all group details as a list.
• /etc/gshadow contains all group members details as a list.

Password Aging Policy

• To ensure system and network security, various security mechanisms are used, including user password expiration.
• The chage command and /etc/login.defs file are used to manage password policies.
• Password aging policy settings include:
  • The last password change date
  • The password expiration date
  • The password inactive date
  • The account expiration date
  • The minimum number of days between password changes
  • The maximum number of days between password changes
  • The number of days of warning before the password expires

Description

Learn about Unix file system permissions and how they control access to files and directories. Understand read, write, and execute permissions, as well as file ownership.