This lab touches on most things anyone would need to know when navigating and troubleshooting a filesystem. It will facilitate practice on octal permissions, setting ACLs, working with SELinux, special bits, and file attributes to complete a set of tasks that could happen in the real world.
Successfully complete this lab by achieving the following learning objectives:
- Set /var/www/html up Using ACLs to Allow the devs Group Access
First, we should run
getfacl /var/www/htmlto get some baseline information.
Since we don’t see any currently set ACLs, let’s set our own with the following command:
setfacl -m d:g:devs:rwx /var/www/html
Now anyone in the
devsgroup can navigate to, and write to,
- Fix Startup Errors for Apache
Trying to run
systemctl start httpdwill give errors. Running
journalctl -xewill show lines similar to this:
Jan 09 20:32:46 Server1 httpd: (13)Permission denied: AH00091: httpd: could not open error log file /etc/httpd/l> Jan 09 20:32:46 Server1 httpd: AH00015: Unable to open logs
It looks like a problem with the error log file, which is
ls -lZ /var/log/httpd/error_logshows:
-rw-r--r--. 1 root root unconfined_u:object_r:admin_home_t:s0 0 Jan 9 20:17 /var/log/httpd/error_log
restoreconto fix it:
restorecon /var/log/httpd/error_log systemctl start httpd
The service starts.
- Set up the /var/www/devs Directory so That All Files Created Are Owned by the devs Group
First we should run
ls -ld /var/www/devsto get a base of information about this directory.
Then we can run the following commands to set it up as directed:
chmod g+w /var/www/devs chown root.devs /var/www/devs chmod g+s /var/www/devs
This will set the setGID bit on the directory and enable all new files and folders created to be owned by the
- Move /var/www/devs/index.html to /var/www/html and Make Sure the Page Is Served Correctly
First we’ll run
mv /var/www/devs/index.html /var/www/html.
This returns an "Operation not permitted" error. Since that’s not a normal permission denied error, let’s look at file attributes.
lsattr /var/www/devs/index.htmlshows that the file has the immutable flag set.
chattr -i /var/www/devs/index.htmlwill allow us to do what we need for this task.