Managing and Troubleshooting File Permissions

45 minutes
  • 4 Learning Objectives

About this Hands-on Lab

This lab touches on most things anyone would need to know when navigating and troubleshooting a filesystem. It will facilitate practice on octal permissions, setting ACLs, working with SELinux, special bits, and file attributes to complete a set of tasks that could happen in the real world.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Set /var/www/html up Using ACLs to Allow the devs Group Access

First, we should run getfacl /var/www/html to get some baseline information.

Since we don’t see any currently set ACLs, let’s set our own with the following command:

setfacl -m d:g:devs:rwx /var/www/html

Now anyone in the devs group can navigate to, and write to, /var/www/html.

Fix Startup Errors for Apache

Trying to run systemctl start httpd will give errors. Running journalctl -xe will show lines similar to this:

Jan 09 20:32:46 Server1 httpd[7107]: (13)Permission denied: AH00091: httpd: could not open error log file /etc/httpd/l>
Jan 09 20:32:46 Server1 httpd[7107]: AH00015: Unable to open logs

It looks like a problem with the error log file, which is /var/log/httpd/error_log.

ls -lZ /var/log/httpd/error_log shows:

-rw-r--r--. 1 root root unconfined_u:object_r:admin_home_t:s0 0 Jan  9 20:17 /var/log/httpd/error_log

Let’s use restorecon to fix it:

restorecon /var/log/httpd/error_log
systemctl start httpd

The service starts.

Set up the /var/www/devs Directory so That All Files Created Are Owned by the devs Group

First we should run ls -ld /var/www/devs to get a base of information about this directory.

Then we can run the following commands to set it up as directed:

chmod g+w /var/www/devs
chown root.devs /var/www/devs
chmod g+s /var/www/devs

This will set the setGID bit on the directory and enable all new files and folders created to be owned by the devs group.

Move /var/www/devs/index.html to /var/www/html and Make Sure the Page Is Served Correctly

First we’ll run mv /var/www/devs/index.html /var/www/html.

This returns an "Operation not permitted" error. Since that’s not a normal permission denied error, let’s look at file attributes.

lsattr /var/www/devs/index.html shows that the file has the immutable flag set.
chattr -i /var/www/devs/index.html will allow us to do what we need for this task.

Additional Resources

Bob, Adam, and Sally are all developers that are working on the website. They all need access to manipulate files and directories in /var/www/html, and a scratch area (a sort of dumping area for temporary files, similar to the /tmp directory) at /var/www/devs where all files should have the devs group ownership. There's currently an index.html file in /var/www/devs that should be moved over to /var/www/html. We need to fix any issues we run into along the way, in addition to these tasks.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?