Managing Permissions and ACLs in SUSE Linux Enterprise

45 minutes
  • 2 Learning Objectives

About this Hands-on Lab

In this hands-on lab, we will be looking at user permissions and access control lists (ACLs). It is important to understand the effects permissions and ACLs can have on system security.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Correct the Issue with the `devuser` Being Able to Delete the `cloud_user`’s File Located in `/shareddata`
  1. Verify the issue as the cloud_user:

    cd /shareddata
    touch examplefile
  2. Switch to the devuser:

    su devuser (password is P@ssw0rd)
    rm ./examplefile
    
    exit
  3. As the cloud_user, check the permissions on the /shareddata folder:

    ls -l /

    Output: d---rws--- root collab shareddata

    Note that on the shareddata directory, there is no sticky bit set, but the GID is set ‘denoted by the s’.

  4. Set the sticky bit as cloud_user:

    sudo -i chmod 3070 /shareddata
  5. Repeat the file create as cloud_user and then try to remove the file as devuser to verify it is working as intended.

Correct the Issue that Is Preventing `testuser` from Being Able to Write to `/home/cloud_user/file`
  1. Verify the issue as the cloud_user:

    cd ~/
    su testuser
    echo 'testing' >> file
    exit
  2. Check the ACL on the file:

    getfacl file

Note the mask and the effective permissions.

  1. Correct the mask as the cloud_user:

    setfacl -m m::rwx file
  2. Verify the issue has been corrected:

    su testuser
    echo 'testing' >> file
    cat file
    exit

Additional Resources

You have recieved complaints that permissions on one of your SUSE Linux Enterprise development servers are not working correctly.

In the /shareddata folder, the devuser is able to delete files created by the cloud_user. This should not be allowed.

In the cloud_user's home directory, there is a file named file that is the target for the logs that are shipped by the testuser. A junior admin has attempted to allow this via ACLs, but the testuser is not able to write to this file.

The devuser and testuser passwords are P@ssw0rd.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Get Started
Who’s going to be learning?

How many seats do you need?

  • $499 USD per seat per year
  • Billed Annually
  • Renews in 12 months

Ready to accelerate learning?

For over 25 licenses, a member of our sales team will walk you through a custom tailored solution for your business.


$2,495.00

Checkout
Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!