Using File Attributes and Permissions

15 minutes
  • 4 Learning Objectives

About this Hands-on Lab

Both file attributes and permissions determine user and group access to files throughout the file system. Therefore, being able to use file attributes and permissions effectively is an essential system administrator skill. In this Hands-On lab, you will be using commands to view and set permissions and attributes for files. When the lab is complete, you should know how to use file attributes and permissions to control user and group access to files in the file system.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

View the Current Permissions of /opt/myapp/

Let’s see where we stand, as far as permissions go. Run ls -l and stat on the /opt/myapp/ file:

cd /opt/myapp
ls -l
Change Permissions on /opt/myapp/ to Allow Full Privileges for User and Group Only

Currently, the permissions of the file /opt/myapp/ are rw-r--r--, or mode 644. We need the user and group to have all permissions and the others to have none. Using either command will have the same result:

ls -l
chmod u=rwx,g+wx,o-r
ls -l
chmod 770
Verify That /opt/myapp/ Is Executable

The permissions of the file /opt/myapp/ should now be -rwxrwx--- or mode 770, and the file should execute. Look at the permissions again to make sure:


Now let’s try running it:

Make the /opt/myapp/ Immutable Using a File Attribute

The i attribute should appear when we run lsattr on the file:


If it doesn’t, then we’ve got to set it:

sudo chattr +i

Verify that the file is set immutable:


Note the use of sudo there. We’ve got to run chattr as root.

Additional Resources

Our development team has just updated the system to the latest version approved for the organization. The ownership and access permissions to the custom application directory /opt/myapp have already been updated for the cloud_user owner and devop group. But users are complaining that although they have access to the /opt/myapp directory, they are not able to execute the application.

The lead System Administrator for our IT team has assigned us the task of discovering and correcting the permissions and attributes of /opt/myapp/ on the system, so the custom application located under /opt/myapp has the permission to execute. In order to prevent problems with this program, /opt/myapp/, we are also asked to set the attribute of the file, so that the file cannot be altered or removed accidentally.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?