Bo2SS

Experimental Environment: Ubuntu 18.04 Remote Server + WSL 2 Local Machine

Evaluation Instructions#

[Version One]

[Version Two]

• 

• ⭐ Assess understanding of file permissions, especially special file permissions

  • File Permissions: Refer to the "Linux Introduction and Usage" notes summary — 3 Linux Basic Knowledge — Users and Groups and Modification of File Permissions
  • Special File Permissions: Refer to the "Linux Introduction and Usage" notes summary — 8 Files and Directories, AWK — Special Permissions of Files

• Once the above is understood, implementing the above functions will be effortless.

Final Effect#

• Other users cannot enter the Project directory

• 

• TestUser1 created the file u1.txt

• 

• TestUser2 can still edit u1.txt but cannot delete it

• 
• • Conversely, the same applies.

Implementation Process#

Preparation Work#

• Create a new user group TestGroup using the groupadd command; there are some options to check the man manual.

groupadd TestGroup

• Create two users TestUser1 and TestUser2 belonging to the TestGroup group.

useradd -G TestGroup TestUser1
useradd -G TestGroup TestUser2

• • The group must exist first.
• Set passwords for login; otherwise, you cannot log in.

passwd TestUser1
---> Enter password: xxx
passwd TestUser2
---> Enter password: yyy

• Create a Project directory under /opt as the project directory.

cd /opt
mkdir Project

Implement Function 1: Access Permissions#

[Only TestUser1, TestUser2, and root can enter this directory.]

• Change the group ownership of the Project directory to TestGroup, leaving the user unchanged.

sudo chown :TestGroup Project

• Remove execute permissions for other users; other users will not be able to enter the directory.

sudo chmod o-x Project

• The effect is as follows:

• 

Implement Function 2: Edit Permissions#

[TestUser1's created files can be edited by TestUser2.]

• First, add write permissions for the group TestGroup so that users can create files in this directory.

sudo chmod g+w Project

• Set set_gid, so that operations performed by users entering the directory will be done as the group of the directory.

sudo chmod g+s Project

[PS] Otherwise, the group ownership of the files created by users will belong to the group with the same name as themselves, rather than TestGroup [thus failing to establish a connection between the two users].

• Permissions are as follows:

• 

Implement Function 3: Delete Permissions#

[TestUser1 and TestUser2 can only delete files they created.]

• Set the sticky bit, so that in this directory, users can only delete content they created.

sudo chmod +t Project

• Permissions are as follows:

• 

[PS] The folder colors have all changed, zsh did a great job.

Points to Consider#

• In a certain scenario: A user entering a directory does not have write permissions for a certain file but can delete the file. Why?
  • 
  • The permission to delete a file primarily depends on the user's permissions for the directory they entered.
    • 
    • This user belongs to TestGroup and has write permissions.
    • Refer to Bird Brother's Private Kitchen — The Significance of Directory and File Permissions — The importance of permissions for directories:
      • 
      • However, when encountering the sticky bit, things change.

Additional#

• The executable permission of a directory represents the permission to enter.

References#

• "Linux Introduction and Usage" notes summary — 3 Linux Basic Knowledge — Users and Groups and Modification of File Permissions
• "Linux Introduction and Usage" notes summary — 8 Files and Directories, AWK — Special Permissions of Files
• Bird Brother's Private Kitchen — The Significance of Directory and File Permissions