MN502 Laboratory 9 Manual: Access Control And Files System Security Assignment Answer

MN502 Network Security

Laboratory 9 Manual: Access Control and Files System Security

Description:

This manual is for running experiments on Access Control and Files System Security. 

In the first exercise, you will setup the file hierarchy structure and the user accounts on a Kali Linux environment. In the second exercise, students will use chmod command to change file and directory permission to demonstrate the slight differences in permissions for files and directories. 

Third exercise is on changing ownership of files and folders and fourth exercise focuses on file permissions and Group access control.

Pre-work:

1. Launch Virtual Box
2. Launch your Kali
3. Do all your exercises in the VM 

Exercise 1: Setting up File Structure and User space

The objective of this exercise is to setup the file hierarchy structure and the user accounts that are required for the exercises in this section. The su command is used to switch users.

1. Login as root 
2. Use useradd command to create two new users user1 and user2 as follows:

 a. useradd user1 -g users 

 b. useradd user2 -g users 

1. Check user information with the id command. Note the uid, gid for each output.

 a. id user1

 b. id user2

1. Create directory structure

 a. mkdir test

 b. mkdir test/temp

1. Switch user roles as user1 and then back to root using the su command

a. whoami

b. su user1

1. Create a new file as root user and change group ownership as well as user ownership of the file.

a. touch HelloWorld

b. ls –l  HelloWorld (observe owner and group)

c. chgrp users  HelloWorld

d. chown user2:users  HelloWorld

e. ls –l  HelloWorld (observe owner and group)

Exercise 2: Differences in File and Folder Permissions

The objective of the following exercises is to see the differences between file and folder (directory) permissions. The chmod command will be used to change file and directory permission to demonstrate the slight differences in permissions for files and directories.

1. Observe the result of ls and cd commands

a. cd /

b. ls –l

c. What are the permissions for HellowWorld 

Change directory permissions of user2 directory and try again as user1.

1. su root
2. chmod 740 HelloWorld
3. l. ls –l 

Exercise 3: Changing ownership of files and folders.

1. Create a folder called “lab10” on the desktop

2. Run the terminal window and switch to root user

3. Create a user called “test” using useradd and one group called “students” using addgroup

sudo  addgroup  test

4. sudo adduser test

5. Run chown command to give the ownership of “lab10” to “test” as under use ls –l to verify ownship is change to test or not as shown in following snapshot

6. As you can see ownership is change for lab10 from root to test user.

7. To change the ownership and group associated with lab10 use chown as under

e.g owner = test and group = students

Verify it using ls  –l command as mentioned above.

Create more folders and try to change the ownership of those folders. For help use

man    chown

Exercise 4: Default file permissions and Group access control

Whenever a new file is created a default set of permissions can be assigned to it. Whatever the permissions are, the UNIX system allows the user to filter out unwanted permissions set by default. This default setting can be set by the user using the umask command. The command takes the permissions set during creation of file and performs a bitwise AND to the bitwise negation of mask value. Some common umask values are 077 (only user has permissions), 022 (only owner can write), 002 (only owner and group members can write), etc.

1. In a terminal window, make sure you are a root user. If not the root user, then switch back to root user (use your password to switch.
2. Use umask command to check the current mask permission and assign a new mask.

a. umask

b. What is the current mask? How is it interpreted? (try umask –S or the man pages)

c. cd /test

d. touch testmask1

e. ls -al

f. What are the permissions of the file testmask1?

g. umask 0077

h. touch testmask2

i. Now what are the permissions of the file testmask2?

1. What is the effect of setting mask value to 0000?