MN502 Network Security
Laboratory 9 Manual: Access Control and Files System Security
This manual is for running experiments on Access Control and Files System Security.
In the first exercise, you will setup the file hierarchy structure and the user accounts on a Kali Linux environment. In the second exercise, students will use chmod command to change file and directory permission to demonstrate the slight differences in permissions for files and directories.
Third exercise is on changing ownership of files and folders and fourth exercise focuses on file permissions and Group access control.
Exercise 1: Setting up File Structure and User space
The objective of this exercise is to setup the file hierarchy structure and the user accounts that are required for the exercises in this section. The su command is used to switch users.
a. useradd user1 -g users
b. useradd user2 -g users
a. id user1
b. id user2
a. mkdir test
b. mkdir test/temp
b. su user1
a. touch HelloWorld
b. ls –l HelloWorld (observe owner and group)
c. chgrp users HelloWorld
d. chown user2:users HelloWorld
e. ls –l HelloWorld (observe owner and group)
Exercise 2: Differences in File and Folder Permissions
The objective of the following exercises is to see the differences between file and folder (directory) permissions. The chmod command will be used to change file and directory permission to demonstrate the slight differences in permissions for files and directories.
a. cd /
b. ls –l
c. What are the permissions for HellowWorld
Change directory permissions of user2 directory and try again as user1.
Exercise 3: Changing ownership of files and folders.
1. Create a folder called “lab10” on the desktop
2. Run the terminal window and switch to root user
3. Create a user called “test” using useradd and one group called “students” using addgroup
sudo addgroup test
4. sudo adduser test
5. Run chown command to give the ownership of “lab10” to “test” as under use ls –l to verify ownship is change to test or not as shown in following snapshot
6. As you can see ownership is change for lab10 from root to test user.
7. To change the ownership and group associated with lab10 use chown as under
e.g owner = test and group = students
Verify it using ls –l command as mentioned above.
Create more folders and try to change the ownership of those folders. For help use
Exercise 4: Default file permissions and Group access control
Whenever a new file is created a default set of permissions can be assigned to it. Whatever the permissions are, the UNIX system allows the user to filter out unwanted permissions set by default. This default setting can be set by the user using the umask command. The command takes the permissions set during creation of file and performs a bitwise AND to the bitwise negation of mask value. Some common umask values are 077 (only user has permissions), 022 (only owner can write), 002 (only owner and group members can write), etc.
b. What is the current mask? How is it interpreted? (try umask –S or the man pages)
c. cd /test
d. touch testmask1
e. ls -al
f. What are the permissions of the file testmask1?
g. umask 0077
h. touch testmask2
i. Now what are the permissions of the file testmask2?
For solution, connect with our online professionals.