RHCSA 8 Exam Practice Question 3 (Managing Permission In Linux)

What Should I know About The RHCSA Exam

RHCSA 8 exam practice question 3

Question


Create a shared directory, “/home/admins”.

make it have the following characteristics:
(I) “/home/admins” belongs to the group, “adminuser” and this directory can be read and written by members of group “adminuser”


(II) Any files created in “/home/admins” should permit the group members to be able to read and write on the files.


The question is based On The User and Group management, and Setting & Managing Permission in the The RHCSA 8 Course on this website. If you have gone through this course, solving this wouldn’t be a problem.

RHCSA 8 Course

Creating and Managing Users In Linux

Creating and Managing groups in Linux

Setting and Managing Permission In Linux

Ask Your Questions

Answer

1. create the shared directory

[root@rhel8 ~]# mkdir /home/admins
[root@rhel8 ~]#

2. make the directory belong to the group adminuser, if the adminuser group doesn’t exist yet, we create the group

In this case, the adminuser group does not exist, hence , we create the group adminuser,

[root@rhel8 ~]# groupadd adminuser
[root@rhel8 ~]#

To make the directory /home/admins belong to the adminuser group, we change the group ownership from root to the adminuser group

change the group ownership,

[root@rhel8 ~]# ls -ld /home/admins

drwxr-xr-x. 2 root root 6 Dec 31 18:48 /home/admins
[root@rhel8 ~]# chgrp  adminuser /home/admins
[root@rhel8 ~]# ls -ld /home/admins

drwxr-xr-x. 2 root adminuser 6 Dec 31 18:48 /home/admins
[root@rhel8 ~]#

3. Now we set the permission to allow the directory to be read and written by the member of the group.

[root@rhel8 ~]# chmod  g+w /home/admins

[root@rhel8 ~]# ls -ld /home/admins

drwxrwxr-x. 2 root adminuser 6 Dec 31 18:48 /home/admins
[root@rhel8 ~]#

Before the B part. Let’s test our solution.

On my system, I have users audrey, olley and micheal.

audrey, olley and micheal have been added to the adminuser group.

we are gonna test if audrey and micheal are able to edit the file that olley will create

Let’s begin

confirming the /etc/group file,

[root@rhel8 ~]# cat /etc/group
root:x:0:
bin:x:1:
daemon:x:2:
tomisinuno:x:1000:
lisa:x:1001:
harry:x:1322:
john:x:1003:
jane:x:1004:Paul
Paul:x:4543:
teju:x:4544:
HR_DEPARTMENT:x:4545:harry,john,jane
finance:x:4546:kevin
kevin:x:4547:
Jose:x:4548:
Tyler:x:4549:
HR:x:4323:
adminuser:x:4550:olley,audrey
audrey:x:4551:
olley:x:4552:
micheal:x:4553:
[root@rhel8 ~]#

log in as olley and create a file.

login as: olley
olley@192.168.170.129's password:
Activate the web console with: systemctl enable --now cockpit.socket

This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register

[olley@rhel8 ~]$ touch /home/admins/olley_file
[olley@rhel8 ~]$

Edit olley’s file as the user, audrey

login as: audrey
audrey@192.168.170.129's password:
Activate the web console with: systemctl enable --now cockpit.socket

This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register

[audrey@rhel8 ~]$ cat >> /home/admins/olley_file
Permission denied

You can see that audrey can’t edit olley’s file

Again, edit olley’s file as the user, micheal

login as: micheal
micheal@192.168.170.129's password:
Activate the web console with: systemctl enable --now cockpit.socket

This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register

[micheal@rhel8 ~]$ cat >> /home/admins/olley_file
 Permission denied

We can see that micheal is denied of writing.

PART B (II)

To permit the group member to be able to read and edit each other’s file, the set group id (SGID) permission is needed.

Let’s break it down.


The SGID permission allows the directory to be shareable.

4. for the setgroupid, we do

[root@rhel8 ~]# chmod g+s /home/admins
[root@rhel8 ~]#

testing if audrey and micheal can edit olley’s file.

[audrey@rhel8 ~]$ cat >> /home/admins/olley_file
[micheal@rhel8 ~]$ cat >> /home/admins/olley_file

Obviously, they can now edit olley’s file.

Solution Summary

# mkdir /home/admins

# groupadd adminuser

# chgrp adminuser /home/admins

# chmod g+w /home/admins

# chmod g+s /home/admins

You can watch the video of RHCSA 8 Exam practice question 3 by clicking the link below

RHCSA 8 exam practice question 3

Your feedback is welcomed. If you love others, you will share with others

7 Comments

  1. Sorry, don`t get it. Why do you need to use setfacl with group persmissions to add RW permissions to adminuser group if you have already defined it with chmod g+w and chmod g+s.
    It would work perfectly without setfacl.
    I think you may have done an incorrect sequence of commands and the olley_files and audrey_files were created as root:olley and root:audrey, this is why it did not allow you to do cat on audrey file being logged as olley and viceversa.
    The sequence that should work is the following:
    mkdir /home/admins
    chown -R root:adminuser /home/admins/
    chmod -R 2775 /home/admins/
    usermod -aG adminser olley|audrey (if you have not done this already)

    From now on, any file audrey or olley create in /home/admins/ folder will have adminuser as its group and since olley and audrey belong to the same group, they will be able to view and modify each other`s files.

    • You are right Vad. I double-checked the question again, the answer should end at setting the SGID permission on the shared directory. I didn’t have to use the setfacl command.

      If SGID permission is given on a directory, every file that will be created in that directory will inherit the group ownership of that directory, i.e, the owning group of that directory, hence it becomes a collaborative directory.

      There must have been a mix up somewhere while playing with the users and files on my lab. Probably, I created a file before setting the SGID permission.

      The only time the setfacl command should be used in this case is if a member of the group had already created a file in the directory before setting the SGID permission, that way, the setfacl is needed for other members to be able to edit that particular user’s file. There is a question related to this which I will post.

      Thanks for pointing this out. I appreciate your time. The post has been corrected now.
      Cheers!

      • Hello
        the post is not fixed, yet!
        “set group ID means that every group member will inherit the ownership to a newly created files”
        so,
        testing if audrey and micheal can edit olley’s file.
        su – olley
        touch /home/admins/Newly_created_files_by_olley
        ls -la /home/admins/Newly_created_files_by_olley

        exit
        su – audrey
        cat >> /home/admins/Newly_created_files_by_olley
        no error

  2. what’s the difference between this question and question 19 please. I have also ordered for your premium RHCSA 8 exam practice questions.

    • The difference is non ACL and ACL permissions. Since you have the premium package, check question 29, it explains it all and gives more clarity. You can email us with your premium code if you are sill not clear

  3. Hello Victor,

    the question specification is as below:
    “/home/admins” belongs to the group, “adminuser” and this directory can be read and written by members of group “adminuser”

    so when we are should not be give group read & write permission only for example using [root@rhel8 ~]# chmod g=rw /home/admins instead of
    [root@rhel8 ~]# chmod g+w /home/admins

Leave a Reply

Your email address will not be published.


*