What Should I know About The RHCSA Exam
RHCSA 8 exam practice question 3
Create a shared directory, “/home/admins”.
make it have the following characteristics:
(I) “/home/admins” belongs to the group, “adminuser” and this directory can be read and written by members of group “adminuser”
(II) Any files created in “/home/admins” should permit the group members to be able to read and write on the files.
The question is based On The User and Group management, and Setting & Managing Permission in the The RHCSA 8 Course on this website. If you have gone through this course, solving this wouldn’t be a problem.
Creating and Managing Users In Linux
Creating and Managing groups in Linux
Setting and Managing Permission In Linux
1. create the shared directory
[root@rhel8 ~]# mkdir /home/admins
[root@rhel8 ~]#2. make the directory belong to the group adminuser, if the adminuser group doesn’t exist yet, we create the group
In this case, the adminuser group does not exist, hence , we create the group adminuser,
[root@rhel8 ~]# groupadd adminuser
[root@rhel8 ~]#To make the directory /home/admins belong to the adminuser group, we change the group ownership from root to the adminuser group
change the group ownership,
[root@rhel8 ~]# ls -ld /home/admins
drwxr-xr-x. 2 root root 6 Dec 31 18:48 /home/admins[root@rhel8 ~]# chgrp adminuser /home/admins[root@rhel8 ~]# ls -ld /home/admins
drwxr-xr-x. 2 root adminuser 6 Dec 31 18:48 /home/admins
[root@rhel8 ~]#3. Now we set the permission to allow the directory to be read and written by the member of the group.
[root@rhel8 ~]# chmod g+w /home/admins
[root@rhel8 ~]# ls -ld /home/admins
drwxrwxr-x. 2 root adminuser 6 Dec 31 18:48 /home/admins
[root@rhel8 ~]#Before the B part. Let’s test our solution.
On my system, I have users audrey, olley and micheal.
audrey, olley and micheal have been added to the adminuser group.
we are gonna test if audrey and micheal are able to edit the file that olley will create
Let’s begin
confirming the /etc/group file,
[root@rhel8 ~]# cat /etc/group
root:x:0:
bin:x:1:
daemon:x:2:
tomisinuno:x:1000:
lisa:x:1001:
harry:x:1322:
john:x:1003:
jane:x:1004:Paul
Paul:x:4543:
teju:x:4544:
HR_DEPARTMENT:x:4545:harry,john,jane
finance:x:4546:kevin
kevin:x:4547:
Jose:x:4548:
Tyler:x:4549:
HR:x:4323:
adminuser:x:4550:olley,audrey
audrey:x:4551:
olley:x:4552:
micheal:x:4553:
[root@rhel8 ~]#log in as olley and create a file.
login as: olley
olley@192.168.170.129's password:
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
[olley@rhel8 ~]$ touch /home/admins/olley_file
[olley@rhel8 ~]$Edit olley’s file as the user, audrey
login as: audrey
audrey@192.168.170.129's password:
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
[audrey@rhel8 ~]$ cat >> /home/admins/olley_file
Permission deniedYou can see that audrey can’t edit olley’s file
Again, edit olley’s file as the user, micheal
login as: micheal
micheal@192.168.170.129's password:
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
[micheal@rhel8 ~]$ cat >> /home/admins/olley_file
Permission denied
We can see that micheal is denied of writing.
PART B (II)
To permit the group member to be able to read and edit each other’s file, the set group id (SGID) permission is needed.
Let’s break it down.
The SGID permission allows the directory to be shareable.
4. for the setgroupid, we do
[root@rhel8 ~]# chmod g+s /home/admins
[root@rhel8 ~]#testing if audrey and micheal can edit olley’s file.
[audrey@rhel8 ~]$ cat >> /home/admins/olley_file
[micheal@rhel8 ~]$ cat >> /home/admins/olley_file
Obviously, they can now edit olley’s file.
# mkdir /home/admins
# groupadd adminuser
# chgrp adminuser /home/admins
# chmod g+w /home/admins
# chmod g+s /home/admins
You can watch the video of RHCSA 8 Exam practice question 3 by clicking the link below
Your feedback is welcomed. If you love others, you will share with others
Sorry, don`t get it. Why do you need to use setfacl with group persmissions to add RW permissions to adminuser group if you have already defined it with chmod g+w and chmod g+s.
It would work perfectly without setfacl.
I think you may have done an incorrect sequence of commands and the olley_files and audrey_files were created as root:olley and root:audrey, this is why it did not allow you to do cat on audrey file being logged as olley and viceversa.
The sequence that should work is the following:
mkdir /home/admins
chown -R root:adminuser /home/admins/
chmod -R 2775 /home/admins/
usermod -aG adminser olley|audrey (if you have not done this already)
—
From now on, any file audrey or olley create in /home/admins/ folder will have adminuser as its group and since olley and audrey belong to the same group, they will be able to view and modify each other`s files.
You are right Vad. I double-checked the question again, the answer should end at setting the SGID permission on the shared directory. I didn’t have to use the setfacl command.
If SGID permission is given on a directory, every file that will be created in that directory will inherit the group ownership of that directory, i.e, the owning group of that directory, hence it becomes a collaborative directory.
There must have been a mix up somewhere while playing with the users and files on my lab. Probably, I created a file before setting the SGID permission.
The only time the setfacl command should be used in this case is if a member of the group had already created a file in the directory before setting the SGID permission, that way, the setfacl is needed for other members to be able to edit that particular user’s file. There is a question related to this which I will post.
Thanks for pointing this out. I appreciate your time. The post has been corrected now.
Cheers!
Hello
the post is not fixed, yet!
“set group ID means that every group member will inherit the ownership to a newly created files”
so,
testing if audrey and micheal can edit olley’s file.
su – olley
touch /home/admins/Newly_created_files_by_olley
ls -la /home/admins/Newly_created_files_by_olley
exit
su – audrey
cat >> /home/admins/Newly_created_files_by_olley
no error
Yes I also had some issues, I could write to the directory, after performing the commands of Vad it worked, thanks.
what’s the difference between this question and question 19 please. I have also ordered for your premium RHCSA 8 exam practice questions.
The difference is non ACL and ACL permissions. Since you have the premium package, check question 29, it explains it all and gives more clarity. You can email us with your premium code if you are sill not clear
Hello Victor,
the question specification is as below:
“/home/admins” belongs to the group, “adminuser” and this directory can be read and written by members of group “adminuser”
so when we are should not be give group read & write permission only for example using [root@rhel8 ~]# chmod g=rw /home/admins instead of
[root@rhel8 ~]# chmod g+w /home/admins