Access Control & OS: Unix Lab Procedures

1. Setting up File Structure and User Space.  The objective of this exercise is to setup the file hierarchy structure and the users that are required for the exercises in this section. The su command is used to switch users.

1. Login as root (password = "enter 2005")

2. Use useradd command to create two new users user1 and user2 as follows:

a. useradd user1 -g users -p user1

b. useradd user2 -g users -p user2

3. Check user information with the id command. Note the uid, gid for each output.

a. id user1

b. id user2

d. id

4. Create a directory structure

a. mkdir /test

b. mkdir /test/temp

5. Switch user roles as user1 and then back to root using the su command

a. whoami

b. su user1

c. su OR su root (password = "enter 2005")

6. Create a new file as root user and change group ownership as well as user ownership of the file.

a. touch /home/user2/HelloWorld

b. ls l /home/user2/HelloWorld (observe owner and group)

c. chgrp users /home/user2/helloWorld

d. chown user2:users /home/users/HelloWorld

e. ls l /home/user2/HelloWorld (observe owner and group)

2. Questions. 

1.  Explain what chgrp and chown do?

2.  What do g and p options mean?

3. Differences in File and Folder Permissions.  The objective of the following exercises would be to see the differences in file and folder permissions. The chmod command will be used to change file and directory permission to demonstrate the slight differences in permissions for files and directories.

1. Observe the result of ls and cd commands /

b. ls l

c. ls -al /home

d. Switch to user1 using su user1

e. ls -al /home/user2 (Can you list directory?________)

f. cd /home/user2 (Can you change directory?________)

2. Change directory permissions of user2 directory and try again as user1.

a. su root

b. chmod 740 /home/user2

c. Repeat steps 1e to 1g (Can you list or change directory?________)

d. su root

e. chmod 750 /home/user2

f. Repeat steps 1e to 1g (Can you list or change directory?________)

g. touch /home/user2/hello12.txt(Can you create new file?________)

h. su root

i. chmod 770 /home/user2

j. su user1

k. Repeat step 2g. (Can you create new file? ________)

. ls l /home/user2

4. Question.  What are the directory permissions for user1, user2 and test directories?

5. Alternative Syntax for chmod Command.  You are expected to learn both the ways to use chmod.  The access permissions for the file hello.txt is to set the su bit only, allow all access permissions to owner, read and execute rights to the group and only read rights to others. In other works the 12 bit permission required on the file hello.txt is as follows: 100 111 101 100. This can be achieved in several ways using chmod command:

1. chmod 4754 hello.txt

2. chmod u+srwx g+rx o+r hello.txt

 3. chmod u=srwx, g=rx, o=r hello.txt

6. New Text Files and Linking Files.  Unix supports two kinds of link files--a hard link and a symbolic link. A hard link is a file with the actual address space of some ordinary file's data blocks. A symbolic link is just a reference to another file. It contains the pathname to some other file.

1. In the /test/temp/ directory, as root user, create a new text file (hello) and fill it with some text using touch, pico, vi etc.

2. Create a link link_hello in the test folder pointing to hello.txt in the temp folder (refer to file structure in introduction)

a. cd /

b. ln -s /test/temp/hello /test/link_hello

c. Is there any difference in file permissions of link_hello and hello?

d. cat /test/link_hello What is the output?

7. Default file permissions and Group Access Control.  Whenever a new file is created using C program,defulat permissions can be assigned to it. UNIX system allows the user to filter out unwanted permissions by default. This default setting can be set by the user using the umask command. It is a system call that is also recognized by the shell. The command takes the permissions set during file creation and performs a bitwise AND to the bitwise negation of mask value. Some common umask values are 077 (only user has permissions), 022 (only owner can write), 002 (only owner and group members can write), etc.

1. In a terminal window, make sure you are a root user. If not the root user, then switch back to root user (use your password to switch).

2. Use umask command to check the current mask permission and assign a new mask.


b. What is the current mask? How is it interpreted? (try umask S or the man pages)

c. cd /test

d. touch testmask1 al

f. What are the permissions of the file testmask1

g. umask 0077

h. touch testmask2

i. Now what are the permissions of the file testmask2

3. What is the effect of setting mask value to 0000?

8. Setuid Bit, Setgid Bit and Sticky Bit.  As explained in the background above, the highest three bits of the permission bits represent the setuid bit, setgid bit and the sticky bit. If the setuid bit is set then the uid will always be set to the owner of the file during execution. If the setuid bit is not set then the uid will be the user who executes the process. Similarly, if the setgid bit is set then the gid will be set to the group that owns the file during execution. If the setgid bit is not set then the gid will be the group that executes the process. The sticky bit is set to keep processes in the main memory. In the following exercise, the objective is to demonstrate how processes are affected when the setuid bit is set. The exercise must be begun with root privileges.

1.  which touch

2.  ls l /bin/touch

3.  chmod 4755 /bin/touch

4.  ls l /bin/touch

5.  ls l /home/user2

6.  chmod 700 /home/user2/HelloWorld

7.  ls l /home/user2 (observe timestamp and permissions)

8.  su user1

9.  touch /home/user2/HelloWorld

10.  ls l /home/user2 (observe timestamp)

11.  su root

12.  chmod 0755 /bin/touch

13.  su user1

14.  touch /home/user2/HelloWorld

9. Question. Why is permission denied?

10. Restore the System.  After the series of exercises, it is most essential that the system is restored to its normal state so that other students may undertake the exercises again. Below are the series of commands that are expected to restore the system to its original form.

1.  su root

2.  umask 0022

3.  chmod 0755 /bin/touch

4.  userdel user1

5.  userdel user2

6.  rm rf /home/user1

7.  rm rf /home/user2

8.  rm rf /test

9.  rm rf /home/test/