Access Control & OS: Unix Lab Procedures
1. Setting up File Structure and User Space. The objective
of this exercise is to setup the file hierarchy structure and the users
that are required for the exercises in this section. The su command is
used to switch users.
1. Login as root (password = "enter 2005")
2. Use useradd command to create two new users user1 and user2 as
a. useradd user1 -g users -p user1
b. useradd user2 -g users -p user2
3. Check user information with the id command. Note the uid, gid for
a. id user1
b. id user2
4. Create a directory structure
a. mkdir /test
b. mkdir /test/temp
5. Switch user roles as user1 and then back to root using the su
b. su user1
c. su OR su root (password = "enter 2005")
6. Create a new file as root user and change group ownership as well
as user ownership of the file.
a. touch /home/user2/HelloWorld
b. ls –l /home/user2/HelloWorld (observe owner and group)
c. chgrp users /home/user2/helloWorld
d. chown user2:users /home/users/HelloWorld
e. ls –l /home/user2/HelloWorld (observe owner and group)
1. Explain what chgrp and chown do?
2. What do –g and –p options mean?
3. Differences in File and Folder Permissions. The
objective of the following exercises would be to see the differences in
file and folder permissions. The chmod command will be used to change
file and directory permission to demonstrate the slight differences in
permissions for files and directories.
1. Observe the result of ls and cd commands
b. ls –l
c. ls -al /home
d. Switch to user1 using su user1
e. ls -al /home/user2 (Can you list directory?________)
f. cd /home/user2 (Can you change directory?________)
2. Change directory permissions of user2 directory and try again as
a. su root
b. chmod 740 /home/user2
c. Repeat steps 1e to 1g (Can you list or change directory?________)
d. su root
e. chmod 750 /home/user2
f. Repeat steps 1e to 1g (Can you list or change directory?________)
g. touch /home/user2/hello12.txt(Can you create new file?________)
h. su root
i. chmod 770 /home/user2
j. su user1
k. Repeat step 2g. (Can you create new file? ________)
. ls –l /home/user2
4. Question. What are the directory permissions for user1,
user2 and test directories?
5. Alternative Syntax for chmod Command. You are expected to
learn both the ways to use chmod. The access permissions for the
file hello.txt is to set the su bit only, allow all access permissions
to owner, read and execute rights to the group and only read rights to
others. In other works the 12 bit permission required on the file
hello.txt is as follows: “100 111 101 100.” This can be achieved in
several ways using chmod command:
1. chmod 4754 hello.txt
2. chmod u+srwx g+rx o+r hello.txt
3. chmod u=srwx, g=rx, o=r hello.txt
6. New Text Files and Linking Files. Unix supports two
kinds of link files--a hard link and a symbolic link. A hard link is a
file with the actual address space of some ordinary file's data blocks.
A symbolic link is just a reference to another file. It contains the
pathname to some other file.
1. In the /test/temp/ directory, as root user, create a new text file
(“hello”) and fill it with some text using touch, pico, vi etc.
2. Create a link link_hello in the test folder pointing to hello.txt
in the temp folder (refer to file structure in introduction)
a. cd /
b. ln -s /test/temp/hello /test/link_hello
c. Is there any difference in file permissions of link_hello and
d. cat /test/link_hello What is the output?
7. Default file permissions and Group Access Control.
Whenever a new file is created using C program,defulat permissions can
be assigned to it. UNIX system allows the user to filter out unwanted
permissions by default. This default setting can be set by the user
using the umask command. It is a system call that is also recognized by
the shell. The command takes the permissions set during file creation
and performs a bitwise AND to the bitwise negation of mask value. Some
common umask values are 077 (only user has permissions), 022 (only owner
can write), 002 (only owner and group members can write), etc.
1. In a terminal window, make sure you are a root user. If not the
root user, then switch back to root user (use your password to switch).
2. Use umask command to check the current mask permission and assign
a new mask.
b. What is the current mask? How is it interpreted? (try umask –S or
the man pages)
c. cd /test
d. touch testmask1
f. What are the permissions of the file testmask1
g. umask 0077
h. touch testmask2
i. Now what are the permissions of the file testmask2
3. What is the effect of setting mask value to 0000?
8. Setuid Bit, Setgid Bit and Sticky Bit. As explained in
the background above, the highest three bits of the permission bits
represent the setuid bit, setgid bit and the sticky bit. If the setuid
bit is set then the uid will always be set to the owner of the file
during execution. If the setuid bit is not set then the uid will be the
user who executes the process. Similarly, if the setgid bit is set then
the gid will be set to the group that owns the file during execution. If
the setgid bit is not set then the gid will be the group that executes
the process. The sticky bit is set to keep processes in the main memory.
In the following exercise, the objective is to demonstrate how processes
are affected when the setuid bit is set. The exercise must be begun with
1. which touch
2. ls –l /bin/touch
3. chmod 4755 /bin/touch
4. ls –l /bin/touch
5. ls –l /home/user2
6. chmod 700 /home/user2/HelloWorld
7. ls –l /home/user2 (observe timestamp and permissions)
8. su user1
9. touch /home/user2/HelloWorld
10. ls –l /home/user2 (observe timestamp)
11. su root
12. chmod 0755 /bin/touch
13. su user1
14. touch /home/user2/HelloWorld
9. Question. Why is permission denied?
10. Restore the System. After the series of exercises, it is
most essential that the system is restored to its normal state so that
other students may undertake the exercises again. Below are the series
of commands that are expected to restore the system to its original
1. su root
2. umask 0022
3. chmod 0755 /bin/touch
4. userdel user1
5. userdel user2
6. rm –rf /home/user1
7. rm –rf /home/user2
8. rm –rf /test
9. rm –rf /home/test/