File Permissions

Updated Mar 27, 2021 ·

Tasks

Ensure that others is denied default permissions to any file user ted creates. Edit /home/ted/.bashrc to include a umask setting:

echo "umask 027" >> /home/ted/.bashrc
source /home/ted/.bashrc

This sets the default permissions for new files created by ted to 750 (rwxr-x---).

Create a shared group directory structure:

Run:

sudo mkdir -p /data/teamted
sudo mkdir -p /data/teamrobin

The shared group directory should meet the following conditions:

Members should have full read+write access to their directories, others has no permissions at all.

sudo chown :teamted /data/teamted
sudo chown :teamrobin /data/teamrobin

sudo chmod 770 /data/teamted
sudo chmod 770 /data/teamrobin

Files created in these directories are writeable for all members of the group.
```
sudo chmod g+s /data/teamted
sudo chmod g+s /data/teamrobin
```

Users can only delete files they have created themselves.

sudo chmod +t /data/teamted
sudo chmod +t /data/teamrobin

Members of group teamted have read access to everything in /data/teamrobin.
```
sudo setfacl -m g:teamted:rx /data/teamrobin
```
User ted is headmaster and should be able to delete everything in both directories under /data.
```
sudo setfacl -m u:ted:rwx /data/teamted
sudo setfacl -m u:ted:rwx /data/teamrobin
```

As always, be creative and happy learning! 😀