6.1 Managing File Security from the CLI
For users or applications to work together, we are able to add specific users and group rights to folders.
Setting up a colleberative directory for multiple users
We will create a directory for a group of users to work in.
Start from your machine as root The following users must exist and have password greater
Rick
Morty
Summer
Also create the group science.
Make sure Rick, Morty and summer are members of the science group as an additional group.
Next, create the directory /shared/science.
Now let’s start with changing the group ownership of the directory /shared/science. We will be using the below commands for this.
chown :science /shared/science
As you can see, we can do this in two ways and the result is the same. In the chown command the : means the group resulting in the following overview.
command |
result |
|---|---|
chown rick:rick /directory |
changes the user and directory |
chown rick /directory |
changes only the user |
chown :rick /directory |
changes only the group |
chown rick:science /directory |
changes the user to rick and the group to science |
The resulting directory should look like this:
[root@rhcsa shared]# ll
total 0
drwxr-xr-x. 2 root science 6 Dec 20 14:21 science
In the above result you can see the drwxr-xr-x on the left. Lets break that down:
position |
explain |
|---|---|
d |
means it is a directory |
rwx |
means that the user has r |
r-x |
means that the group has r |
r-x |
means that the all other users have r |
Now we want to make sure the group science has the rights to create and delete (w write) files.
chmod g+w /shared/science
Resulting directory rights look like this:
drwxrwxr-x. 2 root science 6 Dec 20 14:21 science
Now let’s restrict access to other users.
chmod 770 /shared/science
This means rwx for user, rwx for group, and - for other
Resulting directory rights looking like this:
drwxrwx---. 2 root science 6 Dec 20 14:21 science
Checking our work
We need to change to rick to check the rights.
su - rick
Now let’s see if you can change to the directory.
cd /shared/science
And check if we can create files.
touch portals
Results:
[rick@rhcsa science]$ ll
total 0
-rw-rw-r--. 1 rick rick 0 Dec 20 14:53 portals
We want to give access to the file and to the rest of the science group members, else they cannot work with the file.
chown :science portals
The final rights on the portals file:
-rw-rw-r--. 1 rick science 0 Dec 20 14:53 portals
Let’s change to summer to see if she can add text to the file.
su - summer
Change to the directory:
cd /shared/science
Add some text using the echo command:
echo "alphacenturi" >> portals
Read the content of the file using cat:
cat portals
Resulting output:
[summer@rhcsa science]$ cat portals
alphacenturi
You shouldn’t have gotten any errors during this process.