This exercise illustrates how you can restrict access to files and directories using Unix permissions.
Replace jde by your actual username.
Parts of this guide are annotated with the following icons:
- ❗ A task you MUST perform to complete the exercise.
- ❓ An optional step that you may perform to make sure that everything is working correctly.
⚠️ Critically important information about the exercise.- 💎 Tips on the exercise, reminders about previous exercises, or explanations about how this exercise differs from the previous one.
- 👾 More advanced tips on how to save some time. Challenges.
- 📚 Additional information about the exercise or the commands and tools used.
- 🏁 The end of the exercise.
- 💥 Troubleshooting tips: how to fix common problems you might encounter.
Create a new alice user:
$> sudo useradd --create-home --shell /bin/bash alice💎 You can also use the equivalent short versions of these options:
$> sudo useradd -m -s /bin/bash alice
Make sure other users can access and list the contents of alice's home
directory:
$> sudo chmod o+rx /home/alice- Create a file named
file.txtinalice's home directory that is readable byalicebut not by you. - Create a directory named
for_alicein the system's temporary directory (/tmp). Thealiceuser must be able to traverse this directory, but not list its contents or create new files in it. - The directory must contain a
readable.txtfile thatalicecan read from, but not write to. - The directory must contain a
writable.txtfile thatalicecan read from and write to.
You should not be able to read the file in alice's home directory:
$> cat /home/alice/file.txt
cat: /home/alice/file.txt: Permission deniedTemporarily log in as alice (using your administrative privileges and the su
command, as in switch user):
$> sudo su --login alice💎 When you are done, you can go back to being you with the
exitcommand. Your command line prompt should remind you who you are. When in doubt, use thewhoamicommand.📚 The
--loginoption can also be abbreviated to-lor even simply-(yes, the people who designed Unix were lazy enough that they did not even want to type one more letter).
You should be able to read the file in the home directory:
$> cat /home/alice/file.txtYou should not be able to list the for_alice directory:
$> ls /tmp/for_alice
ls: cannot open directory '/tmp/for_alice/': Permission deniedYou should not be able to create a file in the for_alice directory:
$> echo Hello > /tmp/for_alice/file.txt
-bash: /tmp/for_alice/file.txt: Permission deniedYou should be able to read the readable.txt file in the for_alice directory:
$> cat /tmp/for_alice/readable.txtYou should not be able to modify the readable.txt file in the for_alice directory:
$> echo "Hello, I'm Alice" >> /tmp/for_alice/readable.txt
-bash: /tmp/for_alice/readable.txt: Permission deniedYou should be able to write to and read from the writable.txt file in the
for_alice directory:
$> echo "Hello, I'm Alice" >> /tmp/for_alice/writable.txt
$> cat /tmp/for_alice/writable.txt
Hello, I'm Alice📚 As a reminder, in Bash,
>>means to redirect the standard output of a command into a file and to append to the end of that file. If you wanted to overwrite the whole contents of the file, you could use>instead.
You have learned to open or restrict access to files in a Unix system by
judicious use of the chown and chmod commands to change ownership and/or
permissions.
You have also practiced using some of the other Unix file-related commands you have learned about so far.