ACL Exercise


1. Log in as root and open a terminal window.

2. If user10 does not exist on your system create it.

    # useradd -u 110 -g 10 -d /export/home/user10 -m -s /bin/ksh -c "User 10" user10

3. Create the directory /var/test and change directory to that location.

    # mkdir /var/test
    # cd /var/test

4. Create two new files. Record the permissions applied to each.

    # echo "Success for file1!" > file1
    # touch file2
    # ls -l

5. Display the Access Control List (ACL) for file1. Do the permissions in the ACL match the permissions reported by the ls command?

    # getfacl file1

6. Change permissions on file1 so that only the owner (root) and group (other) have read access.

    # chmod 440 file1

7. Switch your user identity to user10.

    # su - user10
    $

8. Attempt to display the content of file1. What is the result?

    $ cat /var/test/file1

9. Exit your su session. Use setfacl to add an ACL entry that allows read access for user10 to the ACL for file1. Verify that the new ACL entry exists. Switch your user identity back to user10.

    $ exit
    # setfacl -m user:user10:4 file1
    # getfacl file1
    # su - user10
    $

10. Use ls to display the permissions applied to file1. According to these permissions does user10 have read access?

    $ ls -l /var/test/file1

    What indicates that an additional ACL entry exists for file1?

11. Attempt to display the content of file1. What is the result? Exit your su session when finished.

    $ cat /var/test/file1
    $ exit
    #

12. Display the Access Control List for file2. Do the group permissions match the permissions associated with the mask entry?

    # getfacl file2

13. Grant read, write and execute permissions to the group that owns file2. Display the ACL and a long listing for file2.

    # chmod g=rwx file2
    # getfacl file2
    # ls -l file2

    Do the mask permissions match the group permissions?

14. Set the mask permissions for file2 to read only. Display the ACL and a long listing for file2.

    # setfacl -m mask:r-- file2
    # getfacl file2
    # ls -l file2

    Do the mask permissions match the group permissions?

    In the long listing output, do you find an indication that file2 has additional ACL entries?

15. If group101 does not exist on your system, create it.

    # groupadd -g 101 group101

16. Add an ACL entry for the group called group101 to file2. Grant only read and execute permissions for this group.

    # setfacl -m group:group101:5 file2

17. Add an ACL entry for the user called user10 to file2. Grant only execute permissions for this user.

    # setfacl -m user:user10:1 file2

    Verify the current ACL permissions for file2.

    # getfacl file2

    What are the effective permissions for user10 and group101?

18. Set the mask value to read, write, and execute.

    # setfacl -m mask:rwx file2

19. Again verify the effective permissions for user10 and group101. Do their effective permissions match the mask or what they were specifically granted?

    # getfacl file2

    Did changing the mask permissions affect the permissions for the group that owns the file?
 
 

Marty Froomin 7/8/03