Home‎ > ‎CIS 193‎ > ‎

Lab 4: Extended ACLs

In this lab you will use extended ACLs and their related tools 

Introduction
For this lab you will implement a file access model on your Ubuntu VMs. The model is based on individual and group membership in a company. 

Create the Users and Groups
Before you begin you will need to create users and groups. In the lab you will assign access to files and directories to them. Start by creating the following users. Each user should have a private group (this is the default):

Users:
  1. Bob  (UID 2000)
  2. Monica (UID 2001)
  3. Sally (UID 2002)
  4. Jeff (UID 2003)
  5. Mike (UID 2004)
  6. Fred (UID 2005)
  7. Ethan (UID 2006)
Now create the following groups with the following members:
  1. Engineering (GID 3000): Bob, Monica and Sally
  2. Sales (GID 3001): Jeff, Mike, Fred
  3. IT (GID 3002): - Ethan
Download the Directory Tree
Now that you have users and groups created, download this tar file onto your VM. The tar file contains the following directory tree: 

lab4
├── Engineering
│   ├── Designs
│   │   ├── productA
│   │   ├── productB
│   │   └── productC
│   └── Specs
│       ├── productA
│       ├── productB
│       └── productC
└── Sales
    ├── DesignReviews
    │   ├── productA
    │   ├── productB
    │   └── productC
    └── Prices
        ├── productA
        ├── productB
        └── productC

When you have extracted the TAR file be sure to change the group of all the files in "Engineering" to the engineering group and all of the file in "Sales" to the sales group.

Set ACLs
The Engineering directory has the following rules:
  1. Other permissions MUST be off (no read, no write, no execute) on all files and directories
  2. All files should be in the engineering group
  3. Files in the Designs directory should only be readable to people in engineering 
  4. Designs/productA is owned by Bob
  5. Designs/productB is owned by Monica
  6. Designs/productC is owned by Sally
  7. Files in the Specs directory should be writable to Engineering and readable to Sales
  8. Ethan should have full access to everything
The Sales directory has the following rules:
  1. Other permissions MUST be off (no read, no write, no execute) on all files and directories
  2. All files should be in the sales group
  3. Files in the Prices directory should only be readable to people in sales 
  4. Files in the DesignReviews directory should be writable to Sales and readable to Engineering
  5. Ethan should have full access to everything EXCEPT Prices
Turn In
When you have completed setting the permissions on your folder use the TAR command to re-zip them into a single file. Remember: The TAR command needs a special argument to save your ACLs. Be sure to test that the ACLs are saved. 
  1. The TAR file that contains your completed permissions structure
Submit your homework on blackboard.

Grading
  • 10 points for a TAR file with ACLs
  • 10 points for correctness
ċ
lab4-directory-tree.tar.gz
(0k)
Michael Matera,
Feb 18, 2015, 11:19 PM
Comments