1 00:00:06,330 --> 00:00:08,190 - So the first part of the lab 2 00:00:08,190 --> 00:00:09,900 is to ensure that the files created 3 00:00:09,900 --> 00:00:12,750 by user root cannot be accessed by group or others. 4 00:00:12,750 --> 00:00:15,720 And files of ordinary users should be readable 5 00:00:15,720 --> 00:00:17,730 by the group owners. 6 00:00:17,730 --> 00:00:18,810 That's the umask. 7 00:00:18,810 --> 00:00:22,290 And we seen that in the lesson about umask. 8 00:00:22,290 --> 00:00:23,610 Let me just repeat 9 00:00:23,610 --> 00:00:24,670 sudo vim on etc 10 00:00:26,621 --> 00:00:30,210 skel .bashrc 11 00:00:30,210 --> 00:00:34,046 In which I added umask 002. 12 00:00:34,046 --> 00:00:38,400 And as umask 002, that makes that files 13 00:00:38,400 --> 00:00:41,640 created by users are readable 14 00:00:41,640 --> 00:00:45,390 and writeable by the user as well as the group. 15 00:00:45,390 --> 00:00:49,200 Now, if you wanna do so, something similar for user root. 16 00:00:49,200 --> 00:00:51,118 Well I would say just use 17 00:00:51,118 --> 00:00:56,118 sudo vim on /root/.bashrc 18 00:00:56,430 --> 00:01:00,150 And in there you are going to add 19 00:01:00,150 --> 00:01:03,450 umask 007. 20 00:01:03,450 --> 00:01:05,730 I don't like 077 too much. 21 00:01:05,730 --> 00:01:08,460 I like 007 a little bit more. 22 00:01:08,460 --> 00:01:11,610 But if you take the lab exactly as it is 23 00:01:11,610 --> 00:01:15,510 you should do 077 to make it inaccessible 24 00:01:15,510 --> 00:01:16,713 by the group as well. 25 00:01:18,930 --> 00:01:20,130 Right? Let's continue. 26 00:01:20,130 --> 00:01:22,020 And the next thing is to create a directory 27 00:01:22,020 --> 00:01:24,087 is data sales and data account. 28 00:01:24,087 --> 00:01:26,480 sudo mkdir -p 29 00:01:26,480 --> 00:01:30,480 /data/sales 30 00:01:30,480 --> 00:01:32,550 and /data/account 31 00:01:32,550 --> 00:01:34,980 And I know I've demonstrated the data sales 32 00:01:34,980 --> 00:01:35,814 directory already 33 00:01:35,814 --> 00:01:38,850 but I just wanna give you complete commands. 34 00:01:38,850 --> 00:01:41,250 Next, members of the group sales should be able 35 00:01:41,250 --> 00:01:43,830 to read and write in data sales and members 36 00:01:43,830 --> 00:01:45,270 of the group account should be able 37 00:01:45,270 --> 00:01:47,673 to read and write in data account. 38 00:01:48,510 --> 00:01:51,060 Let's read everything because right here 39 00:01:51,060 --> 00:01:55,920 this is C H G R P and permission mode 7 7 something. 40 00:01:55,920 --> 00:01:57,660 No other users should have access 41 00:01:57,660 --> 00:02:01,860 to these directories. That makes a permission mode 770. 42 00:02:01,860 --> 00:02:04,590 And users will only be allowed to delete files 43 00:02:04,590 --> 00:02:06,480 they have created themselves with user. 44 00:02:06,480 --> 00:02:08,400 Anna, our sales manager, should be able to 45 00:02:08,400 --> 00:02:13,380 manage all sales files. That is throwing in some sticky bit. 46 00:02:13,380 --> 00:02:15,780 All right, let me go. 47 00:02:15,780 --> 00:02:17,040 And you know what? 48 00:02:17,040 --> 00:02:18,720 I'm going to open a root shell 49 00:02:18,720 --> 00:02:21,143 in order to do this. Makes it slightly easier. 50 00:02:21,143 --> 00:02:22,110 (keyboard clicks) 51 00:02:22,110 --> 00:02:25,710 I'm using ls -l. And first the permission mode 52 00:02:25,710 --> 00:02:29,700 I'm using chmod. chmod what? 53 00:02:29,700 --> 00:02:33,300 3770 on star 54 00:02:33,300 --> 00:02:34,140 Why a 3? 55 00:02:34,140 --> 00:02:35,700 Because I need sticky bit. 56 00:02:35,700 --> 00:02:37,770 I need set group ID bit as well 57 00:02:37,770 --> 00:02:39,960 because set group ID makes sense 58 00:02:39,960 --> 00:02:42,270 on these shared directories. 59 00:02:42,270 --> 00:02:46,230 ls - l is showing that permissions are set all right. 60 00:02:46,230 --> 00:02:49,305 Next, I need to make sure that we have 61 00:02:49,305 --> 00:02:52,170 chown Anna * 62 00:02:52,170 --> 00:02:53,160 Why is that? 63 00:02:53,160 --> 00:02:55,560 That's because Anna is a sales manager 64 00:02:55,560 --> 00:02:58,650 and Anna should be able to, to delete 65 00:02:58,650 --> 00:03:00,780 all these files in the directories. 66 00:03:00,780 --> 00:03:03,480 And if a user is owner of the directory 67 00:03:03,480 --> 00:03:07,170 then the user is allowed to do maintenance on the directory. 68 00:03:07,170 --> 00:03:09,870 Which means delete files from the directory. 69 00:03:09,870 --> 00:03:13,680 Last C H G R P account on account. 70 00:03:13,680 --> 00:03:18,150 And that will do it. ls - l is showing this. 71 00:03:18,150 --> 00:03:20,220 And this is what we needed to accomplish 72 00:03:20,220 --> 00:03:22,410 in this specific lab. 73 00:03:22,410 --> 00:03:23,340 And you know what? 74 00:03:23,340 --> 00:03:26,073 That's all. Let's continue with the next lesson.