1 00:00:06,750 --> 00:00:09,390 - So our next assignment is about users and permissions. 2 00:00:09,390 --> 00:00:10,223 What do we need to do? 3 00:00:10,223 --> 00:00:12,930 We need to set defaults for new users 4 00:00:12,930 --> 00:00:16,650 such that passwords have a maximum validity. 5 00:00:16,650 --> 00:00:19,200 Then when creating new users, we copy an empty file 6 00:00:19,200 --> 00:00:21,720 with the name 'data' to their home directory. 7 00:00:21,720 --> 00:00:23,640 We need to create users, Anna and Anouk 8 00:00:23,640 --> 00:00:26,010 and set secondary group membership to profs 9 00:00:26,010 --> 00:00:28,380 and users Linda and Lisa and set their 10 00:00:28,380 --> 00:00:31,320 secondary group membership to students. 11 00:00:31,320 --> 00:00:32,153 You know what? 12 00:00:32,153 --> 00:00:33,870 Let me start with that because the remaining 13 00:00:33,870 --> 00:00:36,990 three tasks, these are more on the permission side. 14 00:00:36,990 --> 00:00:39,930 These four tasks are more about the users. 15 00:00:39,930 --> 00:00:41,220 So let's get this out of the way 16 00:00:41,220 --> 00:00:43,070 before we have a look at permissions. 17 00:00:46,440 --> 00:00:51,440 So password validity, that is in ETC login dot defs. 18 00:00:59,347 --> 00:01:01,890 And there we go, past max days 19 00:01:01,890 --> 00:01:03,790 is the parameter that I'm looking for. 20 00:01:04,950 --> 00:01:08,610 By default it's set to 99,999. 21 00:01:08,610 --> 00:01:10,683 That's much, let's set it to 90. 22 00:01:12,840 --> 00:01:15,180 Then second assignment, when creating new users 23 00:01:15,180 --> 00:01:17,010 copy an empty file with the name 'Data' 24 00:01:17,010 --> 00:01:18,750 to their home directory. 25 00:01:18,750 --> 00:01:21,300 Let's obtain through ETC skel. 26 00:01:21,300 --> 00:01:24,003 I'm using touch data and that'll pick it up. 27 00:01:24,990 --> 00:01:26,967 Then we need to create users Anna and Anouk 28 00:01:26,967 --> 00:01:29,490 and set secondary group membership. 29 00:01:29,490 --> 00:01:31,230 And likewise for Linda and Lisa. 30 00:01:31,230 --> 00:01:33,690 You know what, I'm starting group add 31 00:01:33,690 --> 00:01:37,983 profs and group add students. 32 00:01:38,850 --> 00:01:40,530 That makes it so much easier. 33 00:01:40,530 --> 00:01:45,530 And then I can use user at Anna minus G profs. 34 00:01:50,700 --> 00:01:53,760 And for Ubuntu users, don't forget minus M 35 00:01:53,760 --> 00:01:55,510 to create a home directory as well. 36 00:01:56,850 --> 00:01:59,550 I'm ignoring this message here, 'user Anna already exists.' 37 00:01:59,550 --> 00:02:00,383 That's okay. 38 00:02:03,420 --> 00:02:06,660 As I told you, it's just because I pre-used the system. 39 00:02:06,660 --> 00:02:09,540 As long as the commands are alright 40 00:02:09,540 --> 00:02:12,330 we shouldn't make it more complicated than necessary. 41 00:02:12,330 --> 00:02:17,330 So user add Lisa minus G students minus M, 42 00:02:18,780 --> 00:02:21,513 and likewise for user Linda. 43 00:02:22,350 --> 00:02:23,700 Oh, there is one thing by the way, 44 00:02:23,700 --> 00:02:25,500 user Anna already existed. 45 00:02:25,500 --> 00:02:29,550 Let's do ID on Anna and we need to do that for Lisa as well. 46 00:02:29,550 --> 00:02:31,770 And we can see the user Anna is now 47 00:02:31,770 --> 00:02:33,750 not a member of the group profs. 48 00:02:33,750 --> 00:02:38,160 So user mod minus AG profs on Anna 49 00:02:38,160 --> 00:02:42,063 and let's do something similar for user Lisa. 50 00:02:46,920 --> 00:02:48,780 And now we are alright. 51 00:02:48,780 --> 00:02:51,000 Okay, that took care of the part of the users. 52 00:02:51,000 --> 00:02:52,950 Now I want to read the rest of it. 53 00:02:52,950 --> 00:02:55,140 So we need to create a directory 'data profs' 54 00:02:55,140 --> 00:02:58,320 as well as the directory 'data students.' 55 00:02:58,320 --> 00:02:59,550 Let's immediately do that. 56 00:02:59,550 --> 00:03:04,550 MKDR minus P slash data profs, data students. 57 00:03:08,880 --> 00:03:10,500 And ensure that members of the group 58 00:03:10,500 --> 00:03:12,120 'students' have full access to data. 59 00:03:12,120 --> 00:03:15,450 Students and profs have full access to data profs. 60 00:03:15,450 --> 00:03:20,450 Let me get into data and let me use CHGRP profs 61 00:03:21,510 --> 00:03:26,510 on profs and CHGRP students on students. 62 00:03:27,630 --> 00:03:32,550 And at least CH mod G plus W on star. 63 00:03:32,550 --> 00:03:35,220 LS minus L, now we have taken care 64 00:03:35,220 --> 00:03:37,113 of this part of full access. 65 00:03:39,120 --> 00:03:42,090 Alright, so here is the second part of the permissions 66 00:03:42,090 --> 00:03:45,510 related assignments, where we need to ensure that new files 67 00:03:45,510 --> 00:03:48,210 in the directories are automatically group owned 68 00:03:48,210 --> 00:03:49,830 by the group owners of the directories. 69 00:03:49,830 --> 00:03:52,470 And users should only be allowed to delete their own files 70 00:03:52,470 --> 00:03:55,227 in these directories, with the exception of user Anna 71 00:03:55,227 --> 00:03:57,513 who should be able to delete all files. 72 00:03:59,790 --> 00:04:01,920 So now we need to make sure that new files 73 00:04:01,920 --> 00:04:04,140 in these directories are automatically group owned 74 00:04:04,140 --> 00:04:07,260 by the group, by the group owners of the directories. 75 00:04:07,260 --> 00:04:08,670 Hey, I know how to do that. 76 00:04:08,670 --> 00:04:11,250 That is CH mod G plus S. 77 00:04:11,250 --> 00:04:13,053 That's a set group ID bit. 78 00:04:13,890 --> 00:04:15,390 On star. 79 00:04:15,390 --> 00:04:18,120 I'm ignoring the fact that there are sils. 80 00:04:18,120 --> 00:04:19,650 Sils is not important. 81 00:04:19,650 --> 00:04:22,320 What is important is that now we can see 82 00:04:22,320 --> 00:04:24,210 that on the position where before we had 83 00:04:24,210 --> 00:04:28,683 an X for group execute, we now have S for set group ID. 84 00:04:29,820 --> 00:04:31,770 Last requirement is that users should only 85 00:04:31,770 --> 00:04:34,710 be allowed to delete their own files in these directories 86 00:04:34,710 --> 00:04:38,100 but Anna should be able to delete all files. 87 00:04:38,100 --> 00:04:43,100 So I need CH own Anna on profs to make her owner 88 00:04:43,230 --> 00:04:45,510 and likewise for students. 89 00:04:45,510 --> 00:04:50,510 And then I can use CH mod plus T on these directories. 90 00:04:52,230 --> 00:04:53,580 So what is this? 91 00:04:53,580 --> 00:04:56,010 This is sticky bit and sticky bit makes 92 00:04:56,010 --> 00:04:59,160 that you can only delete files 93 00:04:59,160 --> 00:05:01,710 if you are the owner of the file, 94 00:05:01,710 --> 00:05:03,780 if the directory contains sticky bit. 95 00:05:03,780 --> 00:05:04,830 And the exception? 96 00:05:04,830 --> 00:05:07,260 If you are the user owner of the directory 97 00:05:07,260 --> 00:05:09,120 now you can also delete files. 98 00:05:09,120 --> 00:05:10,020 And that's done. 99 00:05:10,020 --> 00:05:12,723 So that's what we needed to do for this assignment.