File Permission Audit and Modification

Scenario

You are a system administrator at a mid-sized tech company. You primarily work with the software development team. A crucial part of your role is to ensure that team members have the appropriate permissions to access necessary files and directories. This is vital for maintaining system security.

Your task is to inspect the current permissions on the file system, and to change the current permissions of the files and the drafts directory to match the company’s policy. If there’s a mismatch, you’ll need to adjust the permissions to authorize the correct users and revoke any unauthorized access. The user permissions the company wants us to follow can be found here. 

Step 1: Check the Permissions

The ls- 1 command was used to check the current files permissions in the /home/devteam/projects directory.

$ ls -l /home/devteam/projects
-rw-rw-rw- 1 devteam devteam 0 Jul 24 12:00 project_a.txt
-rw-r--r-- 1 devteam devteam 0 Jul 24 12:00 project_b.txt
-rw-rw-r-- 1 devteam devteam 0 Jul 24 12:00 project_c.txt
-rw-rw-r-- 1 devteam devteam 0 Jul 24 12:00 project_d.txt
-rw-w---- 1 devteam devteam 0 Jul 24 12:00 .project_e.txt
drwxr-x--- 2 devteam devteam 4096 Jul 24 12:00 drafts

The 10-character string shows the type of file and the permissions for the user, group, and others. The first character is the file type: (d for directory, - for regular file). The next three characters are the user’s permissions, followed by three for the group, and the last three for others. Each set of the three characters is read (r), write (w), and execute (x) permissions. 

Step 2: Changing Permissions 

• The file project_a.txt has write permissions for ‘other’, which is against company policy. The chmod o-w project_a.txt command was used to remove write permissions for ‘other’.

$ chmod o-w project_a.txt
$ ls -l project_a.txt
-rw-rw-r-- 1 devteam devteam 0 Jul 24 12:00 project_a.txt

• The chmod go=r .project_e.txt command was used to assign read-only permissions to the user and group for the .project_e.txt file.

$ chmod go=r .project_e.txt
$ ls -l .project_e.txt
-rw-r--r-- 1 devteam devteam 0 Jul 24 12:00 .project_e.txt

• The chmod go-rwx drafts command was used to remove all permissions for ‘group’ and ‘other’ for the drafts directory.

$ chmod go-rwx drafts
$ ls -ld drafts
drwx------ 2 devteam devteam 4096 Jul 24 12:00 drafts

Summary:

In the above activity, we checked and modified file permissions to match up with the company’s security policy. The ls -l command was used to check permissions and the chmod command was used to modify them.