Skip to main content

Using File Attributes and Permissions

Hands-On Lab

 

Photo of

Training Architect

Length

00:15:00

Difficulty

Beginner

Both file attributes and permissions determine user and group access to files throughout the file system. Therefore, being able to use file attributes and permissions effectively is an essential system administrator skill. In this Hands-On lab, you will be using commands to view and set permissions and attributes for files. When the lab is complete, you should know how to use file attributes and permissions to control user and group access to files in the file system.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Using File Attributes and Permissions

Introduction

File attributes and permissions determine both user and group access to files throughout the file system. Therefore, being able to use file attributes and permissions effectively is an essential system administrator skill. In this hands-on lab, we will be using commands to view and set permissions and attributes for files. When the lab is complete, we will have a grasp on how to use file attributes and permissions to control user and group access to files in the filesystem.

The Scenario

Our development team has just updated the system to the latest version approved for the organization. The ownership and access permissions to the custom application directory /opt/myapp have already been updated for the cloud_user owner and devop group. But users are complaining that although they have access to the /opt/myapp directory, they are not able to execute the application.

The lead System Administrator for our IT team has assigned us the task of discovering and correcting the permissions and attributes of /opt/myapp/start.sh on the system, so the custom application located under /opt/myapp has the permission to execute. In order to prevent problems with this program, /opt/myapp/start.sh, we are also asked to set the attribute of the file, so that the file cannot be altered or removed accidentally.

Logging In

Use the credentials on the hands-on lab overview page to log into the provided environment.

View the Current Permissions of /opt/myapp/start.sh

Let's see where we stand, as far as permissions go. Run ls -l and stat on the start.sh file, after we've gotten into the directory where it's sitting:

cd /opt/myapp
ls -l start.sh
stat start.sh

Change Permissions on /opt/myapp/start.sh to Allow Execute Privileges for All Users

Currently, the permissions of the file /opt/myapp/start.sh are rw-r--r--, or mode 644. We need to add read and execute permission for all users, and write permission for the user and group owners. Using either command will have the same result:

chmod u=rwx,g+wx,o+x start.sh
chmod 775 start.sh

Verify That /opt/myapp/start.sh Is Executable

The permissions of the file /opt/myapp/start.sh should now be -rwxrwxr-x or mode 755, and the file should execute. Look at the permissions again to make sure:

stat /opt/myapp/start.sh

Now let's try running it:

./start.sh

Make the /opt/myapp/start.sh Immutable Using a File Attribute

The i attribute should appear when we run lsattr on the file:

lsattr start.sh

If it doesn't, then we've got to set it:

sudo chattr +i start.sh

Note the use of sudo there. We've got run chattr as root.

Now run lsattr on the file again, and we should see the i attribute set:

lsattr start.sh

Conclusion

We walked into a bit of a file permissions mess here. But after modifying some file permissions and attributes, any user that needs to run our application is able to. Congratulations!