1. Leonard, Sheldon, Howard, Rajesh, Penny, Bernadette, and Amy belong to the same group of users Friends. Leonard is the owner of the file Secrets.
(a) Explain what would be the access to the file Secrets as a result of the following ACL:
Friends Allow Read
Penny Deny Read
Sheldon Deny Read
Bernadette Deny Read
Amy Deny Read
Write another access control list that will have the same effect.
(b) Leonard wants to allow
- Read access to Howard, Rajesh, Bernadette, and Amy
- Read and Write access to Penny
- No access to Sheldon.
Write the simplest ACL for Windows OS.
1(a). The following operations happen when an ACL is defined as provided in the question.
read the file, 'Secrets'.
1(b). Consider that <filepath> is the path in which the file is stored on the Computer for which the permissions are being modified. In the question, provided, the file considered is 'Secret'. The following commands show ACL permissions that the file owner, Leonard, wants to grant to various users :
acl { ' <filepath> ':
permissions => [
{ identity => 'Leonard', rights => ['full'], type=> 'allow' },
{ identity => 'Howard', rights => ['read'], type=> 'allow' },
{ identity => 'Rajesh', rights => ['read'], type=> 'allow' },
{ identity => 'Bernadette', rights => ['read'], type=> 'allow' },
{ identity => 'Amy', rights => ['read'], type=> 'allow' }
],
owner => 'Leonard',
}
acl { ' <filepath> ':
permissions => [
{ identity => 'Leonard', rights => ['full'], type=> 'allow' },
{ identity => 'Penny', rights => ['read', 'write'], type=> 'allow' }
],
owner => 'Leonard',
}
acl { ' <filepath> ':
permissions => [
{ identity => 'Leonard', rights => ['full'], type=> 'allow' },
{ identity => 'Sheldon', rights => ['full'], type=> 'deny' }
],
owner => 'Leonard',
}
1(c). For example, consider that we need to provide read and write permissions to a user, Sheldon for the file, 'Secrets'.
'setfacl' command is used when we need to grant or restrict a file by setting a few access control command lines. For the considered example, the syntax for ACL using setfacl command looks like :
In the above syntax, '-s' is used to replace any existing ACL on the file with the new ACL we provide. '-m' can replace '-s' command if we just wish to modify an existing ACL, instead of defining a new one. The above syntax, on executing sets the user Sheldon to gain read and write access to the file, Secrets, for which Leonard is the owner who also has read and write permissions.
'getfacl' command is used when we need to verify the access / restrictions that are already existing on a file. For the considered example, the syntax for ACL using getfacl command looks like :
The above syntax, on executing fetches the ACL which is set on the file, Secrets.
'chmod' command is also used to modify the permissions in order to grant access or restrict a user from accessing a file. For the considered example, the syntax for ACL using chmod command looks like :
We can also denote the permissions using numbers, like, 0 (no permissions), 1 (execute permission only), 2 (write permission only) and 4 (read permission only). The various combinations of the numbers provide us with commands to modify the ACL. The chmod command defined above can also be written as :
1. Leonard, Sheldon, Howard, Rajesh, Penny, Bernadette, and Amy belong to the same group of users...