- A Cloud Guru
Managing and Troubleshooting File Permissions
This lab touches on most things anyone would need to know when navigating and troubleshooting a filesystem. It will facilitate practice on octal permissions, setting ACLs, working with SELinux, special bits, and file attributes to complete a set of tasks that could happen in the real world.
Table of Contents
Set /var/www/html up Using ACLs to Allow the devs Group Access
First, we should run
getfacl /var/www/htmlto get some baseline information.
Since we don't see any currently set ACLs, let's set our own with the following command:
setfacl -m d:g:devs:rwx /var/www/html
Now anyone in the
devsgroup can navigate to, and write to,
Fix Startup Errors for Apache
Trying to run
systemctl start httpdwill give errors. Running
journalctl -xewill show lines similar to this:
Jan 09 20:32:46 Server1 httpd: (13)Permission denied: AH00091: httpd: could not open error log file /etc/httpd/l> Jan 09 20:32:46 Server1 httpd: AH00015: Unable to open logs
It looks like a problem with the error log file, which is
ls -lZ /var/log/httpd/error_logshows:
-rw-r--r--. 1 root root unconfined_u:object_r:admin_home_t:s0 0 Jan 9 20:17 /var/log/httpd/error_log
restoreconto fix it:
restorecon /var/log/httpd/error_log systemctl start httpd
The service starts.
Set up the /var/www/devs Directory so That All Files Created Are Owned by the devs Group
First we should run
ls -ld /var/www/devsto get a base of information about this directory.
Then we can run the following commands to set it up as directed:
chmod g+w /var/www/devs chown root.devs /var/www/devs chmod g+s /var/www/devs
This will set the setGID bit on the directory and enable all new files and folders created to be owned by the
Move /var/www/devs/index.html to /var/www/html and Make Sure the Page Is Served Correctly
First we'll run
mv /var/www/devs/index.html /var/www/html.
This returns an "Operation not permitted" error. Since that's not a normal permission denied error, let's look at file attributes.
lsattr /var/www/devs/index.htmlshows that the file has the immutable flag set.
chattr -i /var/www/devs/index.htmlwill allow us to do what we need for this task.
What's a lab?
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.