0

I need help in this question please I have tried several times. Create a file, /home/jack/secretf7b079, containing the string secret5cd51b. Make sure the file is owned by jack. Use a group to enable cedric to also read the file, but not write to it. Make sure pedri can't access the file.

The code I have used by jack user:

cat > /home/jack/secret7b079 and include the string secret5cd51b.

sudo adduser cedric jack, to add the user cedric to jack group.

chmod 640 /home/jack/secret7b079

Thanks!

Joseph
  • 3

2 Answers2

1

Don't add Cedric to group jack, because that is Jack's personal group. It's a security violation.

In addition to that, in new versions of Ubuntu, the default access to home accounts and files will be 600 for files and 700 for folders, i.e. groups and others can't access the area at all. This is recommended for security, because in previous versions, anyone could access (but not modify) anyone else's data.

You can explicitly set this in older versions of Ubuntu for all of the various home folders as follows:

sudo chmod --recursive go= /home/

A side effect of this is that no matter how you set your secret file within Jack's folder, no one can access it. That's a Good Thing (as Winnie the Pooh might say), both for security and because Jack's folder is personal to Jack.

So…

The right way is to create a brand new folder, not in Jack's area, that all permitted people, and only permitted people, can share.

You specify who may share with a new common group created just for the purpose. You assign the file's ownership to Jack, who can write to the file, and the file's group to the new common group, whose members can read but not modify the file.

Here are the steps. For this example, I've used the folder /home/secshare and the group name secacc, but you can choose a different name for both the folder and the group name (they can have the same name as each other, if you like).

sudo groupadd secacc                           # Create the new security group.

sudo mkdir /home/secshare/                     # The folder to hold the security file.
sudo chown jack:secacc /home/secshare/         # Jack owns the folder. Group has access.
sudo chmod u=rwx,g=rx,o= /home/secshare/       # Jack: rw. Group: r. Others: none.


Create the file.


echo secret5cd51b | sudo tee /home/secshare/secret7b079


sudo chmod g=r,o= /home/secshare/secret7b079   # Owner: rw. Group: r. Others: none.


Assign Jack as the owner, and secacc as the group.


sudo chown jack:secacc /home/secshare/secret7b079


Double-check permissions.


sudo ls -l --directory /home/secshare/
> drwxr-x--- 2 jack secacc 4096 Feb  8 11:48 /home/secshare/
sudo ls -l /home/secshare/
> -rw-r----- 1 jack secacc 13 Feb  8 11:48 secret7b079


Assign both Jack and Cedric to the group secacc


sudo usermod --append --groups secacc jack
sudo usermod --append --groups secacc cedric

At this point, Jack has full access to both the folder and the files within.

Cedric belongs to group secacc and therefore has read-only access to both the folder and the files within.

Pedri, who doesn't belong to the group secacc, has no access to the folder, and no access to the files within (even if the files within have full read-write access to everyone — test it for yourself).

Paddy Landau
  • 4,548
-1

If you can use ACL: setfacl -m u:cedric:r /home/jack/secretf7b079 - grants user cedric read access to file.

But sounds like you want solve homework on askubuntu ;)

Joe Ford
  • 169
  • This seems like a nice idea on the surface, but there are security implications. If Jack's default permissions are set to allow everyone to access his home folder and its contents, everyone will be able to access the secret file anyway, not just Cedric. If Jack's permissions are private (as recommended), no one will be able to access the file, despite the ACL settings. – Paddy Landau Feb 12 '21 at 14:42