Task- File Permission Correction

Sachin KhamitkarSachin Khamitkar
3 min read

Problem:

After conducting a security audit within the Stratos DC, the Nautilus security team discovered misconfigured permissions on critical files. To address this, corrective actions are being taken by the production support team. Specifically, the file named /etc/hostname on Nautilus App 3 server requires adjustments to its Access Control Lists (ACLs) as follows:

1. The file's user owner and group owner should be set to root.

2. Others should possess read only permissions on the file.

3. User siva must not have any permissions on the file.

4. User rod should be granted read only permission on the file.

Please ensure to review the task instructions carefully and modify the commands according to your specific server, username, and other relevant details.

Solution:

  1. ssh into app server3

  2. Set the user owner and group owner to root:

     sudo chown root:root /etc/hostname

  3. Set the file permissions to ensure 'others' have read-only access:

     sudo chmod 644 /etc/hostname

  4. Ensure usersiva has no permissions on the file:

     sudo setfacl -m u:siva:--- /etc/hostname

  5. Grant userrod read-only permission on the file:

     sudo setfacl -m u:rod:r-- /etc/hostname

Explanation:

  • chown root: Sets the owner and group of the file to root.

  • chmod 644: Sets the file permissions so that the owner can read and write, the group can read, and others can read the file.

  • setfacl -m u:siva:---: Modifies the ACL to ensure that the user siva has no permissions on the file.

  • setfacl -m u:rod:r--: Modifies the ACL to grant read-only permission to the user rod.

Verify the ACLs and Permissions

To verify that the permissions and ACLs have been set correctly, you can use the following commands:

  • Check file ownership and permissions:

      ls -l /etc/hostname

    You should see -rw-r--r-- and root root as the owner and group.

  • Check ACLs on the file:

      getfacl /etc/hostname

    The output should show the ACLs, including the entries for siva and rod.

About me

Hi, I am Sachin Khamitkar and I am a passionate devops engineer and an Expert Support Engineer. As a DevOps enthusiast and technology fan, I am passionate about automating workflows, optimizing infrastructure, and improving deployment processes. I love sharing insights on cloud strategies, containerization, and continuous delivery. With 6 years of experience in Technical and Application Support, I have a strong foundation in DevOps practices. I excel in root cause analysis, SLA adherence, and enhancing software stability. My skills include log analysis, SQL reporting, and CI/CD pipeline optimization. I have a proven track record in deploying builds, patches, and maintaining production environments. Additionally, I bring expertise in incident, problem, and change management following ITIL standards. If you're as excited about DevOps as I am, let's connect ๐ŸŒŸ me on LinkedIn๐Ÿ”—๐Ÿ’ผ, GitHub๐Ÿ’ป๐Ÿ”—, and Email๐Ÿ“ง for more tech tips, tutorials, and exciting projects! Let's innovate together and drive the future of DevOps! ๐Ÿš€๐Ÿ‘ฉโ€๐Ÿ’ป๐Ÿ’ก

1
Subscribe to my newsletter

Read articles from Sachin Khamitkar directly inside your inbox. Subscribe to the newsletter, and don't miss out.

KodeKloud#kodekloudengineer kodekloudtasksLinuxDocker

Written by

Sachin Khamitkar
Sachin Khamitkar

Hi there, I am a learner first and then an IT enthusiast. I have started exploring and ocean of DevOps Tools and tech.