KNZLABS :: lab02-permissions-acls

Lab 02 — Permissions, ACLs, and Special Bits

Target: rhcsa-node1 or rhcsa-node2 · Time: 25 minutes · Reboot required: no

Scenario

A team-shared directory needs precise access controls. Standard Unix perms aren't enough — you need ACLs for the exceptions.

Tasks (assumes lab01 is complete: alice, bob, deploy, engineering group)

1. Create `/srv/projects` owned by `root:engineering`, mode `2770` (setgid).
2. Create `/srv/projects/active` and `/srv/projects/archive` with the same ownership and mode.
3. Set default ACL on `/srv/projects` so new files inherit group rwx for `engineering`.
4. Grant user `deploy` read-only access to `/srv/projects/archive` via ACL — `deploy` is not in `engineering`.
5. Create user **carol** (UID 1502), add to `engineering`. Set an ACL denying `carol` write access on `/srv/projects/active` even though she's in the group.
6. Create file `/srv/projects/active/shared.txt` (any content). Verify ACL inheritance worked.
7. Set the sticky bit on `/tmp/dropbox` (create the directory first, root-owned, mode 1777).
8. On `/usr/local/bin/teamtool` (create as an empty file owned by root, mode 4755), the setuid bit must be set.

Grading

~/labs/lab02-permissions-acls/grader.sh