← Back to RHCSA labsLab 02

File Permissions v3

Iteration note: updated naming

Harden access control for Gourmet's recipe pipeline by configuring users, groups, ownership, and permissions across the organization's shared directories.

Overview

This lab positions you as the infrastructure engineer responsible for enforcing file permissions across Gourmet, a company specializing in smart kitchen appliances and recipe applications. Your goal is to deliver predictable access across teams while preventing cross-contamination of data.

You will provision users, map them to the right groups, and configure directory permissions that reflect how work flows from draft to production. The exercises mirror RHCSA objectives tied to user and group administration.

Objectives

  • Create and manage user accounts and groups.
  • Set up a structured directory system with appropriate ownership.
  • Apply file and directory permissions with command-line tools.
  • Change ownership using chown and chgrp.
  • Verify permission models with ls -l.
  • Test access control by switching between user accounts.

Instructions

Work through each part sequentially. Every step assumes command-line execution on a system where you have administrative privileges. If you get stuck, reference the solution snippets below.

Part One: Creating Users and Groups

  1. Create ~/gourmet_recipes to stage all lab assets.
  2. Inside gourmet_recipes, create the subdirectories:
    • recipe_drafts
    • recipe_reviews
    • published_recipes
  3. Create user accounts chef, editor, and tester.
  4. Set the password lab2 for each user.
  5. Add the groups recipe_team and testers.
  6. Add chef and editor to recipe_team; add tester to testers.

Part Two: Directory Ownership

  1. Ensure ~/gourmet_recipes is owned by your admin user.
  2. Set ownership of each subdirectory to chef with the recipe_team group.

Part Three: Applying Permissions

  1. Set 755 on ~/gourmet_recipes so you maintain control and others can traverse.
  2. Configure recipe_drafts with owner rwx, group rw-, others ---.
  3. Configure recipe_reviews with owner rwx, group rwx, others ---.
  4. Configure published_recipes so chef has rw-, editor r--, tester rwx.
  5. Verify your permission model with ls -l ~/gourmet_recipes.

Part Four: Testing Access Control

  1. Switch to each account (chef, editor, tester) to confirm expected access.
  2. Attempt to list, create, and modify files in each directory to validate the policy.

Part Five: Cleaning Up

  1. Remove the gourmet_recipes directory tree when finished.
  2. Remove the temporary user accounts and related artifacts.

Solutions

Validate your work or get unstuck with the command references below.

Part One Solutions
mkdir ~/gourmet_recipes
mkdir ~/gourmet_recipes/recipe_drafts
mkdir ~/gourmet_recipes/recipe_reviews
mkdir ~/gourmet_recipes/published_recipes
sudo adduser chef
sudo adduser editor
sudo adduser tester
echo "Set passwords to lab2 for each user"
sudo groupadd recipe_team
sudo groupadd testers
sudo usermod -aG recipe_team chef
sudo usermod -aG recipe_team editor
sudo usermod -aG testers tester
Part Two Solutions
sudo chown $USER:$USER ~/gourmet_recipes
sudo chown chef:recipe_team ~/gourmet_recipes/recipe_drafts
sudo chown chef:recipe_team ~/gourmet_recipes/recipe_reviews
sudo chown chef:recipe_team ~/gourmet_recipes/published_recipes
Part Three Solutions
chmod 755 ~/gourmet_recipes
chmod 760 ~/gourmet_recipes/recipe_drafts
chmod 770 ~/gourmet_recipes/recipe_reviews
chmod 647 ~/gourmet_recipes/published_recipes
ls -l ~/gourmet_recipes/
Part Four Solutions
# Chef tests
su - chef
ls ~/gourmet_recipes/recipe_drafts/
touch ~/gourmet_recipes/recipe_drafts/test_file
# Editor tests
su - editor
ls ~/gourmet_recipes/recipe_reviews/
touch ~/gourmet_recipes/recipe_reviews/test_file
# Tester tests
su - tester
ls ~/gourmet_recipes/published_recipes/
touch ~/gourmet_recipes/published_recipes/test_file
Part Five Solutions
rm -r ~/gourmet_recipes
sudo userdel -r chef
sudo userdel -r editor
sudo userdel -r tester