Week 2 - Permissions

Question 1

What does ACL stand for? What is it?

Answer 1

Access Control Lists are comprised of Access Control Entries (ACE)

It controls the level of permission/file access given to each user

Question 2

What does DACLs stand for? What is it?

Answer 2

DACLs are Discretionary Access Control Lists

They note who can use a file and what they can do with it

Question 3

What does SACLs stand for? What does it ask Windows to do?

Answer 3

System Access Control Lists

It asks Windows to use an event log to keep track of the files and folders being accessed by each user

Question 4

How do you navigate to the permissions window in windows?

Answer 4

Explorer > Home Directory > Right Click Desktop > Properties > Security

Question 5

What’s the command to see which ACLs are assigned to a file/directory? w

Answer 5

icacls filepath

icacls /? for help

Question 6

What does OI and CI DACLs stand for? What do they mean?

Answer 6

OI object inherit
CI container inherit

this means if I create a new object inside the location they’ll INHERIT the DACL

Question 7

Each file and folder will have an ____and one or more ___?

Answer 7

Each file and folder will have an owner and one or more DACLs

Question 8

If an object’s DACL has no ACE, what happens?

Answer 8

It denies all access attempts since there’s no access control entries for the DACL

Question 9

How many permissions are available on windows and what are they?

Answer 9

1. read (see file/directories)
2. read and execute (read, execute)
3. list folder contents (read, execute)
4. write (write, change, create)
5. modify (read, write, execute)

Question 10

what are the permissions available on linux? 3

Answer 10

1. read
2. write
3. execute

Question 11

on Linux what’s the command to see file permissions?

Answer 11

ls -l ~/filename

For me it worked:

ls -l filename.txt

Question 12

What does a dash in the file type (1st in front) permission search mean? Linux

Answer 12

it’s a regular file

Question 13

How are the file permissions details broken up in Linux?

Answer 13

1. file type in front
2. 1st trio is the permission of the owner of the file
3. 2nd trio is the permission of the group who owns the file
4. 3rd trio is the permission of all other users

Question 14

How do you see ACL assigned to a file/permissions? Windows

Answer 14

icacls

Question 15

What’s the process to change a user’s permissions/access to a folder on windows? (Adding the user to change their permissions)

Answer 15

right click file/folder target > properties > security > edit file permissions > add > enter username of user want to add permission to > OK

then check the boxes of permissions for them

Question 16

What happens when you deny a user that is in a group that has access?

Answer 16

the user is still denied if the group has access

Question 17

When does icacls need single quotes and why?

Answer 17

icacls was designed for Command Prompt and its parameters with special characters (parenthesis) confuse PS

We surround icacl’s parameters with single quotes to tell it not to interpret certain parameters as code

Question 18

What are guest users?

Answer 18

can use a computer without entering a password

Question 19

What is an authenticated users group? windows

Answer 19

a group that doesn’t include guest users

Question 20

How do you modify a file/folder permission in the CLI?
Windows

Answer 20

icacls ‘filepath’ /grant ‘Everyone:(OI)(CI)(R)’

permission parameters will vary

Question 21

How do you only let non-guest users see a file or folder and any future modifications? w

Answer 21

icacls ‘filepath’ /grant ‘Authenticated Users: (OI)(CI)(R)’

Question 22

How do you remove file permissions for a group? w

Answer 22

icacls ‘filepath’ /remove Everyone

Question 23

What are the 3 file permission sets on Linux and their letter?

Answer 23

1. owner (u)
2. group (g)
3. other users (o)

Question 24

How do you modify file access permissions on Linux when adding executable permissions to the owner? (symbolic)

Answer 24

chmod u+x filename

Question 25

How do you remove executable file permissions for a group on Linux?

Answer 25

chmod g-x filename

Question 26

How do you add multiple permissions to a file for a group? Read and Exec Linux

Symbolically

Answer 26

chmod g+rx filename

Question 27

How do you add multiple permission sets to be able to read to a file? linux

symbolic

Answer 27

chmod ugo+r filename

Question 28

What is the numerical equivalent of RWX in Linux?

Answer 28

r = 4
w = 2
x = 1

Question 29

How do you set numerical permissions for 3 permission sets for a file in Linux? What would the command look like for:

owner = rwx
group = r
other users = rw

Answer 29

chmod 746 filename

combination of adding up permissions: r,w,x = 4,2,1

Question 30

Which is better when writing permissions for Linux user sets? Numerical or symbolic?

Answer 30

Numerical because it’s faster, simpler, and don’t have to repeat lines if there are different permissions for each permission group

ie
chmod u+rwx filename
chmod g+rw filename
chmod o+r filename

Question 31

How do you change the owner of a file? Linux

Answer 31

sudo chown username filename

Question 32

How do you change the group a sudo file belongs to? Linux

Answer 32

sudo chgrp groupname filename

Question 33

What are simple permissions?

Answer 33

Simple permissions are a set of special or specific permissions

Question 34

What does WD/AD/S mean in special permissions Windows?

Answer 34

WD = Write data/Create files
AD = Append data/Create folders
S = Synchronize

Question 35

What’s the solution to not wanting to let users have modify access to a folder but want everyone to be able to create files?

Answer 35

use special permissions so they’re not able to delete files

Question 36

What is a creator owner? What applies to them?

Answer 36

the special user/owner of the file the DACL applies to

Question 37

To view special permissions for a file in the CLI
w

Answer 37

icacls filelocation

Question 38

What does setuid do in linux?

Answer 38

the owner of the file gives us permission to run the file

Question 39

To enable setuid in Linux, you can do it which two ways? What do those two ways look like?

Answer 39

To enable setuid, you can:
1) set it symbolically: sudo chmode u+s filename
2) set it numerically: sudo chmode 4547 filename

Question 40

How do you allow a file to be run as a group member of that file? Numerically and Symbolically

Linux

Answer 40

sudo chmode 2251 filename
or
sudo chmode g+s filename

Question 41

What number does setgid use?

Answer 41

2

Question 42

What number does setuid use?

Answer 42

4

Question 43

What does setgid do?

Answer 43

allows the file to be run as a member of a group

Question 44

The issue: want to let a user be able to do something that requires root privileges but not give them the actual privileges. what do you do?

Answer 44

set up setuid special permission for the file so that anyone could acesss it as if they were the owner (root)

Question 45

What is a sticky bit and what permissions does it have? L

Answer 45

a sticky bit locks down a file/folder in sticky place

anyone can write to a file/folder but they can’t delete anything (only owner and root user can)

Question 46

How would you look at the permissions for the temp directory, and how to make it display just the directory not the contents?

Linux

Answer 46

ls -ld /tmp

Question 47

What does the special bit t mean when looking at file/folder permissions?

Who can and who can’t?

Answer 47

t = means sticky bit, everyone can add and modify files in a directory but only root or the owner can delete the directory

Question 48

What are the symbolic and numerical versions of the special permissions for a sticky bit?

Answer 48

symbolic - t
numeric - 1

Question 49

How do you add a sticky bit permission? 2 ways

Answer 49

sudo chmod +t filename
sudo chmod 1774 filename

Question 50

What would a ‘d’ in the first character signify?

Answer 50

directory

Question 51

What type of user has access to, but limited control over a computer? W

Answer 51

standard

Question 52

Which Windows tool can be used to manage group information?

Answer 52

Computer Management

Question 53

Which PS command can be used to list the Users within local Groups on a computer?

Answer 53

Get-LocalGroupMember

Question 54

On Linux, which file contains information about group memberships?

Answer 54

cat /etc/group

Question 55

Why are user groups useful when it comes to permissions?

Answer 55

Allow you to change multiple user’s permissions at once

faster than doing it manually (like a computer used by many employees may have a usergroup called “Employees” that new hires are added to which automatically gives them the access they need without having to do it manually

Question 56

What’s the easiest way to make a document public/accessible to everyone?

Windows

Answer 56

Add the desired permission (read) to the “Everyone” group

icacls filename /grant “Everyone:(r)”