Question : Some new developers have joined our team, so we need to create some users/groups and further need to setup
some permissions and access rights for them.
Inspect the requirements in detail by clicking on the icons of the
interactive architecture diagram on the right and complete the tasks. Once done
click on the Check button to
validate your work.
Create a group called "devs"
Create a user called "ray" , change his login shell to "/bin/sh" and set "D3vU3r321" password for this user.
Make user "ray" a member of "devs" group.
· Create a user called "lisa", change
her login shell to "/bin/sh" and set "D3vUd3r123" password
for this user.
· Make user "lisa" a member of
"devs" group.
· Make sure all users under "devs"
group can only run the "dnf" command with "sudo" and
without entering any password.
· Edit the disk quota for the group called
"devs". Limit the amount of storage space it can use (not inodes). Set
a "soft" limit of "100MB" and a "hard" limit of
"500MB" on "/data" partition.
· Configure a "resource limit" for
the "devs" group so that this group (members of the group) can not
run more than "30 processes" in their session. This should be both a
"hard limit" and a "soft limit", written in a single line.
Create a group called "admins"
Create a user called "david" ,
change his login shell to "/bin/zsh" and set "D3vUd3raaw"
password for this user.
Make user "david" a member of
"admins" group.
Create a user called "natasha" ,
change her login shell to "/bin/zsh" and set "DwfawUd113"
password for this user.
Make user "natasha" a member of
"admins" group.
Give some additional permissions to
"admins" group on "/data" directory so that any user who is
the member the "admins" group has "full permissions" on
this directory.
Make sure "/data" directory is
owned by user "bob" and group "devs" and
"user/group" owner has "full" permissions but
"other" should not have any permissions.
Make sure "/data" directory is owned by user
"bob".
Solution:
1. At first switch to root user and create group devs & admins
|
[bob@centos-host
~]$ [bob@centos-host
~]$ sudo su - [root@centos-host
~]# groupadd devs [root@centos-host
~]# [root@centos-host
~]# groupadd admins [root@centos-host
~]# |
2. create users ray & lisa with sh login shell
|
[root@centos-host
~]# useradd -s /bin/sh ray [root@centos-host
~]# useradd -s /bin/sh lisa [root@centos-host
~]# |
3. Make user ray & lisa a member of "devs" group
|
[root@centos-host
~]# usermod -G devs ray [root@centos-host
~]# usermod -G devs lisa [root@centos-host
~]# |
4. Set password for user called ray "D3vU3r321"
Set password for user called lisa "D3vUd3r123"
|
[root@centos-host
~]# passwd ray Changing
password for user ray. New
password: Retype
new password: passwd:
all authentication tokens updated successfully. [root@centos-host
~]# passwd lisa Changing
password for user lisa. New
password: Retype
new password: passwd:
all authentication tokens updated successfully. [root@centos-host
~]# |
5. create users david & natasha with zsh login shell & set password
|
[root@centos-host
~]# useradd -s /bin/zsh david [root@centos-host
~]# useradd -s /bin/zsh natasha [root@centos-host ~]# passwd david Changing
password for user natasha. New
password: Retype
new password: passwd:
all authentication tokens updated successfully. [root@centos-host
~]# [root@centos-host
~]# passwd natasha Changing
password for user natasha. New
password: Retype
new password: passwd:
all authentication tokens updated successfully. [root@centos-host
~]# |
|
|
6. Make user david & natasha a member of "admins" group
|
[root@centos-host
~]# usermod -G admins david [root@centos-host
~]# usermod -G admins natasha [root@centos-host
~]# |
7. Make sure "/data" directory is owned by user "bob" and group "devs" and "user/group" owner has "full" permissions but "other" should not have any permissions.
|
[root@centos-host
~]# ls -lsd /data 0
drwxr-xr-x. 2 root root 6 Nov 13 14:16 /data [root@centos-host
~]# [root@centos-host
~]# chown bob:devs /data [root@centos-host
~]# chmod 770 /data [root@centos-host
~]# [root@centos-host
~]# ls -lsd /data 0
drwxrwx---. 2 bob devs 6 Nov 13 14:16 /data [root@centos-host
~]# |
8. Give some additional permissions to "admins" group on "/data" directory so that any user who is the member the "admins" group has "full permissions" on this directory.
|
[root@centos-host
~]# getfacl /data getfacl:
Removing leading '/' from absolute path names #
file: data #
owner: bob #
group: devs user::rwx group::rwx other::--- [root@centos-host
~]# [root@centos-host
~]# setfacl -m g:admins:rwx /data [root@centos-host
~]# [root@centos-host
~]# getfacl /data getfacl:
Removing leading '/' from absolute path names #
file: data #
owner: bob #
group: devs user::rwx group::rwx group:admins:rwx mask::rwx other::--- [root@centos-host
~]# |
9. Make sure all users under "devs" group can only run the "dnf" command with "sudo" and without entering any password.
|
[root@centos-host
~]# visudo [root@centos-host
~]# cat /etc/sudoers |grep admins %admins
ALL=(ALL) NOPASSWD:ALL [root@centos-host
~]# cat /etc/sudoers |grep dev %devs
ALL=(ALL) NOPASSWD:/usr/bin/dnf [root@centos-host
~]# |
10. Edit the disk quota for the group called "devs". Limit the amount of storage space it can use (not inodes). Set a "soft" limit of "100MB" and a "hard" limit of "500MB" on "/data" partition.
|
[root@centos-host
~]# setquota -g devs 100M 500M 0 0 /dev/vdb1 [root@centos-host
~]# [root@centos-host
~]# quota -g -s devs /data Disk
quotas for group devs (gid 1003): Filesystem space
quota limit grace
files quota limit
grace /dev/vdb1 0K
100M 500M 1 0
0 quota:
group /data does not exist. [root@centos-host
~]# |
11. Configure a "resource limit" for the "devs" group so that this group (members of the group) can not run more than "30 processes" in their session. This should be both a "hard limit" and a "soft limit", written in a single line.
|
[root@centos-host
~]# vi /etc/security/limits.conf [root@centos-host
~]# cat /etc/security/limits.conf |grep dev @devs - nproc 30 [root@centos-host
~]# |
12. Click on Finish & Confirm to complete the task successfully
Automate the entire lab in a single script!
Happy Learning!!!!
1 Comments
Thank you!
ReplyDelete