Bash Scripting in Linux

Scenario

I am a security professional at a large organization. I mainly work with the research team. Part of my job is to ensure users on this team are authorized with the appropriate permissions. This keeps the system secure while ensuring everyone can access the files they need for work.

My task is to examine existing permissions on the file system. I need to determine if the permissions match the current authorization provided by management. If they do not match, I must modify the permissions to authorize the appropriate users and remove unauthorized access.

Project Description

In this project, I used the Bash Shell in Linux to change file permissions for a research team in an organization. Management requested changes within the projects directory and provided clear instructions on permissions for each directory and file.

Check the file and directory details

Command: ls -la

This shows all the permissions details for each project directory file, including hidden files.

See the screenshot for details.

Describe the permissions string

The permission string uses 10 figures to show permissions across three types of file owners: user, group, and other. The first character shows whether the item is a directory or file. The remaining 9 characters denote permissions in groups of three.

Positions 2 to 4 show permissions for the user.
Positions 5 to 7 show permissions for the group.
Positions 8 to 10 show permissions for the other type.

Let’s review this copied example from position 1 to 10. It is the last file listed in the screenshot above.

-rw-rw-r-- 1 researcher2 research_team 46 Aug 6 18:55 project_t.txt

1st: - means this is a file and not a directory.
2nd: r means the user has read permission.
3rd: w means the user has write permission
4th: - means the user does not have execute permission.
5th: r means the group has read permission.
6th: w means the group has write permission.
7th: - means the group does not execute permission.
8th: r means other has read permission.
9th: - means other does not have write permission.
10th: - means other does not have execute permission.

Change file permissions

Management has indicated that the other file owner type should not have write permissions for project_k.txt.

See the change in the new list of permissions after the chmod command:

Change the file permissions on a hidden file

Hidden files begin with a period. They appear with visible commands via the ls -la command but do not show in a ls -l command. The only one here is .project_x.txt

Management has indicated that no one should have write permissions to .project_x.txt, so I have issued a chmod command to resolve this. You can see the changes to the file in the second run of the ls -la command.

Change directory permissions

I have received instructions to check the permissions of the drafts directory and ensure that only researcher2 (or the user) has execute privileges. Any other owner types with execute permission must have this revoked immediately.

The initial check shows research_team (or the group) has execute privileges in the draft directory, which requires a chmod command to rectify the issue.

The new permissions check below using ls -l shows this issue has been resolved.

Summary

This activity enforced the security principle of least privilege in the organization. It ensured that only researchers with an immediate and direct need of access to files had them. Where the security team found discrepancies, we made immediate changes. Directions like this can come from management after security procedures change or when permission changes become possible or necessary after a research project has either moved to a new milestone or changed course. Authorization changes can also occur if a user changes positions in an organization or has left the organization.

Page updated

Google Sites

Report abuse