COMP1475, Lab #3

Your Windows VM

Lecturer Mariusz Pelc Phone 020 83318588

e-mail
Office QM366 m.pelc@gre.ac.uk
address
Office
Mon 4-6pm, and by appointment
hours

Description:
As Windows VMs are still NOT available, please focus on the Linux part of this lab (shoud be
more than enough for 1 hour lab session). You can also catch up with the work from previous
weeks.

Learning Outcomes:
Permissions / access to resources.

Tasks:
This lab is designated to make you familiar with your Linux VM.

Lab 3

Your lab exercises this week are demanding in terms of time, but undemanding in terms of technical
difficulty. It is important to keep up to date. If you cannot finish during the available lab time, arrange to
meet up with your colleagues to complete during the week. Alternatively you may, of course, do this
remotely.

Nix Permissions

i. From last week you should already have a group, which comprises all members of your group.
ii. Set up a general directory for your development work in which is located files that you can all
work on, but which are owned by each of you.
iii. Use the sticky bit on the directory to ensure that colleagues cannot delete your own file.
iv. Test that it works.
v. Set permissions on the directory and files so that only members of your group can work on the
files in the directory.
vi. Create a group called 'public' and a user called 'joesoap', who should be a member of the public
group. Test that members of the public group cannot access files in your group's folder.
vii. Create a folder on your nix server in your home area called 'sensitive'.
viii. Create a text file in there called 'secret' and put some sensitive data in it.
ix. Edit permissions on the file and folder so that only you have access to it. Test that is the case
by asking one of your colleagues to try to crack into it.
x. Create a symbolic link to the file in the /tmp directory [ln -s -T ActualFilepath LinkFileName].
xi. Open your secret textfile from the link for reading using the less utility.
xii. Ask one of your colleagues to try to open your secret file using the symbolic link. What happens
and why?
xiii. Open up the permissions on your file so that everyone has read access to it.

1
 xiv. Again, ask one of your colleagues to try to open your secret file using the symbolic link. What
happens and why?
xv. Search for SUID, SGID and 'sticky bit' permissions and symbolic links on your nix server. In
each case why do you think that it was set?
xvi. Create group called authorised.
xvii. Add your normal users to that group (use usermod command or edit /etc/group file directly).
xviii. Create /authorised folder and change its group to authorised.
xix. Change the folder persmissions to 770.
xx. Log in as one of the normal users to your normal user account and copy any of your user files
into the /authorised folder. What is the file group there?
xxi. Now set the SGID bit for the /authorised folder and as normal user again copy another file to
that folder. Check the group now. What has changed?
xxii. Install mc program (yum install mc).
xxiii. Check where the program is located.
xxiv. Try to allow only 1 selected user to use the programs in 2 ways (first, using group permissions
and secondly, if the first works, disable it and enable this time through setfacl command).

Using special bit SUID

i. As lesser privileged user try to edit /etc/shadow file with vi editor. Did that work? No? Why?
ii. Now su to root account and find location for the vi editor (the whole path).
iii. Use chmod command to set the SUID bit for the vi editor (chmod u+s _path_to_vi_).
iv. Exit from root account (exit).
v. Retry as lesser privileged user to edit the /etc/shadow file. Did it work now?
vi. As root clear the SUID bit for the vi editor as leaving the bit set is a good recipe for disaster.

Techniques/resources:
Solution of all the above tasks will require using UoG Windows machines.

Marking:
No marking, this is to gain practical knowledge necessary for your coursework.

Deadline:
No deadline.