...
Code Block |
---|
|
getfacl ./dailyplanet/
# file: www.dailyplanet.com
# owner: ckent
# group: wgdailyplanet
user::rwx
group::r-x
group:www-data:r-x
group:staff:r-x #staff is given access in case users belonging to the virtual hosts make files and try to hide them for comprimising the system
group:wgdailyplanet:rwx
mask::rwx
other::--- |
...
Code Block |
---|
|
cd /opt/web/php/
# Normal permissions
sudo chmod -R o-rwx ./lexcorp/
# ACL permissions
sudo setfacl -Rm g:wglexcorp:rwX ./lexcorp/
sudo setfacl -Rm g:www-data:rX ./lexcorp/
sudo setfacl -Rm g:staff:rX ./lexcorp/
# Apply default ACLs
getfacl --access ./lexcorp/ | sudo setfacl -d -RM - ./lexcorp/ |
Testing Restrictions
User Lex Luthor has been given access to his directory "lexcorp" but learns of the "dailyplanet" directory by using his robots to spy on Clark Kent's computer. So Lex terminals in...
Code Block |
---|
|
cd /opt/web/php/
cd dailyplanet
-su: cd: dailyplanet: Permission denied |
After failing to enter dailyplanet he enters his own directory lexcorp and creates a directory to keep his evil plan.
Code Block |
---|
|
cd /opt/web/php/lexcorp
mkdir secrets
chmod 700 secrets
cd secrets
ne evil plan
chmod 700 secrets |
Backup and Restore
Introduction
...